Designing Firmware That Survives a Glitch
You cannot stop a glitch, but you can make one insufficient. Here are the firmware patterns that survive fault injection.
Detecting Fault Injection at Runtime
Beyond surviving a glitch, a device can notice it is being attacked. Here is how runtime fault detection works and what to do when it triggers.
Identifying the Bootloader in a Flash Dump
How to locate and read the bootloader in a raw flash dump with binwalk, strings, and dd, and what it reveals about a device’s secure boot.
Reverse Engineering an Unknown Binary Protocol
Many devices speak a custom binary protocol over serial or the network. Here is a method for decoding one from captures and the firmware that parses it.
Diffing Firmware Versions to Find Security Patches
When a vendor ships a quiet security fix, diffing two firmware versions reveals exactly what changed. Here is how to do it efficiently with the right tools.
Why Encrypted Firmware Is Not Enough
Encrypting firmware feels like the finish line, but the key has to live somewhere. Here is why encryption alone rarely stops a determined attacker.
Pulling Firmware Over a Bootloader Console
When a bootloader console is reachable over UART, you often do not need a chip clip at all. Here is how to dump firmware straight from U-Boot.
Spotting Backdoors and Debug Hooks in Firmware
Not every hidden access path is malicious, but every one is a risk. Here is how to find debug hooks and backdoors left in shipped firmware.
Secure Boot on STM32: What Actually Protects You
STM32 chips offer real secure boot features, but only if you configure them. Here is what protects you, what is off by default, and how to verify it.
Building Security Into the Firmware SDLC
Security bolted on at the end is expensive and incomplete. Here is how to build it into the firmware development lifecycle from the start.