dev-zzo · October 7, 2025 03:56 · Apr 22, 2025 · Apr 2, 2025 · Oct 26, 2024 · Aug 16, 2024
diff --git a/imperfect-design.md b/imperfect-design.md
@@ -247,6 +247,10 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/)
 
+## STM32F401CC
+
+* [Glitching STM32 Read Out Protection](https://web.archive.org/web/20250422093957/https://www.anvilsecure.com/blog/glitching-stm32-read-out-protection-with-voltage-fault-injection.html)
+
 # TI
 
 ## CC2510Fx

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -89,6 +89,10 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 * [Microchip ATSAMA5 SoC Multiple Vulnerabilities](https://web.archive.org/web/20230320135233/https://labs.withsecure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities-full-release)
 
+## SAM 4C32 and several others
+
+* [Bypassing Lock - Microchip/Atmel SAM4C32](https://web.archive.org/web/20250402165042/https://wiki.recessim.com/view/ATSAM4C32)
+
 ## SAM E70/S70/V70/V71
 
 * [Bypassing Microchip Atmel SAM E70/S70/V70/V71 Security](https://web.archive.org/web/20240516213853/https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -206,6 +206,10 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 # SiLabs
 
+## C8051F34x
+
+* https://github.com/debug-silicon/C8051F34x_Glitch
+
 ## EFM32 Gecko
 
 * [LimitedResults:Enter the EFM32 Gecko](https://web.archive.org/web/20240125070856/https://limitedresults.com/2021/06/enter-the-efm32-gecko/)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -46,7 +46,7 @@ At the end of the list, there is also a section with links to articles of potent
 
 # Fudan Micro
 
-## FM11RF08S
+## FM11RF08S, FM11RF08, FM11RF32, FM1208-10
 
 * [MIFARE Classic: exposing the static encrypted nonce variant](https://eprint.iacr.org/2024/1275.pdf)
 

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -44,6 +44,12 @@ At the end of the list, there is also a section with links to articles of potent
 * [LimitedResults:Pwn the ESP32 crypto-core](https://web.archive.org/web/20240125071222/https://limitedresults.com/2019/08/pwn-the-esp32-crypto-core/)
 * [Courk:Breaking the Flash Encryption Feature of Espressif’s Parts](https://web.archive.org/web/20240126000044/https://courk.cc/breaking-flash-encryption-of-espressif-parts)
 
+# Fudan Micro
+
+## FM11RF08S
+
+* [MIFARE Classic: exposing the static encrypted nonce variant](https://eprint.iacr.org/2024/1275.pdf)
+
 # GigaDevice
 
 ## Pretty much all of them

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -20,6 +20,10 @@ At the end of the list, there is also a section with links to articles of potent
 
 * [Pwning the bcm61650](https://web.archive.org/web/20231216150355/https://blog.xilokar.info/pwning-the-bcm61650.html)
 
+# Commodore/CSG
+
+* [6500/1 ROM](https://web.archive.org/web/20240629160937/https://e4aws.silverdr.com/hacks/6500_1/) may be applicable to other mask ROM 6502
+
 # Cypress
 
 ## CY8C21434

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -79,6 +79,10 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 * [Microchip ATSAMA5 SoC Multiple Vulnerabilities](https://web.archive.org/web/20230320135233/https://labs.withsecure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities-full-release)
 
+## SAM E70/S70/V70/V71
+
+* [Bypassing Microchip Atmel SAM E70/S70/V70/V71 Security](https://web.archive.org/web/20240516213853/https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/)
+
 ## PIC18F452
 
 * [Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security](https://web.archive.org/web/20240106105035/https://get.meriac.com/docs/HID-iCLASS-security.pdf)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -180,6 +180,7 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 ## RH850
 
 * [Bypassing the Renesas RH850/P1M-E read protection using fault injection](https://web.archive.org/web/20231202142556/https://icanhack.nl/blog/rh850-glitch/)
+* [RH850/F1L ID code check bypass via glitching](https://web.archive.org/web/20240516183127/https://jerinsunny.github.io/blogs/2024/02/14/rh850-voltage-glitching.html)
 
