In this article, I demonstrate attacks which rely on reading back SRAM from a microcontroller (MCU). These attacks occur because many debug lock or security features in MCUs allow read-back of SRAM, even when code memory is secure. Taking advantage of the known structure of certain features such as the Advanced Encryption Standard (AES) key schedule allows an attacker to easily detect where these sensitive keys are stored. We can complicate these attacks by clearing or obfuscating memory, and this article gives some practical demonstrations of both attacks and countermeasures.
Take a look at a specific device that relied on an older STM32F1 device to store sensitive security keys. We recreate existing work showing the vulnerability and then look at how we could make the system more secure.