[ { "path": ".gitignore", "content": "build\n" }, { "path": "CMakeLists.txt", "content": "cmake_minimum_required(VERSION 3.13)\n# initialize the SDK based on PICO_SDK_PATH\n# note: this must happen before project()\ninclude(pico_sdk_import.cmake)\n\nproject(rp2350_hacking_challenge_debug_version)\n\npico_sdk_init()\n\n# First executable\nadd_executable(rp2350_hacking_challenge_debug_version)\n\ntarget_sources(rp2350_hacking_challenge_debug_version PRIVATE\n main.c)\n\ninclude_directories(\"${CMAKE_CURRENT_SOURCE_DIR}/../lib\")\n\ntarget_link_libraries(rp2350_hacking_challenge_debug_version PRIVATE\n pico_stdlib\n hardware_pio\n hardware_i2c\n hardware_powman\n )\n\n# enable usb output, disable uart output\npico_enable_stdio_usb(rp2350_hacking_challenge_debug_version 1)\npico_enable_stdio_uart(rp2350_hacking_challenge_debug_version 0)\n\n# Signing and hashing\npico_set_binary_type(rp2350_hacking_challenge_debug_version no_flash)\npico_sign_binary(rp2350_hacking_challenge_debug_version ${CMAKE_CURRENT_SOURCE_DIR}/ec_private_key.pem)\npico_hash_binary(rp2350_hacking_challenge_debug_version)\npico_package_uf2_output(rp2350_hacking_challenge_debug_version 0x10000000)\npico_set_otp_key_output_file(rp2350_hacking_challenge_debug_version ${CMAKE_CURRENT_LIST_DIR}/otp.json)\npico_add_extra_outputs(rp2350_hacking_challenge_debug_version)\n\n\n\n# Second executable with GLITCH_DETECTOR_ON defined\nadd_executable(rp2350_hacking_challenge_secure_version)\n\ntarget_sources(rp2350_hacking_challenge_secure_version PRIVATE\n main.c)\n\ninclude_directories(\"${CMAKE_CURRENT_SOURCE_DIR}/../lib\")\n\ntarget_compile_definitions(rp2350_hacking_challenge_secure_version PRIVATE SECURE_VERSION)\n\ntarget_link_libraries(rp2350_hacking_challenge_secure_version PRIVATE\n pico_stdlib\n hardware_pio\n hardware_i2c\n )\n\n# disable usb output, disable uart output\npico_enable_stdio_usb(rp2350_hacking_challenge_secure_version 0)\npico_enable_stdio_uart(rp2350_hacking_challenge_secure_version 0)\n\n# Signing and hashing\npico_set_binary_type(rp2350_hacking_challenge_secure_version no_flash)\npico_sign_binary(rp2350_hacking_challenge_secure_version ${CMAKE_CURRENT_SOURCE_DIR}/ec_private_key.pem)\npico_hash_binary(rp2350_hacking_challenge_secure_version)\npico_package_uf2_output(rp2350_hacking_challenge_secure_version 0x10000000)\npico_set_otp_key_output_file(rp2350_hacking_challenge_secure_version ${CMAKE_CURRENT_LIST_DIR}/otp.json)\n\npico_add_extra_outputs(rp2350_hacking_challenge_secure_version)\n" }, { "path": "README.md", "content": "# RP2350 Hacking Challenge\n\nWelcome to the Raspberry Pi RP2350 hacking challenge and bug bounty!\n\nWatch our quick explainer video:\n[![](assets/hacking-challenge-thumbnail-play.png)](https://hextree.io/rp2350-hacking-challenge)\n## Update Jan 14th 2025\n**Congatulations to the 4 winners! Read about them all [here](https://www.raspberrypi.com/news/security-through-transparency-rp2350-hacking-challenge-results-are-in/).** \nA huge thank you to Thomas Roth and the team at Hextree.io for helping us develop and launch this challenge back in 2024!\n\n\n## Update Jan 1st 2025\n**The RP2350 Hacking Challenge has concluded.** \nThere have been some fantastic submissions! We'll announce winners and publish details on Jan 14th 2025.