Defeating Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32 devices through CPU register observation and code execution analysis

Defeating Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32 devices through CPU register observation and code execution analysis

CVE-2019-14236 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

Learn more about our Web Application Penetration Testing UK.