 ## RL78
 

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -267,3 +267,4 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 * [Quarkslab:Vulnerabilities in the TPM 2.0 reference implementation code](https://web.archive.org/web/20240117034958/https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html)
 * [Quarkslab:RFID: Monotonic Counter Anti-Tearing Defeated](https://web.archive.org/web/20240117035029/https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html)
 * [High Precision Laser Fault Injection using Low-cost Components](https://pure.royalholloway.ac.uk/en/publications/high-precision-laser-fault-injection-using-low-cost-components)
+* [SiliconToaster: A Cheap and Programmable EM Injector for Extracting Secrets](https://eprint.iacr.org/2020/1115.pdf)
diff --git a/imperfect-design.md b/imperfect-design.md
@@ -266,3 +266,4 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/2561)
 * [Quarkslab:Vulnerabilities in the TPM 2.0 reference implementation code](https://web.archive.org/web/20240117034958/https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html)
 * [Quarkslab:RFID: Monotonic Counter Anti-Tearing Defeated](https://web.archive.org/web/20240117035029/https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html)
+* [High Precision Laser Fault Injection using Low-cost Components](https://pure.royalholloway.ac.uk/en/publications/high-precision-laser-fault-injection-using-low-cost-components)
diff --git a/imperfect-design.md b/imperfect-design.md
@@ -165,14 +165,18 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 * [Quarkslab:Analysis of Qualcomm Secure Boot Chains](https://web.archive.org/web/20240125071201/https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html)
 
-# Renesas
+# Renesas/NEC
 
 ## 78K0
 
 * [Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/)
 * [D78F0831Y](https://web.archive.org/web/20230711112910/https://gist.github.com/mnaberez/ea3c3feb3a1619393b997bfb5e7de35f)
 
+## M306K9FCLRP and possibly others
+
+* [Hacking Toshiba Laptops](https://web.archive.org/web/20231214030150/https://cdn.hackaday.io/files/72330932832/slides-recon-2018.pdf)
+
 ## RH850
 
 * [Bypassing the Renesas RH850/P1M-E read protection using fault injection](https://web.archive.org/web/20231202142556/https://icanhack.nl/blog/rh850-glitch/)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -250,6 +250,7 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 # General interest
 
 * [The Sorcerer’s Apprentice Guide to Fault Attacks](https://eprint.iacr.org/2004/100.pdf)
+* [Skorobogatov:Copy Protection in Modern Microcontrollers](https://web.archive.org/web/20231231003605/https://www.cl.cam.ac.uk/~sps32/mcu_lock.html)
 * [chip.fail](https://web.archive.org/web/20231027173636/https://chip.fail/chipfail.pdf)
 * https://research.nccgroup.com/wp-content/uploads/2020/02/NCC-Group-Whitepaper-Microcontroller-Readback-Protection-1.pdf
 * [Taking a Look into Execute-Only Memory](https://www.usenix.org/system/files/woot19-paper_schink.pdf)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -173,6 +173,10 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/)
 * [D78F0831Y](https://web.archive.org/web/20230711112910/https://gist.github.com/mnaberez/ea3c3feb3a1619393b997bfb5e7de35f)
 
+## RH850
+
+* [Bypassing the Renesas RH850/P1M-E read protection using fault injection](https://web.archive.org/web/20231202142556/https://icanhack.nl/blog/rh850-glitch/)
+
 ## RL78
 
 * [f0:PS4 Aux Hax 2: Syscon](https://web.archive.org/web/20231207165505/https://fail0verflow.com/blog/2018/ps4-syscon/)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -1,5 +1,13 @@
 The list below is compiled to inform, guide, and inspire budding security researchers. Oh and to pick something for bedtime reading too.
 