\n\n## Update Sept 5th 2024\nNo breaks have been reported yet. \nWe are doubling the prize to $20,000! \nWe've extended the term of the challenge, it now runs until midnight on December 31st 2024 (UK time)\n\nThe goal is easy: Find an attack that lets you dump a secret hidden in OTP ROW 0xc08 - the secret is 128-bit long, and protected by `OTP_DATA_PAGE48_LOCK1` and RP2350's secure boot!\n\nIf you think you have found a break email us at [doh@raspberrypi.com](mailto:doh@raspberrypi.com) with details - we will ship you a Pico2 with a custom secret hidden in it. If you manage to extract it, you win the $20,000!\n\nGood luck!\n\n## Disclaimer\n\nFor this challenge we will do the following persistent & irreversible changes to your RP2350:\n\n- Writing bootkey0 (with a public key - or you can generate your own & build your own firmware)\n- Enabling secure-boot via `crit1.secure_boot_enable` (but with public keys)\n- Disable debug via `crit1.debug_disable`\n- Overwrite & lock data in OTP ROW 0xc08\n- *Enabling security will permanently disable both Hazard3 RISC-V cores (M33 cores will still be operable)*\n\n## Setup - Pico 2 board\n\n- Connect an RP2350 in BOOTSEL mode to your computer via USB\n- The repository already contains signing keys: `ec_private_key.pem` and `ec_public_key.pem`. If you want to generate your own keys you can run `keygen.sh` to generate new ones using openSSL.\n- Next we write the secret that we want to hide using: `./write_otp_secret.sh` - this is irreversible, as we can't \"erase\" OTP.\n- You can check whether this write was successful by running `./read_otp_secret.sh`\n- Next we build our project:\n - `mkdir build`\n - `cd build`\n - `cmake -DPICO_PLATFORM=rp2350 -DPICO_BOARD=pico2 ..`\n - `make`\n - `cd ..`\n- Next we enable secure-boot on the chip by running `enable_secureboot.sh` (This irreversibly enables secure-boot! Make sure you keep a backup of your keys!)\n - To fully lock down the chip including disabling debugging and enabling the glitch detectors, please run `lock_chip.sh`\n- And now we are ready to install the firmware:\n - Either copy `rp2350_hacking_challenge_debug_version.uf2` or `rp2350_hacking_challenge_secure_version.uf2`\n\n## What's the difference between the debug and the secure version?\n\nThe debug version shows how to read the OTP secret that you need to extract, and also gives\nsome debug output on what's going on in the chip.\n\nAs the printfs etc. might be susceptible to fault-injection attacks we have disabled them in\nthe secure version.\n\nOur \"golden\" challenge Pico 2 will run the secure-version of the firmware, with the binary copied to RAM.\n\n## Using the chip in the future\n\nBy participating in this challenge you are permanently enabling secure-boot on your device.\nAny firmware you want to install in the firmware you need to sign yourself. You can enable\nsigning for other projects by simply adding this to the CMakeLists.txt (this needs to be above the `pico_add_extra_outputs`) and copying the\n`ec_private_key.pem` to your source directoy.\n\n```\n# Signing and hashing\npico_sign_binary(project_name ${CMAKE_CURRENT_SOURCE_DIR}/ec_private_key.pem)\npico_hash_binary(project_name)\npico_set_otp_key_output_file(project_name ${CMAKE_CURRENT_LIST_DIR}/otp.json)\n```\n## Rules, Terms and Conditions\n\nPlease see [here](https://www.raspberrypi.com/def-con-2024-challenge/) for terms, conditions and rules for this challenge.