The Raspberry Pi Foundation had their new RP2350 chip audited by Hextree.io, and now, both companies want to see if you can hack it. Just to prove that they’re serious, they’re putting out a $10,000 bounty. Can you get inside?
The challenge to hack the chip is simple enough. You need to dump a secret that is hidden at OTP ROW 0xc08. It’s 128 bits long, and it’s protected in two ways—by the RP2350’s secure boot and by OTP_DATA_PAGE48_LOCK1. Basically, the chip security features have been activated, and you need to get around them to score the prize.
The gauntlet was thrown down ahead of DEF CON, where the new chip was used in the event badges. Raspberry Pi and Hextree.io invited anyone finding a break to visit their booth in the Embedded Systems Village. It’s unclear at this stage if anyone claimed the bounty, so we can only assume the hunt remains open. It’s been stated that the challenge will run until 4 PM UK time on September 7th, 2024.
Hacking microcontrollers is a tough and exacting art. The GitHub repo provides full details on what you need to do, with the precise rules, terms, and conditions linked at the bottom. You can also watch the challenge video on Hextree.io.
Isn’t hacking the sole reason for Pi x existence?
B^)
I’d be disappointed if the 2350 wasn’t good hor hacking.
This. The inclusion of any DRM capability in what should be open hardware is extremely gross.
No, it’s not. It will enable you to create a hardware security key for storing your passwords. Or your bitcoin private key. Or any information you don’t want a thief stealing and getting. It enables you to create your own devices and sign what will run on it, so nobody can just dump your firmware and exploit it, like uncountable cheap Chinese cameras out there.
I beg to differ. Security chips should be dedicated stuff that one buys for this exact purpose when needed. Having that locking functionality on a general purpose uC will only translate into boxes of unusable boards being thrown away because everyone and their dog will want to play with the option.
If you must rely on an external security device that just opens up so many more attack surfaces or at least makes the snooping easier…
Being able to lock yourself out by error on a really pretty cheap and tiny IC hardly matters in the e-waste stream at all, and hardly hurts your wallet either – compare to say the inevitable smartphone with its crap bootloader, terrible (if any) documentation and kernel support that renders a vastly more complex and expensive device fairly useless in just a handful of years even if you are just a user and don’t try to actually do anything on the device you supposedly own…
Plus the rest of the board isn’t waste when you can buy another chip to replace the one you borked either. Not like its even a stupendously difficult soldering job by its packaging…
This is raspi asking for free labour to verify a feature aimed solely at commercial customers.
Free? No, they’re paying 10k to the first to do it.
Oh, so security consultants aren’t paid if they don’t find any vulnerabilities?
“Oh, so security consultants aren’t paid if they don’t find any vulnerabilities?”
If that’s all they did, then no. But I expect consultants to have some kind of output. If they aren’t writing code they need to be writing a report on how they looked for it and what they tried.
I don’t know any industry that gets to hire a security consultant to simply put their seal of approval on something and call it a day.
When people play these hacking contests. They aren’t required to document their attempts. Since they aren’t getting paid. Since a volunteer for a contest is fundamentally doing a different job than a security consultant.
So is it $10k for the key?
How much extra do they pay for the method?
Secure boot systems aren’t DRM. They’re ways to prevent physical access attackers from breaking in. They can be implemented securely it’s just more inconvenient than linux distro vendors wanted to deal with. Hence Mock-and-Shim where they let MS keep controlling things.
They may be used to prevent you from replacing faulty parts of the Device. If the parts are locked, but the bootloader isn’t you can simply hack the bootloader/firmware and allow custom replacement parts. If the firmware is unhackable, you can’t circumvent those restrictions.
So yes, secure boot isn’t DRM, but it is a core part of DRM in devices.
That’s not what DRM is at all.
When you buy an RP2350 you can run whatever you want. If you so choose, you can burn efuses so that it only runs firmware signed by a key corresponding to the one in the efuses. You get to control that key.
If you want to deploy an army of RP2350 powered roombas with frickin lasers for entertaining neighborhood cats, you might want to make sure that only you can push firmware updates to them. Otherwise some other hacker might write their own and reprogram them in the field to navigate onto the nearest highway.
