Instruction Set Hack For Protected Memory Access

The nRF51 Series SoCs is a family of low power Bluetooth chips from Nordic Semiconductor that is based on ARM Cortex cores. The nRF51822 has the Cortex M0 core and is used in a lot of products. [Loren] has written a blog post in which he claims to be able to circumvent read back protection on the chip, thus giving access to the ROM, RAM and registers as well as allow for interactive debugging sessions.

The hack stems from the fact that the  Serial Wire Debug or SWD interface cannot be completely disabled on these chips even if the Memory Protection Unit prevents access to any memory regions directly. The second key piece is the fact that CPU can fetch stuff from the code memory. Combined with the SWD super powers to make changes to the registers themselves, this can be a powerful tool.

Continue reading “Instruction Set Hack For Protected Memory Access”

New Part Day: Nordic’s New Bluetooth SoC

You don’t need to look very hard to find Nordic’s nRF51 wireless module; it’s found in hundreds of products and dozens of projects over on hackaday.io. The nRF51 is a SoC that includes an ARM Cortex M0 processor and a variety of radios for Bluetooth and other protocols. Useful, if a bit limited in processing power.

Now, Nordic has a new SoC. It’s the nRF52, a Cortex M4F processor, a Bluetooth radio, NFC, and a bunch of Flash and RAM to make just about anything you can think of possible. Yes, it’s an upgrade to the nRF51 – a better processor and NFC, and all the possibilities that come with that. Currently there’s only one part and two package options: a 6x6mm QFN48, or a wafer chip that will be covered with impregnable goo.

Already there are SDKs for IAR Workbench, Keil4 and 5, and gcc. The SDKs won’t help you quite yet; it’s not available through the usual distributors yet, but the nRF52 Preview develoment kit is. That’s a single board development kit for the nRF52, with Arduino pinouts and Mbed support.

Thanks [Alvin] for sending this in from Trondheim.