\n\n" }, { "path": "ec_private_key.pem", "content": "-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEIMIQpHEvQcq/Eu/VTQcHfVXY7jOBaAGDnFEH0v9oF6gsoAcGBSuBBAAK\noUQDQgAEV3ujCA02hzwSiLK8U5QRaVL+UvTFBdtsJNpv7o8Ssts8WL2hBjAeFcNY\ngOge/5aK+WZLzhv6rWWWkA++zlIL0Q==\n-----END EC PRIVATE KEY-----\n" }, { "path": "ec_public_key.pem", "content": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEV3ujCA02hzwSiLK8U5QRaVL+UvTFBdts\nJNpv7o8Ssts8WL2hBjAeFcNYgOge/5aK+WZLzhv6rWWWkA++zlIL0Q==\n-----END PUBLIC KEY-----\n" }, { "path": "enable_secureboot.sh", "content": "#!/bin/bash\n\necho \"Are you sure you want to enable secure-boot?\"\necho \"Any future firmware will have to be signed by the keys\"\necho \"in this repo (or the ones you generated).\"\necho \"\"\necho \"Please type ENABLE to continue\"\nread -r user_input\nif [ \"$user_input\" != \"ENABLE\" ]; then\n echo \"Operation canceled.\"\n exit 1\nfi\n\necho \"Loading otp.json onto Pico2!\"\npicotool otp load otp.json\n" }, { "path": "keygen.sh", "content": "#!/bin/bash\nset -e\nset -v\n\nPRIVATE_KEY=ec_private_key.pem\nPUBLIC_KEY=ec_public_key.pem\n\n[ -e $PRIVATE_KEY ] || [ -e $PUBLIC_KEY ] && { echo \"Keys already exist. Not overwriting.\"; exit 1; }\n\n\nopenssl ecparam -genkey -name secp256k1 -noout -out $PRIVATE_KEY\nopenssl ec -in $PRIVATE_KEY -pubout -out $PUBLIC_KEY\n" }, { "path": "lock_chip.sh", "content": "#!/bin/bash\n\necho \"Are you sure you want to fully lock down the chip?\"\necho \"Please type PLEASE LOCK to continue\"\nread -r user_input\nif [ \"$user_input\" != \"PLEASE LOCK\" ]; then\n echo \"Operation canceled.\"\n exit 1\nfi\n\n# Disable debugging features\npicotool otp set OTP_DATA_CRIT1.DEBUG_DISABLE 1 \n# Disable other boot keys\npicotool otp set OTP_DATA_BOOT_FLAGS1.KEY_INVALID 0xe\n# Enable glitch detector\npicotool otp set OTP_DATA_CRIT1.GLITCH_DETECTOR_ENABLE 1\n# Highest sensitivity\npicotool otp set OTP_DATA_CRIT1.GLITCH_DETECTOR_SENS 3\n\n# Lock writes to PAGE1, 2, 48\npicotool otp set --raw OTP_DATA_PAGE1_LOCK1 0x101010\npicotool otp set --raw OTP_DATA_PAGE2_LOCK1 0x101010\npicotool otp set --raw OTP_DATA_PAGE48_LOCK1 0x101010\n\nset +e\nset +v\n\necho -e \"\\n\\n\"\necho \"Your chip is locked! Good luck!\"\n" }, { "path": "main.c", "content": "#include \n#include \"pico/stdlib.h\"\n#include \"hardware/pio.h\"\n#include \"hardware/watchdog.h\"\n#include \"pico/bootrom.h\"\n\n// #include \"hardware/regs/glitch_detector.h\"\n#include \"hardware/regs/powman.h\"\n#include \"hardware/regs/otp_data.h\"\n#include \"hardware/structs/powman.h\"\n#include \"hardware/structs/otp.h\"\n\n// In the secure version we don't use dprintf, as an FI\n// attack on dprintf could potentially be used to leak the OTP secret.\n#ifdef SECURE_VERSION\n #define dprintf(fmt, ...) ((void)0)\n#else\n #define dprintf printf\n#endif\n\nstatic inline bool is_locked() {\n\tvolatile uint32_t * otp_page48_lock1_ptr = ((uint32_t *)(OTP_DATA_BASE + (0xfe0*2)));\n\tif(otp_page48_lock1_ptr[0] != 0x3C3C0000) {\n\t\treturn false;\n\t}\n\tif(otp_page48_lock1_ptr[1] != 0x3C) {\n\t\treturn false;\n\t}\n\treturn true;\n}\n\nstatic inline void lock_otp_secret() {\n\tdprintf(\"Locking OTP secret...\\n\");\n\totp_cmd_t cmd;\n\tcmd.flags = OTP_DATA_PAGE48_LOCK1_ROW | OTP_CMD_ECC_BITS | OTP_CMD_WRITE_BITS;\n\t// 3 redundant copies\n\tuint32_t value = 0x3c3c3c;\n\tuint32_t ret = rom_func_otp_access(&value, sizeof(value), cmd);\n\tif (ret) {\n\t\tdprintf(\"\\tLocking failed with error: %d\\n\", ret);\n\t\twhile(1) {\n\n\t\t}\n\t} else {\n\t\tdprintf(\"\\tLocking succeeded!ECC Write succeeded!