 Here is the next hands-on for the SB-SFU, which is adding protections. So what we will do during this hands-on, we will experience a codenjunction attack, which show you you will experience it and then we will activate a contra-measure in SB-SFU to provide to, in a way, show you why isolation is useful inside the MCU. So the scenario, we will experiment a real codenjunction attack and then we will activate the firewall as a contra-measure. So what's an inner attack? The principle of inner attack is to exploit software weakness to be able to inject a malicious code. Here we take the example of buffer overflow, so we send more data than expected in through the UART, for instance here, and the weakness is that the software does not check the limits of data that we will send. So it will result in data written in an expected location and it will change the system behavior. So we provide you a simple example with receive command terminated by a backslash n via UART. The software only checks the backslash n to check the end of the command and does not check the number of character received. So what's the possible weakness here is just to send a command longer than expected. So let's build this weak code that we provided you. The code is located within the same location. So now it is a simple app with weakness, which is already compatible with the SPSFU. So it was placed in the good location and the vector table also was placed in the good location. So open your cube ID. So here we are in the same state as we were on the previous hand zone. Just close the previous project and open the simple app with weakness. That is just at the same level here. Select folder, finish. You can build now this simple app with weakness and you will be able to check here when it's built the size of the file to check if everything is okay. 15, 4, 5, 2. Let's build it. This was built using a cube Mx. So it's really always the same structure and you can see the code. There is still a warning that reveals that the code is not well coded. And so you have here the receiving command. So here we have the good size. So here we are okay for this step. Let's go further. Next step is to to configure the SPSFU because by default SPSFU is delivered with all protections activated. So we need here to remove the isolation protections to be able to show you what happens when you don't have them. So to do this SPSFU provides one configuration file to set up all security protections through defined. So this file is appSFU.h. And to find it you need to go in the includes and in this directory SPSFU apps. So let's go to cube ID again reopen double-click to open SPSFU if you closed it previously. Okay here click on includes and normally here you have you can display and you have SPSFU app. So this is this one and you open the first app SPSFU.h. So in this file here make it bigger you go down and at some point you will see here the protections that are each protection activated. So take all the block until the last command here and click on source toggle command. So we command here everything and then we will remove the commands for protection that do not concern the isolation. So write protect RDP PCrop is a protection Firewall is a protection is isolation protection Temper detect is not oops DAP is not DMA you can activate and watchdog you can still activate The MPU is obviously isolation protection. So now don't forget to save control S to make sure that it is saved here and you can rebuild It will rebuild So let's go back to the slides. So here we selected SPSFU we selected all the block and toggle the command and so you need to check where you are and reactivated the non the protection that are not related to isolation control S and Rebuild So at the end you should see three warnings that corresponds to the three Protections that were deactivated. So let's go back to our Q by D Something happened That's Comes from here So let's do it again. So in this file you have also some you can activate verbose mode you can Say that you want to use a local order or not inside the SPSFU you have And you also can deactivate the SfU debug mode here What also you can do here you can activate Which level you want to activate so if you want to activate RDP level 2 which you can come cannot come back from You need to activate this secure final secure lock enable. So this is this is more for production And that's it. So here we have our three warnings And you can see the warnings which protection was disabled Okay Let's come back to the poor point Then We need to now the SPSFU has been rebuilt. We can launch the The post build to concatenate the simple app and the SPSFU to be able to Launch it on the target so we open again the scripts and post build simple app with weakness So here and this is exactly the same as before Except that at the end we have So we have our five steps. We we patch the generated binary in Besides the the keys So because keys are usually binary and it's difficult to Difficult to show in In text mode. So we add this string inside the the binary Close to the key area because This is what we want to extract next step Reset the target and flash. So let's reset Reset the target and flash Simple app with weakness. I open the Terra term that Was display in the last hands on and here we flashed it and Here I can close this Window We still have rdp level one activated. So we need to do a power on reset. I disconnect and reconnect my board and Press a reset And you can see now that we have a hello world and enter command so you can Type keys. There is no echo and type return and just message receive. It's a really basic Software just for demonstration Come back to the slides here what we you should see. So Now we have our application that is working It was Validated by the sbsfu And It is But here we removed this Isolation protections So we are in the field and the hacker is in attacking the device and injecting the code To read the content of the uART. So what we will try to extract here is Key area that is no more isolated in this example So to do this We have prepared this hack.bin That will Eject more data than expected and will provoke the Will enable the injection of Code that will be able to read where it wants. So let's inject it. So you need to use Here the send file instead of transfer that we use before just send a binary file Select the hack.bin in binary and open. So let's do it File send file So here we are in Let's go to L4 Simple app with weakness and if you go Down you have this binary so here we we pretend to Send some characters to the uART But we send a bit more than expected and see what happens Here it is. So the code was injected and And As you could see first we can see Some characters that we cannot We could we could extract them in the binary but here for it's easier to see and This is why we added this secure case to register inside the code to show you that now Because there was no isolation We can extract what we want from the from the flash and What happens here is that it's resetting because the watch log is no more Updated and so a reset is done and detected so you can see that it is Really possible to inject something in the And to to get well the act that being the building of this This file would take a