+Included in the list are works on the following topics related to MCU/SoC security:
+
+* Secure boot
+* Fault injection
+* Side channel attacks
+
+At the end of the list, there is also a section with links to articles of potential general interest, not addressing vulnerabilities in any specific device.
+
 # Amlogic
 
 ## S905
@@ -38,6 +46,12 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/0a5/nad1d86e3ah3ayx38ue56vxbh2j07kd4.pdf
 
+# Google
+
+## Titan M
+
+* [Quarkslab:Attacking Titan M with Only One Byte](https://web.archive.org/web/20240117035133/https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html)
+
 # Infineon
 
 ## SLE95250
@@ -242,3 +256,4 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 * [Design Considerations for EM Pulse Fault Injection](https://www.esat.kuleuven.be/cosic/publications/article-3086.pdf)
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/2561)
 * [Quarkslab:Vulnerabilities in the TPM 2.0 reference implementation code](https://web.archive.org/web/20240117034958/https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html)
+* [Quarkslab:RFID: Monotonic Counter Anti-Tearing Defeated](https://web.archive.org/web/20240117035029/https://blog.quarkslab.com/rfid-monotonic-counter-anti-tearing-defeated.html)
diff --git a/imperfect-design.md b/imperfect-design.md
@@ -4,33 +4,33 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 ## S905
 
-* https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
+* [Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM](https://web.archive.org/web/20230716134340/https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html)
 
 # Broadcom
 
 ## BCM61650
 
-* https://blog.xilokar.info/pwning-the-bcm61650.html
+* [Pwning the bcm61650](https://web.archive.org/web/20231216150355/https://blog.xilokar.info/pwning-the-bcm61650.html)
 
 # Cypress
 
 ## CY8C21434
 
-* https://syscall.eu/blog/2018/03/12/aigo_part2/
+* [Aigo Chinese encrypted HDD − Part 2: Dumping the Cypress PSoC 1](https://syscall.eu/blog/2018/03/12/aigo_part2/)
 
 # Espressif
 
 ## ESP32
 
-* https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-power-analysis/
-* https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/
-* https://raelize.com/blog/espressif-systems-esp32-bypassing-flash-encryption/
-* https://raelize.com/blog/espressif-systems-esp32-controlling-pc-during-sb/
-* https://raelize.com/blog/espressif-systems-esp32-bypassing-sb-using-emfi/
-* https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/
-* https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/
-* https://limitedresults.com/2019/08/pwn-the-esp32-crypto-core/
-* https://courk.cc/breaking-flash-encryption-of-espressif-parts
+* [Raelize:Espressif ESP32: Breaking HW AES with Power Analysis](https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-power-analysis/)
+* [Raelize:Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629)](https://web.archive.org/web/20240125070836/https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/)
+* [Raelize:Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)](https://web.archive.org/web/20240125070837/https://raelize.com/blog/espressif-systems-esp32-bypassing-flash-encryption/)
+* [Raelize:Espressif ESP32: Controlling PC during Secure Boot](https://web.archive.org/web/20240125070835/https://raelize.com/blog/espressif-systems-esp32-controlling-pc-during-sb/)
+* [Raelize:Espressif ESP32: Bypassing Secure Boot using EMFI](https://web.archive.org/web/20240125070837/https://raelize.com/blog/espressif-systems-esp32-bypassing-sb-using-emfi/)
+* [LimitedResults:Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction](https://web.archive.org/web/20240125070859/https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/)
+* [LimitedResults:Pwn the ESP32 Secure Boot](https://web.archive.org/web/20240125070900/https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/)
+* [LimitedResults:Pwn the ESP32 crypto-core](https://web.archive.org/web/20240125071222/https://limitedresults.com/2019/08/pwn-the-esp32-crypto-core/)
+* [Courk:Breaking the Flash Encryption Feature of Espressif’s Parts](https://web.archive.org/web/20240126000044/https://courk.cc/breaking-flash-encryption-of-espressif-parts)
 
