Gary
I wrote a blog post about the security of the STM32H730 microcontroller used in the Nintendo Alarmo. There's a vulnerability that allows dumping the protected secure bootloader of the STM32H730.
You can read more about it here: https://garyodernichts.blogspot.com/2025/11/privileged-arbitrary-code-execution-on.html
Privileged Arbitrary Code Execution on STM32H73XXX microcontrollers

This is somewhat of a follow-up to the Nintendo Alarmo blog post from last year. This time the blog post is about the security of the STM32H...

Nov 13 at 5:26pmWeb
Show threadAndyNov 13

@garyodernichts
> The only way to reset the readout protection seems to be by performing a full power-cycle, which will also erase any RSS commands in DTCM.

Try "glitching" the power like it's done on this exploit and maybe cool down the chip to increase SRAM remanence. Would that help? That could clear the RDP lock and leave RSS commands in memory.

https://www.usenix.org/system/files/woot20-paper-obermaier.pdf (Section 7.4)
Implementation: https://github.com/CTXz/stm32f1-picopwner

Show threadGaryNov 13
@G33KatWork
I have thought about doing something like that, haven't tried it yet though. If the RDP status gets cleared while keeping the contents of DTCM, it should work.
Show threadAndyNov 13
@garyodernichts I am battling RDP1 of an F7 right now and recently read the paper (which unfortunately doesn't work on a Cortex-M7, because the FPB has no remapping feature), so that just immediately came to mind while reading your blog post. There are multiple implementations of that F1 exploit on Github. Allegedly it also works on an F3 and F4.