\\n\");\n\t}\n}\n\nstatic inline void lock_sw_lock_48() {\n\tdprintf(\"Locking OTP secret via SW_LOCK\\n\");\n\t// Lock the OTP memory so it's not readable afterwards\n\t// - [3:2] - Non-Secure lock status\n\t// - [1:0] - Secure lock status\n\t// - 0 = read_write 1 = read_only 3 = inaccessible\n\totp_hw->sw_lock[48] = 0b1111;\n\tdprintf(\"\\tDone!\\n\\n\");\n}\n\nint main()\n{\n#ifndef SECURE_VERSION\n\tstdio_init_all();\n\t// Wait 5 seconds to give the user a chance to connect to the USB serial console\n\tsleep_ms(5000);\n\tdprintf(\"Welcome to the Raspberry Pi RP2350 Hacking Challenge!\\n\\n\");\n\tdprintf(\"The goal is easy: Find an attack that lets you dump a secret\\n\");\n\tdprintf(\"hidden in OTP ROW 0xc08 - the secret is 64-bit long, and\\n\");\n\tdprintf(\"protected by OTP_DATA_PAGE48_LOCK1 and RP2350's secure boot!\\n\");\n\tdprintf(\"\\n\");\n\tdprintf(\"\\n\");\n\tdprintf(\"Good luck!\\n\\n\");\n#endif\n\n\t// Before we do anything else we check whether our secret OTP pages are locked.\n\t// If they aren't locked yet we write OTP_DATA_PAGE48_LOCK1 to 0x3c3c3c.\n\t// This is persistent and prevents reading of the OTP pages via picotool and\n\t// from non-secure code. Secure code (i.e. if you manage to bypass secure-boot)\n\t// will still be able to access the secret. Good luck!\n\tif(is_locked()) {\n\t\tdprintf(\"OTP area is locked!\\n\");\n\t} else {\n\t\tdprintf(\"OTP area is not locked!\\n\");\n\t\tlock_otp_secret();\n\t}\n\tputs(\"\");\n\n#ifndef SECURE_VERSION\n\t// This is how you could leak the first 4 bytes of the secret:\n\tdprintf(\"Test access to the OTP before it's locked using SW_LOCK:\\n\");\n\n\tvolatile uint32_t * otp_guarded_data_ptr = ((uint32_t *)(OTP_DATA_GUARDED_BASE + (0xc08*2)));\n\tdprintf(\"%04X\", *otp_guarded_data_ptr & 0xFFFF);\n\tdprintf(\"%04X\\n\\n\", (*otp_guarded_data_ptr & 0xFFFF0000) >> 16);\n#endif\n\n\t// Next, we lock the OTP area down even further using SW_LOCK48 - this ensures that\n\t// the secret can't be retrieved if you exploit the application/gain code-exec after\n\t// this point!\n\tlock_sw_lock_48();\n\n#ifndef SECURE_VERSION\n\tdprintf(\"Test access to the OTP after it's locked using SW_LOCK:\\n\");\n\t// We are using an unguarded (non-ecc) read here, as otherwise we cause a bus fault.\n\t// (See \"OTP Address Map\" section in the datasheet.)\n\tvolatile uint32_t * otp_data_ptr = ((uint32_t *)(OTP_DATA_BASE + (0xc08*2)));\n\tdprintf(\"%04X\", *otp_data_ptr & 0xFFFF);\n\tdprintf(\"%04X\\n\", (*otp_data_ptr & 0xFFFF0000) >> 16);\n#endif\n\twhile(1) {\n\n\t}\n}\n" }, { "path": "otp.json", "content": "{\n \"boot_flags1\": {\n \"key_valid\": 1\n },\n \"bootkey0\": [\n 58,\n 3,\n 118,\n 188,\n 215,\n 78,\n 85,\n 178,\n 188,\n 139,\n 8,\n 225,\n 26,\n 108,\n 233,\n 192,\n 240,\n 124,\n 108,\n 141,\n 39,\n 41,\n 112,\n 61,\n 217,\n 67,\n 178,\n 96,\n 31,\n 92,\n 216,\n 65\n ],\n \"crit1\": {\n \"secure_boot_enable\": 1\n }\n}\n" }, { "path": "pico_sdk_import.cmake", "content": "# This is a copy of /external/pico_sdk_import.cmake\n\n# This can be dropped into an external project to help locate this SDK\n# It should be include()ed prior to project()\n\nif (DEFINED ENV{PICO_SDK_PATH} AND (NOT