This challenge gives hackers parts with secure boot enabled with a key they aren’t privy to, and rewards them for finding vulnerabilities in the secure boot mechanism.
Raspberry Pi boards have never been open hardware, the RP2040 and RP2350 chip designs are not open hardware either. Just the Pico PCBs are.
It would be nice if the chip was open, but with ARM licensing that is probably not legally possible. And as said, good protections are useful for many applications. RP2350 is also commercially nice chip, for which code encryption is often essential – even if it goes against Hackaday morals.
The best cipher is the one you can tell the workings of to your enemy. If they know the code behind it but still can’t read your messages then the cipher is good.
Well take the chip solder to interposer
With all the bga points broken out
Over clock and under clock the chip, out of spec
If power rail glitching doesn’t work, did they think about the clock
What about injection of noise via other io pins, add enough ac ripple to jump the PC
If ram is external you can dump all of that.
And get a datasheet
Or just decap the chip and read the 128bits by hand if it’s hard coded
Well technically if you can decap it you win 10grand
How much does it cost to decap a rasp pi chip
(reply to clancydaenlightened, as we’ve run out of comment depth)
I think we’ve explictly disallowed decapping, because we want people to focus on easily replicable attacks. It’s likely we’d voluntarily pay a (separate) bounty for a decap attack: we’re using antifuse OTP, where the damage done during programming happens deep in the layer stack, so it would be an interesting result if someone could demonstrate the ability to image the damage and reconstruct the bits.
Whilst I realise this feature might prevent the reuse of RP2350 devices locked by others, I would suggest that maybe some folk are looking at this the wrong way: it enables people who might have a “hacker” type background to build commercial products with the chips, tools and methods they have already learned. Also, isn’t it a common refrain that the “S” in IOT stands for Security? Isn’t addressing this useful?
I do take the point on the prize fund size though, if it turns out it’s possible for a well resourced lab to crack it, that wouldn’t bode well if one had managed to sell a bunch of devices that could be remotely updated that used these keys as the only protection, and therefore potentially provide a false sense of security.
This chip is not hacker friendly, it’s anti-hacker. Helping them ensure that you’re locked out of systems you want to modify seems self-defeating.
If you’ve bought one and locked yourself out, that’s only because you made a mistake. This enables us to create secure things.
This is raspi asking for free labour to verify a feature aimed solely at commercial customers.
Thing is, commercial customers keep the chip at a reasonable price for us small indie devs.
In other words, not a feature that i will use in my yet to be released project but if $largecompany buys a mountain chips so that the production line at Raspberry keeps running and i can get a cheap yet powerful and easy to use micro i am happy.
I can assure you that no corporation not explicitly marketing to the Maker scene is going to be using Raspberry Pi silicon. Which really doesn’t leave many besides, Adafruit and Sparkfun?
the Pico might have gotten a foot in because it waas the pretty much only thing available during the “Chipageddon”
That seems to me like it wouldn’t be hard to disprove – Pi products have ended up in commercial/industrial use all over the place as SBC, and their first two foray’s into microprocessors really are unparalleled in what they do with those PIO making them sort of like budget FPGA and still have all the other reasons that lead to so many commercial enterprises picking a Pi product…
I’d bet it already has happened in many places for the 2040 – just don’t know about it because the only people that are open and even actively marketing about using a specific chip inside harping on that you can alter the firmware to add more stuff are the more maker/hacker community of companies. But I’d bet there are more than a few devices out there using a 2040 with QMK (as framework laptops openly publish they do) and just not saying anything about it – cheap part, quick to implement, customizable to the application, long term availability – it just works, so is rather hard to argue with…
The quality of documentation and software support seems to be in its own league with most things raspi, I would be surprised if it’s not commercially used.
Biggest weakness would’ve been the lack of proper deep sleep?
I can assure you you’re wrong.
A lot of people will use it like I do on another chip – I put secure information in there that I need to run my firmware – so my firmware can’t be run on other chips without me giving permission.
The user is fine to flash their own firmware on the hardware and do anything they want.
That is hardly not hacker friendly..
People might say your DRM is not hacker friendly.