 # GigaDevice
 
@@ -42,133 +42,137 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 ## SLE95250
 
-* [Compromising device security via NVM controller vulnerability](https://www.cl.cam.ac.uk/~sps32/PAINE2020_NVM.pdf)
-* https://www.cl.cam.ac.uk/~sps32/HWIO_OTB.pdf
+* [Skorobogatov:Compromising device security via NVM controller vulnerability](https://web.archive.org/web/20230324173619/https://www.cl.cam.ac.uk/~sps32/PAINE2020_NVM.pdf)
+* [Skorobogatov:Practical reverse engineering of ECC-based authentication device with zero knowledge](https://web.archive.org/web/20221102185932/https://www.cl.cam.ac.uk/~sps32/HWIO_OTB.pdf)
 
 # MediaTek
 
 ## MT8163V
 
-* https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom
+* [NCC:There’s A Hole In Your SoC: Glitching The MediaTek BootROM](https://web.archive.org/web/20231005034326/https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom)
 
 # Microchip/Atmel
 
 ## AT91SAM7XC256
 
-* https://adamsblog.rfidiot.org/2013/02/atmel-sam7xc-crypto-co-processor-key.html
+* [Atmel SAM7XC Crypto Co-Processor key recovery (with bonus Mifare DESFire hack)](https://web.archive.org/web/20231209173719/https://adamsblog.rfidiot.org/2013/02/atmel-sam7xc-crypto-co-processor-key.html)
 
 ## ATECC508A
 
-* https://i.blackhat.com/USA-20/Thursday/us-20-Heriveaux-Black-Box-Laser-Fault-Injection-On-A-Secure-Memory.pdf
+* [Black-box Laser Fault Injection on a Secure Memory](https://web.archive.org/web/20221119000104/https://i.blackhat.com/USA-20/Thursday/us-20-Heriveaux-Black-Box-Laser-Fault-Injection-On-A-Secure-Memory.pdf)
 
 ## ATSAMA5Dx
 
-* https://labs.f-secure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities-full-release/
+* [Microchip ATSAMA5 SoC Multiple Vulnerabilities](https://web.archive.org/web/20230320135233/https://labs.withsecure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities-full-release)
 
 ## PIC18F452
 
-* [Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security](https://get.meriac.com/docs/HID-iCLASS-security.pdf)
+* [Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security](https://web.archive.org/web/20240106105035/https://get.meriac.com/docs/HID-iCLASS-security.pdf)
 
 ## PIC18F1320
 
-* https://www.bunniestudios.com/blog/?page_id=40
+* [Bunnie:Hacking the PIC 18F1320](https://web.archive.org/web/20240131154146/https://www.bunniestudios.com/blog/?page_id=40)
 
 # Nordic Semi
 
 ## nRF51822
 
-* https://blog.includesecurity.com/2015/11/firmware-dumping-technique-for-an-arm-cortex-m0-soc/
+* [Firmware dumping technique for an ARM Cortex-M0 SoC](https://web.archive.org/web/20240228140110/https://blog.includesecurity.com/2015/11/firmware-dumping-technique-for-an-arm-cortex-m0-soc/)
 
 ## nRF52
 
-* https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
-* https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass-part-2/
+* [LimitedResults:nRF52 Debug Resurrection (APPROTECT Bypass) Part 1](https://web.archive.org/web/20240125070900/https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/)
+* [LimitedResults:nRF52 Debug Resurrection (APPROTECT Bypass) Part 2](https://web.archive.org/web/20240125070901/https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass-part-2/)
 
 # Nuvoton
 
 ## M2351
 
-* https://limitedresults.com/2020/01/nuvoton-m2351-mkrom-armv8-m-trustzone/
+* [LimitedResults:Nuvoton M2351 MKROM](https://web.archive.org/web/20230322144902/https://limitedresults.com/2020/01/nuvoton-m2351-mkrom-armv8-m-trustzone/)
 * https://media.ccc.de/v/36c3-10859-trustzone-m_eh_breaking_armv8-m_s_security
 