PICO_SDK_PATH))\n set(PICO_SDK_PATH $ENV{PICO_SDK_PATH})\n message(\"Using PICO_SDK_PATH from environment ('${PICO_SDK_PATH}')\")\nendif ()\n\nif (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT} AND (NOT PICO_SDK_FETCH_FROM_GIT))\n set(PICO_SDK_FETCH_FROM_GIT $ENV{PICO_SDK_FETCH_FROM_GIT})\n message(\"Using PICO_SDK_FETCH_FROM_GIT from environment ('${PICO_SDK_FETCH_FROM_GIT}')\")\nendif ()\n\nif (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_PATH))\n set(PICO_SDK_FETCH_FROM_GIT_PATH $ENV{PICO_SDK_FETCH_FROM_GIT_PATH})\n message(\"Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')\")\nendif ()\n\nset(PICO_SDK_PATH \"${PICO_SDK_PATH}\" CACHE PATH \"Path to the Raspberry Pi Pico SDK\")\nset(PICO_SDK_FETCH_FROM_GIT \"${PICO_SDK_FETCH_FROM_GIT}\" CACHE BOOL \"Set to ON to fetch copy of SDK from git if not otherwise locatable\")\nset(PICO_SDK_FETCH_FROM_GIT_PATH \"${PICO_SDK_FETCH_FROM_GIT_PATH}\" CACHE FILEPATH \"location to download SDK\")\n\nif (NOT PICO_SDK_PATH)\n if (PICO_SDK_FETCH_FROM_GIT)\n include(FetchContent)\n set(FETCHCONTENT_BASE_DIR_SAVE ${FETCHCONTENT_BASE_DIR})\n if (PICO_SDK_FETCH_FROM_GIT_PATH)\n get_filename_component(FETCHCONTENT_BASE_DIR \"${PICO_SDK_FETCH_FROM_GIT_PATH}\" REALPATH BASE_DIR \"${CMAKE_SOURCE_DIR}\")\n endif ()\n # GIT_SUBMODULES_RECURSE was added in 3.17\n if (${CMAKE_VERSION} VERSION_GREATER_EQUAL \"3.17.0\")\n FetchContent_Declare(\n pico_sdk\n GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk\n GIT_TAG master\n GIT_SUBMODULES_RECURSE FALSE\n )\n else ()\n FetchContent_Declare(\n pico_sdk\n GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk\n GIT_TAG master\n )\n endif ()\n\n if (NOT pico_sdk)\n message(\"Downloading Raspberry Pi Pico SDK\")\n FetchContent_Populate(pico_sdk)\n set(PICO_SDK_PATH ${pico_sdk_SOURCE_DIR})\n endif ()\n set(FETCHCONTENT_BASE_DIR ${FETCHCONTENT_BASE_DIR_SAVE})\n else ()\n message(FATAL_ERROR\n \"SDK location was not specified. Please set PICO_SDK_PATH or set PICO_SDK_FETCH_FROM_GIT to on to fetch from git.\"\n )\n endif ()\nendif ()\n\nget_filename_component(PICO_SDK_PATH \"${PICO_SDK_PATH}\" REALPATH BASE_DIR \"${CMAKE_BINARY_DIR}\")\nif (NOT EXISTS ${PICO_SDK_PATH})\n message(FATAL_ERROR \"Directory '${PICO_SDK_PATH}' not found\")\nendif ()\n\nset(PICO_SDK_INIT_CMAKE_FILE ${PICO_SDK_PATH}/pico_sdk_init.cmake)\nif (NOT EXISTS ${PICO_SDK_INIT_CMAKE_FILE})\n message(FATAL_ERROR \"Directory '${PICO_SDK_PATH}' does not appear to contain the Raspberry Pi Pico SDK\")\nendif ()\n\nset(PICO_SDK_PATH ${PICO_SDK_PATH} CACHE PATH \"Path to the Raspberry Pi Pico SDK\" FORCE)\n\ninclude(${PICO_SDK_INIT_CMAKE_FILE})" }, { "path": "read_otp_secret.sh", "content": "#!/bin/bash\npicotool otp get -e 0xc08 | grep VALUE\npicotool otp get -e 0xc09 | grep VALUE\npicotool otp get -e 0xc0a | grep VALUE\npicotool otp get -e 0xc0b | grep VALUE\npicotool otp get -e 0xc0c | grep VALUE\npicotool otp get -e 0xc0d | grep VALUE\npicotool otp get -e 0xc0e | grep VALUE\npicotool otp get -e 0xc0f | grep VALUE\n" }, { "path": "write_otp_secret.sh", "content": "#!/bin/bash\nset -e\nset -v\npicotool otp set -e 0xc08 0xc0ff\npicotool otp set -e 0xc09 0xffee\npicotool otp set -e 0xc0a 0xc0ff\npicotool otp set -e 0xc0b 0xffee\npicotool otp set -e 0xc0c 0xc0ff\npicotool otp set -e 0xc0d 0xffee\npicotool otp set -e 0xc0e 0xc0ff\npicotool otp set -e 0xc0f 0xffee\n" } ]