Skip to content

Instantly share code, notes, and snippets.

@dev-zzo
Last active November 5, 2024 08:48
Show Gist options
  • Save dev-zzo/f9eb667729dc9f9a537afb2a77bb6161 to your computer and use it in GitHub Desktop.
Save dev-zzo/f9eb667729dc9f9a537afb2a77bb6161 to your computer and use it in GitHub Desktop.
A curated list of research papers and blog posts on embedded security, keyed by the device p/n

The list below is compiled to inform, guide, and inspire budding security researchers. Oh and to pick something for bedtime reading too.

Included in the list are works on the following topics related to MCU/SoC security:

  • Secure boot
  • Fault injection
  • Side channel attacks

At the end of the list, there is also a section with links to articles of potential general interest, not addressing vulnerabilities in any specific device.

Amlogic

S905

Broadcom

BCM61650

Commodore/CSG

  • 6500/1 ROM may be applicable to other mask ROM 6502

Cypress

CY8C21434

Espressif

ESP32

Fudan Micro

FM11RF08S, FM11RF08, FM11RF32, FM1208-10

GigaDevice

Pretty much all of them

https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/0a5/nad1d86e3ah3ayx38ue56vxbh2j07kd4.pdf

Google

Titan M

Infineon

SLE95250

MediaTek

MT8163V

Microchip/Atmel

AT91SAM7XC256

ATECC508A

ATSAMA5Dx

SAM E70/S70/V70/V71

PIC18F452

PIC18F1320

Nordic Semi

nRF51822

nRF52

Nuvoton

M2351

NVidia

Tegra

NXP

i.MX50

i.MX53

i.MX6

i.MX with HAB < 4.3.7

i.MX RT101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid

LPC

LPC1343

LPC55S69

PN54x

Qualcomm

MSM8916/APQ8016

MSM8994

Renesas/NEC

78K0

M306K9FCLRP and possibly others

RH850

RL78

RX65

SiLabs

C8051F34x

EFM32 Gecko

STMicro

STM8

STM32F0

STM32F1

STM32F103

STM32F205

STM32F373

TI

CC2510Fx

MSP430

MSP430F5172

Xilinx

7-series FPGA products

Zynq-7000

General interest

@jynik
Copy link

jynik commented Oct 5, 2022

Turns out there was a pair of additional defects in the NXP i.MX ROM that affected second-stage loaders using the ROM-resident HABv4 API:

https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/

@win3zz
Copy link

win3zz commented Jan 23, 2024

Hi @dev-zzo, Thanks for sharing the list. Here is my beginner-friendly article. If you find it relevant, feel free to add it to your list. Thanks! 🙌🏼https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf

@dev-zzo
Copy link
Author

dev-zzo commented Mar 1, 2024

The vast majority of them links have been replaced with wayback machine links now. Bit rot is real.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment