XIAO nRF52840 vulnerable to APPROTECT bypass. New revision coming?

Nordic Semi chips come with a feature called APPROTECT which prevents to enable SWD debugging when active in order to prevent reverse-engineering, dumping the firmware or keys stored in its flash.

Unfortunately this protection was disabled by default in the nRF52840 rev.2 AAD0, the one in the XIAO BLE Sense (at least my unit). It is possible to bypass it with a glitch attack.

The concept was published by LimitedResults in 2020 and is demonstrated by Aaron Christophel in this video:

Nordic Semi issued a new hardware revision: Rev.3 AAF0, as seen on the updated USB Dongle:

I am considering using the XIAO nRF52840 Sense for a commercial project where most of the cost will be software engineering. However I am concerned that the moment someone would clone the hardware with a copy of the firmware the whole venture would become economically impractical.

I would like to get started with the XIAO board, then possibly move to a custom PCB design once the sales and growth allow it.

Would Seeed Studio consider upgrading the XIAO nRF52840 with its 3rd revision chipset for everyone?
It would help sales by making this board a platform suited for more commercial products.

Otherwise, is it the purpose of Seeed Studio Product Customization Services?

I too would like this, However I believe Round Pork Will Fly before SEEED does that is my bet. Hope they prove me wrong, but over the past two years the output from Engineering has been inconsistent IMO, too busy chasing the latest shinny thing than improve documentation
or support for existing products and examples.
GL :slight_smile:

1 Like

I found one of these I’ve had for a while, However the "cape "schematic for the Glitcher is not available but basically has a USB port type A and some (2)FET’s connected to GPIO’s and a input Gpio connection. From the pictures easy to figure out and crank up a pcb to fit and add some features.

GL :smiley: PJ :v:

1 Like

Yeah @PJ_Glasso there is indeed choice between boards in order to accomplish the glitch :sweat_smile:
Either fully automated with an ESP32 like demonstrated in the video or LimitedResult’s PocketGlitcher

It would be nice to have some attention from Seeed here. I started to look into how people design their own boards, maybe I will go in this direction once prototyping is complete. Then my product would not include XIAO boards.

Although I would much prefer to launch with a XIAO board inside, and switch to a custom PCB later on if needed.

I’ve been asked to look at a design involving security of the proprietary code.
I have limited answers, It would be Proper to have Seeed Studio comment on there intentions for these types of concerns and any future plans to mitigate these vectors.
It behooves them to do so, IMO.

They REALLY need better P.R. from a technical standpoint, SO many other hardware vendors coming online monthly.
It Sure would hate to see Seeed lose market share to those shiny new things. They have a VAAAAST product line. Too Vast maybe spread to thin in a way.
I’m always looking even though I have rolled the dice, and went with Xiao Nrf52840 BLE Sense
for one of my PCB’s.(nothing is that small of a size) YET!
I could give them some Ideas on what to improve, fix, add, and delete. but that’s another thread.
GL :slight_smile: PJ

1 Like

@PJ_Glasso good luck with your project!

I already decided to use the Xiao Nrf52840 BLE Sense only for proof of concept / early prototyping purposes and will design my own a custom PCB based on a Fanstel module for the commercialized product.
It’s more work, but I’ll get a much better antenna and have all the components needed for my device on that PCB as well, on top of the effective APPROTECT implementation.

The lack of interest from Seed on that matter was a response in itself. Although to be fair they’re far from the only one, many modules are still only available only with vulnerable chip revisions.

1 Like