Some background to J-Link, the device in question

  • a huge list of supported microcontrollers and processor cores
  • support for all common debugging protocols
  • high-speed performance
  • excellent free software

J-Link models

  • can operate at higher speeds.
  • has an Ethernet port.
  • is based on a different microcontroller and has an integrated field-programmable gate array (FPGA).
Fig. 1. J-Link EDU Terms of Use

Our research: the milestones

Collecting the info

Digging into J-Link EDU v10

Fig. 2. J-Link EDU v10 and v11 after disassembly
Fig. 3. J-Link configuration area
  1. When launched, the firmware reads the serial number of the device, the unique ID of the microcontroller and checks the digital signature RSASSA-PSS(SHA1(serial_number + uniq_chip_ID)). While the device serial number and the signature itself are stored in the flash memory, the unique ID is burned in by the microcontroller manufacturer (NXP) during production and cannot be changed. All LPC4322 microcontrollers have their own unique IDs that cannot be overwritten. This way, the serial number and signature of one licensed J-Link device cannot be used to make its clones.
  2. The PC software checks the same digital signature of the device by requesting the microcontroller’s unique ID with a special command. Naturally, this check can be bypassed by “patching” it in the original firmware, but such clones will lose functionality after the first update.

We found some flaws and reported them to the vendor

Fig. 4. Beginning of the main firmware area
  • The exploitation of these flaws does not require device disassembly or PCB soldering manipulations — just a PC and a USB interface will suffice.
  • The device continues to operate with the original bootloader and firmware.
  • The device continues to receive firmware updates and continues to be recognized as original (fixed starting from software version v7.58).
  • The script that replaces the licenses needs to be run only once.
  • The device can be reverted to its original state at any time without any traces of modification.
  • October 25, 2021: BI.ZONE reported the flaws to SEGGER via a technical support form. After SEGGER’s request, we sent the technical details and PoCs to demonstrate the flaws.
  • October 28, 2021: SEGGER confirmed the flaws.
  • November 1, 2021: SEGGER informed that a new version of the software was being prepared that would contain partial fixes.
  • November 5, 2021: SEGGER released software v7.58 that contained the partial fixes.

Possible implications of the flaws. What is at stake?

User piracy

Supply chain attacks

Conclusions

A bonus picture of a debugger debugging itself. Watch for free, no registration

--

--

--

BI.ZONE: an expert in digital risks management. We help organizations around the world to develop their businesses safely in the digital age

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Security Awareness Curriculum

{UPDATE} Lemmings Are Crazy Hack Free Resources Generator

Tired Of Reactive Strategies? Proactively Stop Attackers Earlier In The Kill Chain!

Token Impersonation (Active Directory)

Tachyon Protocol Weekly Report #33

Security without Compromise: How Cisco Engineers Used Machine Learning to Solve an Impossible…

Cryptography, Hashing, Encoding-Decoding

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BI.ZONE

BI.ZONE

BI.ZONE: an expert in digital risks management. We help organizations around the world to develop their businesses safely in the digital age

More from Medium

Democratised Decentralized Autonomous Organization (DDAO)

How long can I walk my dog in the cold weather?

Visual chart to check how cold is too cold to play outside with a dog. Chart is based on temperature and breed size. Recommendations are based on a 5 point scale system created by Tufts University Animal Condition and Care - Weather Safety Scales.

Millennials Space With Mikun!!

What are ERC-20 Ethereum tokens and why are they so useful?