A veteran embedded systems architect shares war stories from building a cryptographic UKey device on a 12KB SRAM chip (SSX45/C*Core C340) between 2012–2017. The post covers five major battles: enforcing static-only memory allocation with MR_STATIC 32 and manual mrkill calls to fit ECC/SM9 cryptography into 576 bytes; debugging a MicroLib timezone bug that corrupted the Link Register via misaligned STRD instructions; tunneling data through USB HID to bypass ATM kernel driver whitelists; hunting a hardware ghost where data byte 0xE3 triggered a firmware reset command (an in-band signaling vulnerability analogous to SQL injection); and diagnosing a __cdecl/__stdcall calling convention mismatch that caused a 28-byte stack fissure crashing an ATM host at loop iteration z=7. The author draws parallels between these low-level lessons and modern Web3/DeFi security concerns, arguing that true security sovereignty comes from understanding physical hardware boundaries rather than stacking API gateways.
Sort: