https://twitter.com/nedos/status/893406313992073216

NXP LPC1343 Bootloader Bypass (Part 1)
Aug 4, 2017

This will be the first of a three part series on bypassing the security of the embedded NXP LPC1343 In System Programmer (ISP) bootloader. Although we’ll focus on the LPC1343, keep in mind that this bootloader is the embedded bootloader in many NXP LPC microcontrollers. One more thing worth mentioning, is that although the details outlined in this series will be specific to NXP LPC’s you’ll be able to find similar vulnerabilities in almost all non-secure microcontrollers. As Jasper van Woudenberg (@jzvw) recently said at a an event we were both speaking at “If no-one implemented countermeasures – it means it’s vulnerable”. Also a big shoutout goes to Chris Gerlinsky (@akacastor) for dumping, dissassembling and documenting the bootloader as part of his Recon Brussels 2017 Talk. You should take a look at this talk before you begin and both the slides and the video of the talk are available.[…]

https://toothless.co/blog/bootloader-bypass-part1/

https://toothless.co/trainings/

Click to access RECON-BRX-2017-Breaking_CRP_on_NXP_LPC_Microcontrollers_slides.pdf