CortexM4微控制器设备标识符的伪造方法*

PDF(955 KB)

集成电路与嵌入式系统 ›› 2022, Vol. 22 ›› Issue (11) : 10-12.

专题论述

CortexM4微控制器设备标识符的伪造方法^*

陈旭辉¹, 杨红云²

作者信息 +

Forgery Method of Device Identifier of Cortex-M4 Microcontroller

Chen Xuhui¹, Yang Hongyun²

Author information +

文章历史 +

摘要

很多软件利用微控制器设备标识符(UID)的唯一性对程序进行加密,使每一个产品具有唯一性;利用微控制器的一些功能单元,可在不直接修改软件的情况下伪造UID。增加部分代码,先于目标软件运行,利用微控制器存储保护单元(MPU)或数据监视点和跟踪(DWT)单元捕获对UID的访问,并使用Flash补丁和断点(FPB)单元或中断向量重定位机制来修改部分中断向量的位置,避免直接修改目标软件。以CortexM4为内核的STM32F429为例,利用Flash补丁伪造96位的UID。在拥有MPU、DWT或FPB单元的微控制器上,都可以使用相似的方法伪造UID,但防范也相对容易,只要破坏相关设置即可。

Abstract

In order to make each product unique,many software encrypt the program by using the unique device identifier (UID) of the microcontroller.In this paper,we use some functional units of microcontroller to forge UID without directly modifying the original code.We add some code to run before the target software,capture the access to UID by using MPU or DWT unit,and use FPB unit or vector table relocation to relocate some interrupt vectors to avoid directly modifying the target software.Taking STM32F429 with cortex-m4 as an example,a 96-bit UID is successfully forged by using the Flash patch.The similar method can be used to forge UIDs on other microcontrollers with MPU or DWT or FPB units,but prevention is relatively easy,as long as the relevant settings are destroyed.

导出引用

陈旭辉, 杨红云. CortexM4微控制器设备标识符的伪造方法^*[J]. 集成电路与嵌入式系统. 2022, 22(11): 10-12

Chen Xuhui, Yang Hongyun. Forgery Method of Device Identifier of Cortex-M4 Microcontroller[J]. Integrated Circuits and Embedded Systems. 2022, 22(11): 10-12

中图分类号： TP336

参考文献

[1] Arm Limited.ARM © v7M Architecture Reference Manual ARM DDI 0403E.b (ID120114),2014.
[2] U Guin,S Bhunia,D Forte,et al.SMA:A SystemLevel Mutual Authentication for Protecting Electronic Hardware and Firmware[J].IEEE Transactions on Dependable and Secure Computing,2017,14(3):265278.
[3] Wang X,Konstantinou C,Maniatakos M,et al.Malicious firmware detection with hardware performance counters[J].IEEE Transactions on MultiScale Computing Systems,2016,2(3):160173.
[4] D K Nilsson,L Sun,T Nakajima.A Framework for SelfVerification of Firmware Updates over the Air in Vehicle ECUs[C]//2008 IEEE Globecom Workshops,2008:15.
[5] 黄钰强,岳伟.Ethernet的嵌入式系统BootLoader设计[J].单片机与嵌入式系统应用,2021,21(9):1013.
[6] 姚文祥.ARM CortexM3与CortexM4权威指南[M].北京:清华大学出版社,2015.
[7] nRF52flashpatch[DB/OL].[202205].https://github.co m/NordicPlayground/nRF52flashpatch.