It always sounds easy once someone has figured out what to do.Just drop USB_OTP_VDD for 50 μs or so across the CRIT0 and CRIT1 OTP PSM reads
Well, not always. When some things are cracked the recipe is still incredibly complicated to follow requires, requires specialist and/or expensive tools, ultimately delivers a recipe which is only useful to the few. This can't be done without a hardware hack but it does seem the bar is lower than higher.
With these locked doors kicked open allowing the secret to be read, it would be interesting to know what else it allows; extracting other OTP data, reading the signing key, extracting firmware, uploading new firmware ?
I'll raise a glass to Aedan Cullen.
Statistics: Posted by hippy — Sun Jan 05, 2025 2:05 am