 # NVidia
 
 ## Tegra
 
-* https://github.com/Qyriad/fusee-launcher/blob/master/report/fusee_gelee.md
+* [Fusée Gelée](https://web.archive.org/web/20190518055624/https://github.com/Qyriad/fusee-launcher/blob/master/report/fusee_gelee.md)
 
 # NXP
 
 ## i.MX50
 
-* https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html
+* [Quarkslab:Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors](https://web.archive.org/web/20240117035139/https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html)
 
 ## i.MX53
 
-* https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html
-
+* [Quarkslab:Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors](https://web.archive.org/web/20240117035139/https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html)
+* 
 ## i.MX6
 
-* https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html
+* [Quarkslab:Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors](https://web.archive.org/web/20240117035139/https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html)
 
 ## i.MX with HAB < 4.3.7
 
-* https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/
+* [NCC:Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices](https://web.archive.org/web/20231127163252/https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/)
 
 ## i.MX RT101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid
 
-* https://research.nccgroup.com/2022/11/17/cve-2022-45163/
+* [Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)](https://web.archive.org/web/20230923131525/https://research.nccgroup.com/2022/11/17/cve-2022-45163/)
 
 ## LPC
 
 * https://recon.cx/2017/brussels/resources/slides/RECON-BRX-2017-Breaking_CRP_on_NXP_LPC_Microcontrollers_slides.pdf
 
 ## LPC1343
 
-* [Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
+* [Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
 * https://i.blackhat.com/eu-19/Thursday/eu-19-Temeiza-Breaking-Bootloaders-On-The-Cheap-2.pdf
-* https://toothless.co/blog/bootloader-bypass-part1/
+* [NXP LPC1343 Bootloader Bypass (Part 1) - Communicating with the bootloader](https://web.archive.org/web/20231125025154/https://toothless.co/blog/bootloader-bypass-part1)
+* [NXP LPC1343 Bootloader Bypass (Part 2) - Dumping firmware with Python and building the logic for the glitcher](https://web.archive.org/web/20231125025154/https://toothless.co/blog/bootloader-bypass-part2)
+* [NXP LPC1343 Bootloader Bypass (Part 3) - Putting it all together](https://web.archive.org/web/20231125025154/https://toothless.co/blog/bootloader-bypass-part3)
 
 ## LPC55S69
 
-* https://oxide.computer/blog/lpc55/
-* https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom
+* [Oxide:Exploiting Undocumented Hardware Blocks in the LPC55S69](https://web.archive.org/web/20240208061157/https://oxide.computer/blog/exploiting-undocumented-hardware-blocks-in-the-lpc55s69)
+* [Oxide:Another vulnerability in the LPC55S69 ROM](https://web.archive.org/web/20230922181420/https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom)
+* [Oxide:A Gap in the TrustZone preset settings for the LPC55S69](https://oxide.computer/blog/lpc55s69-tzpreset)
 
 ## PN54x
 
-* https://web.archive.org/web/20230609204446/https://www.pentestpartners.com/security-blog/breaking-the-nfc-chips-in-tens-of-millions-of-smart-phones-and-a-few-pos-systems/
+* [Breaking the NFC chips in tens of millions of smart phones, and a few PoS systems](https://web.archive.org/web/20230609204446/https://www.pentestpartners.com/security-blog/breaking-the-nfc-chips-in-tens-of-millions-of-smart-phones-and-a-few-pos-systems/)
 
 # Qualcomm
 
 ## MSM8916/APQ8016
 
-* https://cyberintel.es/cve/notCVE-2023-0001/
+* [Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC](https://web.archive.org/web/20231108232422/https://cyberintel.es/cve/notCVE-2023-0001/)
 
 ## MSM8994
 
-* https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html
+* [Quarkslab:Analysis of Qualcomm Secure Boot Chains](https://web.archive.org/web/20240125071201/https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html)
 
 # Renesas
 
 ## 78K0
 
 * [Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/)
-* [D78F0831Y](https://gist.github.com/mnaberez/ea3c3feb3a1619393b997bfb5e7de35f)
+* [D78F0831Y](https://web.archive.org/web/20230711112910/https://gist.github.com/mnaberez/ea3c3feb3a1619393b997bfb5e7de35f)
 
 ## RL78
 
-* https://fail0verflow.com/blog/2018/ps4-syscon/
+* [f0:PS4 Aux Hax 2: Syscon](https://web.archive.org/web/20231207165505/https://fail0verflow.com/blog/2018/ps4-syscon/)
 
 ## RX65
 
-* https://www.collshade.fr/articles/reneshack/rx_glitch_article.html
+* [Renes'hack](https://web.archive.org/web/20230925084759/https://collshade.fr/articles/reneshack/rx_glitch_article.html)
 
 # SiLabs
 
 ## EFM32 Gecko
 
-* https://limitedresults.com/2021/06/enter-the-efm32-gecko/
+* [LimitedResults:Enter the EFM32 Gecko](https://web.archive.org/web/20240125070856/https://limitedresults.com/2021/06/enter-the-efm32-gecko/)
+* [Quarkslab:Breaking Secure Boot on the Silicon Labs Gecko platform](https://web.archive.org/web/20240117035055/https://blog.quarkslab.com/breaking-secure-boot-on-the-silicon-labs-gecko-platform.html)
 
 # STMicro
 
@@ -179,20 +183,20 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 ## STM32F0
 
-* [Shedding too much Light on a Microcontroller’s Firmware Protection](https://www.aisec.fraunhofer.de/content/dam/aisec/ResearchExcellence/woot17-paper-obermaier.pdf)
+* [Shedding too much Light on a Microcontroller’s Firmware Protection](https://web.archive.org/web/20240214153509/https://www.aisec.fraunhofer.de/content/dam/aisec/ResearchExcellence/woot17-paper-obermaier.pdf)
 
 ## STM32F1
 
-* https://blog.zapb.de/stm32f1-exceptional-failure/
+* [Exception(al) Failure - Breaking the STM32F1 Read-Out Protection](https://web.archive.org/web/20240228162856/https://blog.zapb.de/stm32f1-exceptional-failure/)
 
 ## STM32F103
 
-* https://medium.com/@LargeCardinal/how-to-bypass-debug-disabling-and-crp-on-stm32f103-7116e7abb546
+* [How to bypass Debug Disabling on SM32F103](https://web.archive.org/web/20221119000417/https://medium.com/@LargeCardinal/how-to-bypass-debug-disabling-and-crp-on-stm32f103-7116e7abb546)
 
 ## STM32F205
 
-* https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/
-* https://www.riscure.com/uploads/2019/04/Riscure_OffensiveCon19_glitchingKeepkey.pdf
+* [Kraken Identifies Critical Flaw in Trezor Hardware Wallets](https://web.archive.org/web/20231207211229/https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets)
+* [Riscure:Glitching the KeepKey hardware wallet](https://web.archive.org/web/20231205015027/https://www.riscure.com/glitching-the-keepkey-hardware-wallet/)
 
 ## STM32F373
 
@@ -202,11 +206,11 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 
 ## CC2510Fx
 
-* [Reverse engineering an e-ink display](https://zeus.ugent.be/blog/22-23/reverse_engineering_epaper/)
+* [Reverse engineering an e-ink display](https://web.archive.org/web/20240201052525/https://zeus.ugent.be/blog/22-23/reverse_engineering_epaper/)
 
 ## MSP430
 
-* [Practical Attacks against the MSP430 BSL](https://fahrplan.events.ccc.de/congress/2008/Fahrplan/attachments/1191_goodspeed_25c3_bslc.pdf)
+* [Practical Attacks against the MSP430 BSL](https://web.archive.org/web/20240106161824/https://fahrplan.events.ccc.de/congress/2008/Fahrplan/attachments/1191_goodspeed_25c3_bslc.pdf)
 
