07:11 <Guest0> hi!

07:13 <Guest0> i have just developed a caesar cipher program on my stm32f429 device. the key in the device is "3" and i would like to extract this key from my device. i think i need to get a memory dump of my device. so, can you tell me the potential scenarios for extracting the secret key from my board? how can i do it? (im also open for your resource

07:13 <Guest0> suggestions), thanks a lot!

07:26 <olerem> Guest0: create memory dump and flush dump. use radare2 to extract the key

07:51 <Guest0> olerem as i understand radare2 is a tool to analyze bin files. but, how can i dump memory of any device?

08:04 <Haohmaru> "of any device" is too broad, for that particular chip one way is via SWD debugger

08:04 <Haohmaru> where's the data you wanna get? in the RAM or in the flash?

08:09 <Guest0> Haohmaru I defined the secret key in an int variable, so i think its in RAM

08:10 <Haohmaru> an int variable may be in RAM or flash or both, depends on how you compile and build the thing

08:11 <Haohmaru> if it's in flash, it may be enough to use the .elf and radare2 to find it

08:11 <Haohmaru> if it's in RAM - debugger

09:25 <Guest0> Haohmaru which debugger can i use? and how to use .elf and radare2 :')  when i read blog post about radare2 i see this command: "radare2 file.exe" but do not have a binary

09:27 <PaulFertser> Guest0: are you a student?

09:27 <PaulFertser> Guest0: you can use same debugger you're using to flash the stm32 part

09:27 <Guest0> yes i am

09:28 <PaulFertser> Guest0: since you have the source code I suggest you do objdump -S to see how your code translates into assembly and where exactly that key is stored and how it's handled.

09:28 <Guest0> umm yes i know that i can use ST Utility program to inspect memory. But it will only work for STM devices, i would like to gain experience on reversing on embedded devices

09:29 <PaulFertser> Guest0: we're on OpenOCD channel, so for get the proprietary utility.

09:41 <Guest0> PaulFertser is it possible to dump the memory with OpenOCD? If so, how can I do it

09:44 <Haohmaru> Guest0 the .elf *is* the binary/exe

09:44 <Haohmaru> your compiler most-probably spits out an .elf

09:50 <Guest0> Haohmaru ok sir but i will think like it is not my device. Please assume i am reversing a foreign board. I still have the source code, but an reverse engineer will not have my codes (and .elf output of compiler) - thats why i do not want to use STM softwares like ST Utility

09:52 <Guest0> how could I see the secret key in memory if it would not my device and I would not have the elf output?

09:53 <Xogium> the whole point of secret key is, well.. Hopefully its stored in some secure storage, be it memory or otherwise, so I don't think you could see it so easily if at all

09:55 <Guest0> actually it is not a secret key sir, i just defined the key by an integer variable and its probably stored in flash

09:55 <Guest0> openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg -c "init" -c "reset init" -c "flash read_bank 0 firmware.bin 0 0x8000" -c "exit"

09:55 <Guest0> does this command help me to dump the memory? o.O

09:56 <PaulFertser> Guest0: there's the official User Manual, it lists "dump_image" command.

09:56 <PaulFertser> Guest0: dump_image works for any memory-mapped resource.

09:57 <Guest0> oh, i will look at this command, thank you sir