It appears that the Raspberry Pi RP2350 Hacking Challenge has been successfully cracked. Engineer Aedan Cullen has presented his findings at the 38th Chaos Communication Congress (38C3) and has published a GitHub repository with details of his hacking process and Python code.

Cullen's approach involved a voltage injection glitch attack on pin 53 of the RP2350 chip, which managed to enable the 'permanently disabled' RISC-V cores and their debug access port. This allowed him to read the secret stored in the OTP (One Time Programmable) memory of the chip.

The RP2350 was introduced as a successor to the RP2040 with additional security features such as Secure Boot, TrustZone, Redundancy Coprocessor (RCP), and Glitch Detectors. The challenge was to uncover a secret hidden within the OTP memory of the RP2350, with the winner set to receive a $20,000 prize.

Cullen's method focused on the RP2350's boot process and security settings, particularly the OTP. He isolated pin 53, which is connected to OTP functions, and performed a series of voltage injections to exploit a vulnerability in the RISC-V cores. This resulted in the successful unlocking of the debug functionality and the reading of the secret from the OTP memory.

The hack has implications for the security of the RP2350 and similar microcontrollers. Cullen's presentation at 38C3 highlighted the importance of human communication factors in security, noting that the 'permanent' disablement of features is not secure unless the chip is physically destroyed.