 ## MSP430F5172
 
@@ -221,18 +225,20 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 ## Zynq-7000
 
 * https://www.xilinx.com/support/answers/76201.html
-* https://blog.ropcha.in/part-3-zynq-cve-2021-27208.html
-* https://blog.ropcha.in/part-4-zynq-cve-2021-44850.html
+* [Zynq Part 2: UART Secrets](https://web.archive.org/web/20220626140711/https://blog.ropcha.in/part-2-uart-secrets.html)
+* [Zynq Part 3: CVE-2021-27208](https://web.archive.org/web/20220626132641/https://blog.ropcha.in/part-3-zynq-cve-2021-27208.html)
+* [Zynq Part 4: CVE-2021-44850](https://web.archive.org/web/20220626133909/https://blog.ropcha.in/part-4-zynq-cve-2021-44850.html)
 
 # General interest
 
 * [The Sorcerer’s Apprentice Guide to Fault Attacks](https://eprint.iacr.org/2004/100.pdf)
-* https://chip.fail/chipfail.pdf
+* [chip.fail](https://web.archive.org/web/20231027173636/https://chip.fail/chipfail.pdf)
 * https://research.nccgroup.com/wp-content/uploads/2020/02/NCC-Group-Whitepaper-Microcontroller-Readback-Protection-1.pdf
 * [Taking a Look into Execute-Only Memory](https://www.usenix.org/system/files/woot19-paper_schink.pdf)
-* https://www.cl.cam.ac.uk/~sps32/mcu_lock.html
+* [Skorobogatov:Copy Protection in Modern Microcontrollers](https://web.archive.org/web/20231231003605/https://www.cl.cam.ac.uk/~sps32/mcu_lock.html)
 * https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d
-* https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-the-theory/
-* https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-code-walkthrough/
+* [Hacker's guide to deep-learning side-channel attacks: the theory](https://web.archive.org/web/20240207113902/https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-the-theory/)
+* [Hacker's guide to deep-learning side-channel attacks: code walkthrough](https://web.archive.org/web/20240207113835/https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-code-walkthrough/)
 * [Design Considerations for EM Pulse Fault Injection](https://www.esat.kuleuven.be/cosic/publications/article-3086.pdf)
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/2561)
+* [Quarkslab:Vulnerabilities in the TPM 2.0 reference implementation code](https://web.archive.org/web/20240117034958/https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html)
diff --git a/imperfect-design.md b/imperfect-design.md
@@ -175,6 +175,7 @@ https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/
 ## STM8
 
 * [Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
+* [Dumping Firmware With a 555](https://web.archive.org/web/20230928204822/https://jrainimo.com/build/2022/01/dumping-firmware-with-a-555/)
 
 ## STM32F0
 

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -32,6 +32,12 @@ The list below is compiled to inform, guide, and inspire budding security resear
 * https://limitedresults.com/2019/08/pwn-the-esp32-crypto-core/
 * https://courk.cc/breaking-flash-encryption-of-espressif-parts
 
+# GigaDevice
+
+## Pretty much all of them
+
+https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/0a5/nad1d86e3ah3ayx38ue56vxbh2j07kd4.pdf
+
 # Infineon
 
 ## SLE95250

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -30,6 +30,7 @@ The list below is compiled to inform, guide, and inspire budding security resear
 * https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/
 * https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/
 * https://limitedresults.com/2019/08/pwn-the-esp32-crypto-core/
+* https://courk.cc/breaking-flash-encryption-of-espressif-parts
 
 # Infineon
 

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -133,6 +133,10 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 # Qualcomm
 
+## MSM8916/APQ8016
+
+* https://cyberintel.es/cve/notCVE-2023-0001/
+
 ## MSM8994
 
 * https://blog.quarkslab.com/analysis-of-qualcomm-secure-boot-chains.html

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -127,6 +127,10 @@ The list below is compiled to inform, guide, and inspire budding security resear
 * https://oxide.computer/blog/lpc55/
 * https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom
 
