GET /congress/2025/event/1bbd6873-6f69-59a8-8eb2-926acc763d7e/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": "1bbd6873-6f69-59a8-8eb2-926acc763d7e",
"kind": "official",
"name": "Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot",
"slug": "of-boot-vectors-and-double-glitches-bypassing-rp2350-s-secure-boot",
"url": "https://api.events.ccc.de/congress/2025/event/1bbd6873-6f69-59a8-8eb2-926acc763d7e/?format=api",
"track": "security",
"assembly": "ccc",
"room": "7202df07-050c-552f-8318-992f94e40ef0",
"location": null,
"language": "en",
"description": "The RP2350 is one of the first generally available microcontrollers with active security-features against fault-injection such as glitch-detectors, the redundancy co-processor, and other pieces to make FI attacks more difficult.\r\n\r\nBut security on paper often does not mean security in real-life. Luckily for us, Raspberry Pi also ran the RP2350 Hacking Challenge: A public bug bounty that has exactly these attacks in-scope. During the hacking challenge 5 different attacks were found on the secure-boot process - one of which was shown at 38C3 by Aedan Cullen.\r\n\r\nIn this talk, we talk about all successful attacks - including laser fault-injection, a reset glitch, and a double-glitch during execution of the bootrom - to show all the different ways in which a chip can be attacked.\r\n\r\nWe also talk about the awesomeness of an open security-ecosystem for chips: Raspberry Pi was very transparent on the findings, and worked with researchers to improve the new revision of the chip.",
"schedule_start": "2025-12-27T16:00:00+01:00",
"schedule_duration": "01:00:00",
"schedule_end": "2025-12-27T17:00:00+01:00"
}