People may say that you are not hacker friendly when you run antivirus on your computer. Or use any kind of security features.
I assume you never buy any chip that has code protection and you share all your logins and passwords openly and freely?
Get a grip, it’s got a secure area that you can use or ignore, your choice.
Even if I hack it, 10000$ so little that I would even be too lazy to write to them about it…
This. It is the price of a round age jubilee family celebration even here, in the Czech Republic – a third world colony. It is a two month salary of a mid ranked police officer pursuing social media commenters.
they call it ‘quantitative easing’ I call it outright theft. this is why 10k is worthless.
Taxable 10K.
You can’t be bothered to write to them for $10k, yet you’ll write messages on this website for free. OK buddy.
You could look at it as a rubber stamp of security, and free advertising.
No security is every 100%, but if the walls/fence put in place keep out 99.9999% of people who covet the data, that is usually good enough. The $10K is just an incentive for the small fish to look for obvious mistakes. Even if that $10k is only enough of an incentive for 1,000 people with very basic knowledge to attempt looking for obvious flaws, it is basically a free security audit.
20 years ago $10k would not be enough of an incentive for people to etch holes in the package and hit the chip with perfectly timed short duration laser blasts, but these days it probably is.
This.
Also how is $10k not much? I get if you have the knowledge to do this sort of thing you probably make a lot of money but still.
A few of us little fish will try something over a few weekends.
If it doesn’t work well at least you learned about how a secure boot works.
If you do succede holy shit hobbies funded for the next couple years. Along with some decent stratch to get ahread of the game.
Tools needed add up much over 10K. So unless you run a security biz..
You are buying (paying) a lottery ticket.
Really not sure that’s true. At least for glitching/fault injection.
$10k would get you round trip airfare, hotel, and ticket to Hackaday SuperCon.
Not worth it?
You’ll get 5-10 years of Supercons out of that, even at Breeders Cup hotel prices!
Also what about the time limit? After 1month security doesn’t matter?
It is likely we will extend the deadline if (as seems possible) we don’t see a break. Possibly even if we do see a break (because it’s always nice to have more breaks).
what if Anonymous get the thing hacked? in the other hand I think the secret is… a human readable string …:)
It’s a nice challenge, but it feels more like a hackaton or CTF than a bug bounty. Mostly, as the bounty is not paid out to the first person to find the bug. The page writes that judges will review all entries and choose a winner. I’ve ordered a few RPI pico 2, myself. But it’s not clear, yet, if I’ll receive them before the deadline.
“The page writes that judges will review all entries and choose a winner.”
That sounds like they actually expect more than a few entries. I.e. that they expect that more than one people will actually hack it.
Not sure if they intended to give that particular message… :)
One week in and no breaks so far…
… or so you think….
Wouldn’t the secret be worth more than $10k to the right person, if you thought it was secure?
Okay, no reported breaks. No breaks from the point of view of the contest.
This anti-feature should not be in general purpose microcontrollers. I can understand companies wanting to prevent extraction of their firmware from a device but this feature doesn’t allow for erasing and replacing the firmware like the more traditional security mechanisms do.
Companies building commercial products with this chip will lock it so only their firmware can be ran, making the devices paperweights for us hackers. I don’t approve of vendor controlled hardware, in my ideal world everything should be owner controlled.
Don’t fall for the trap, wait until they think it’s secure and then release the hack :-)
so no GPL3 code …
I need hack the wifi module
but meybe removing blobs
why chalenge is so short?
Just enjoy the fact that advertisement campaigns do end.
Isn’t fault-injection a sure way to bypass secure boot in ARM MCUs?
Sounds like an easy $10k for you then
Cold :)
If you play with the secure boot / trust zone and lock yourself out, can you still re-flash & use the RISC-V cores?
It’s a feature I will never need to use. I’ll use the Pico 2 just like the RP2040 boards…. I see it as a feature that ‘some’ may find useful though. Anyway it is just like when I don’t use all the GPIO when I use one the Pico boards…. Ie. part of the board capability is there, but not doing anything. I think a company/manufacturer would find it more useful than us hobbyists who just want to turn lights on/off….
I might have seen a “loophole” – where to respond?