lot of time to the hacker But one once it's done it can it's completely reproducible So here we read the secrets Okay So in conclusion we perform the hack using a simple uART interface Interface with outside world mean surface of attack. It's always The inner attack as are always using the interface to outside world as a local interface or Ethernet interface Each Open door is a way for our code to temper your assets But this demonstrates why isolation is very important So how sbs if you addresses isolation? So we the sbs if you Use all isolation mechanism available in each stm32 For the stm32 l4 it uses the firewall the mpu and the p0 The firewall is only available on the l4 and l0 series But the mpu is available everywhere and p0 on most of the stm32 So the firewall is a hardware mechanisms Mechanism that protects the flash and RAM Specific areas that are set up at boot time and cannot be changed anymore And if you try to access to read or execute in this area from the outside It resets immediately The mpu memory protection unit is a context and mechanism and that gives attribute to To some address ranches so you can say that this address range is only executable This one is a read only and so on And so also used for cache activation for instance and the p0 is a Specific part of flash that we define through the option bytes that Makes this part of flash execute only so you cannot read you cannot write it So it's a way to isolate a part of the flash this way you can just jump to a Function and execute the function This p0 is used in sbsf you to store the keys in Executable way so you need to to execute a function to get the key in RAM So here we will see what happens when activating the firewall So Before activating we will Just a reminder reminder that what was already presented in the in the theoretical part of All the protection that are activated so here you can see the keys are really protected Behind the firewall the right protection also the p0 and in MPU or X So you can see that there are several several levels of protections the more you add protections the The more difficult the hacker will Have access to this data so here We just we'll just activate the firewall in our application Uncomment The firewall let's uncomment it here control s and build Okay Here you should have only two warnings. Let's see It's not rebuilding everything only what is depending on this configuration file I can see here. We don't have any more the firewall Disable and the size should be 58 68 Okay, that's fine two warnings Everything is okay So now we need to do exactly the same sequence reset the target post build and flash Let's do it now Use the scripts reset target post build With weakness with the patch at the end and Flash Okay, I reset Not reset Power on reset the board type reset Button and Next step we flash again. We send again. Sorry the hack file send in binary I've got been open And you can see what happens here the content of the flash didn't leak Instead of Licking a reset was generated and it is identified by the sbsf you firewall reset so That's all for this hands-on. So what did we learn? First that using a stack of a flow We can we can inject code and This code can do whatever it wants so It is important to be able to isolate the critical parts The secrets the crypto operations and so on from the pure functional parts that are related to communication and that contains some Could contain some open doors and that are surf surface of attack We could see that sbsf you also implement all possible mechanism to perform this isolation And it combines all these mechanism in the best way to make your application safe And also the secrets safe Thank you, that's that's all for this hands-on Here is the appendix for this hands-on how attack is actually performed so Here is the code we use in the weak application So we have a buffer you art read That is using local buffer We receive one character we check if it is a backslash in and then if it's okay We transmit the message here. There is no code to manage what was received But that's not the point and if not we store the content We store this character in the buffer and we increase the buffer without checking the limit So this is where is the witness and then we reload the watch dog So in the assembly code what you can see is that when you're entering this function you push two registers the R7 which is a working register and the link register and why you You push the link register The the reason is that you call another function inside this function in in that case you need to keep the calling the Address of the function that called this read you on buffer and also here we can see the allocation of 48 characters corresponding to the local buffer and At the end you can see that The We add 48 to the R7 which Which contains a stack pointer here. So this to remove from the stack stack pointer the buffer and then So we push this on the stack pointer and then we pop the R7 and the Program counter so we put in the program counter the address of The caller to be able to come back So that's the principle used by all compilers Now how the stack is looks like in that case here here is the stack from the caller so Stack also goes from high address to low addresses And so we first push on the stack link register on R7 and then we are located 48 bytes of buffer on the stack and so You will see that here when we write to this buffer if we go over then we write Under R7 and then on the link register and this is where the attack takes place because Here you will be able to change the return address Let's continue So we inject The malicious code here and the last word which is the return address the attacker will replace it with the beginning of the assembly code so that's That means that here we can inject some code and just at the end jump on this code The this is as simple as that So here is an example of assembly code Well, it's a very simple just Put in some registers the address of the UART another Register the address of the flash containing the keys So you have 08 0 0 0 3 F0 The number of bytes to read so here it was for this demo to avoid reading too many characters You can put what you want and then you send first byte To the UART you read one byte from flash You send it to the UART you wait for completion of this UART sending Substruct one to the counter to to reach check if it reaches 0 and then send the next byte This will loop until 256 and then stop So then this code is assembled to obtain a binary data to be injected and then the most complex thing is to find the Additional content in the overflow part The additional part which is the address to jump to and the address to jump to depends where your stack is located and It will the hacker will probably make make a lot of trial and errors and try to find So to guess where this address is. So this is the tricky part of injection All this content was built some way manually You can find The project used to build this hack In the finished project hack and here you have in the the main.c you have the assembly file that was Used and to test if it was working on the simple Project so you can reproduce it and change Change and make your own trial So that's it for this appendix Thank you for your attention