image image
Mark Omo & James Rowley at Hardwear USA 2024

Mark Omo & James Rowley



Teaching New Tricks to an Old Micro: Breaking into Chips By Reading the Datasheet






Talk Title:

Teaching New Tricks to an Old Micro: Breaking into Chips By Reading the Datasheet

Abstract:

Renesas (formerly NEC) claims their XXXXX Series processors have no ability to read out their flash contents through the programming interface. Yet, we identified two methods to do exactly that - regardless of the protection settings used. Even after 40 years on the market, these chips are still used in actively marketed products, including consumer security products. In this talk, we will take you through our journey of identifying both these readout methods, and our approach of “reading between the lines” - as believe it or not, both our methods are more or less described in the datasheet, albeit in different terms. We will also be sharing tools and documentation to exploit these two vulnerabilities, and a disassembler for this processor family.


Reviewers: We have obscured the processor above until closer to the conference, we are still in the disclosure process with Renesas, let us know if it would be useful to share it confidently with the review team.


Speaker Bio:

Mark Omo leads the engineering team at Marcus Engineering (but is not the Marcus in Marcus Eng. ); he is a former Googler and has a background in highly regulated systems design, Medical, Military, and consumer.

James Rowley is an engineer at Marcus Engineering, with over 5 years of experience in embedded systems development, both hardware and software, as well as reverse engineering such systems.