De-compilation of nrf 52840 bin file - released for update via DFU over serial

Generating bin files using public key for field update via DFU-  following the standard nrf steps for generating zip file (.dat & .bin files)

 bin files will be deployed in the Window PC for updating the devices.

bin files contains master key as a part of code (our confidential key).

  1.  Query :1. Can someone de-compile the bin file and generate the code (c code): If yes then how if not why ?
  2. Query 2: Can someone extract the master key without de-compiling the bin :If yes then how if not why?
  • Hi, 

    1. You can decompile the binary. That won't give you your source code, but it'll give you some source code with the same behavior. See this post. You can search on the internet for the tool. 

    2. No, The upgrade consists of two parts: An init file (the .dat file), and the firmware itself (the .bin file). The private key is used for signing the upgrade. The private key is not placed in any of the files but is only used for generating a signature. The signature is then put in the init file (the .dat file) in the "signature" field of that init file. The public key is used for verifying the signature. It is compiled into the bootloader. What this means in practice, is if the update is a SoftDevice or application update there will be no keys in the bin file at all. If it is a bootloader update, then the public key should be part of that bin file (but not as a result of nrfutil. The key should have been added to the bootloader project itself before it was compiled.)

    Regards,
    Amanda H.

  • Hi , in query 2 , we are talking about some secret (master key) kept in code which we will use it for our own functionality nothing to do with private-public key logic. So can some one fetch this key with or without de-compilation from bin file ?

Related