+## PN54x
+
+* https://web.archive.org/web/20230609204446/https://www.pentestpartners.com/security-blog/breaking-the-nfc-chips-in-tens-of-millions-of-smart-phones-and-a-few-pos-systems/
+
 # Qualcomm
 
 ## MSM8994

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -139,6 +139,7 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 * [Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/)
+* [D78F0831Y](https://gist.github.com/mnaberez/ea3c3feb3a1619393b997bfb5e7de35f)
 
 ## RL78
 

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -22,6 +22,7 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 ## ESP32
 
+* https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-power-analysis/
 * https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/
 * https://raelize.com/blog/espressif-systems-esp32-bypassing-flash-encryption/
 * https://raelize.com/blog/espressif-systems-esp32-controlling-pc-during-sb/

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -182,6 +182,10 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 # TI
 
+## CC2510Fx
+
+* [Reverse engineering an e-ink display](https://zeus.ugent.be/blog/22-23/reverse_engineering_epaper/)
+
 ## MSP430
 
 * [Practical Attacks against the MSP430 BSL](https://fahrplan.events.ccc.de/congress/2008/Fahrplan/attachments/1191_goodspeed_25c3_bslc.pdf)

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -107,6 +107,10 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 * https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/
 
+## i.MX RT101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid
+
+* https://research.nccgroup.com/2022/11/17/cve-2022-45163/
+
 ## LPC
 
 * https://recon.cx/2017/brussels/resources/slides/RECON-BRX-2017-Breaking_CRP_on_NXP_LPC_Microcontrollers_slides.pdf

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -103,6 +103,10 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 * https://blog.quarkslab.com/vulnerabilities-in-high-assurance-boot-of-nxp-imx-microprocessors.html
 
+## i.MX with HAB < 4.3.7
+
+* https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/
+
 ## LPC
 
 * https://recon.cx/2017/brussels/resources/slides/RECON-BRX-2017-Breaking_CRP_on_NXP_LPC_Microcontrollers_slides.pdf

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -204,4 +204,5 @@ The list below is compiled to inform, guide, and inspire budding security resear
 * https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d
 * https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-the-theory/
 * https://elie.net/blog/security/hacker-guide-to-deep-learning-side-channel-attacks-code-walkthrough/
-* [Design Considerations for EM Pulse Fault Injection](https://www.esat.kuleuven.be/cosic/publications/article-3086.pdf)
+* [Design Considerations for EM Pulse Fault Injection](https://www.esat.kuleuven.be/cosic/publications/article-3086.pdf)
+* [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/2561)
diff --git a/imperfect-design.md b/imperfect-design.md
@@ -6,6 +6,12 @@ The list below is compiled to inform, guide, and inspire budding security resear
 
 * https://fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
 
+# Broadcom
+
+## BCM61650
+
+* https://blog.xilokar.info/pwning-the-bcm61650.html
+
 # Cypress
 
 ## CY8C21434

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -110,6 +110,7 @@ The list below is compiled to inform, guide, and inspire budding security resear
 ## LPC55S69
 
 * https://oxide.computer/blog/lpc55/
+* https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom
 
 # Qualcomm
 

diff --git a/imperfect-design.md b/imperfect-design.md
@@ -124,6 +124,14 @@ The list below is compiled to inform, guide, and inspire budding security resear
 * [Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis](https://tches.iacr.org/index.php/TCHES/article/download/8727/8327/)
 * [Shaping the Glitch: Optimizing Voltage Fault Injection Attacks](https://tches.iacr.org/index.php/TCHES/article/download/7390/6562/)
 
+## RL78
+
+* https://fail0verflow.com/blog/2018/ps4-syscon/
+
+## RX65
+
+* https://www.collshade.fr/articles/reneshack/rx_glitch_article.html
+
 # SiLabs
 
 ## EFM32 Gecko
No results found