Lmst

Following up on my previous blogpost, I got some people asking to clarify how to connect the Analog CMOS to the ESP32 glitcher so I listened to them. I hope this helps everyone trying to reproduce the results!

https://www.gabrielcybersecurity.com/fault-injection-iii-connecting-the-maxim4619/

#cybersecurity #faultinjection

Oops..! I Glitched It Again! How to Multi-Glitch the Glitching-Protections on ARM TrustZone-M

Xhani Marvin Saß ,Richard Mitev, Ahmad-Reza Sadegh

https://arxiv.org/pdf/2302.06932

#hardwarehacking #glitch #faultinjection

Starting the week by shipping out some Hardware Benches to our customers 🚛

#SideChannel #cybersecurity #hardware #faultinjection

hardware bench for side-channel analysis and electromagnetic fault injection

BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks

https://colinoflynn.com/2020/11/bam-bam-on-reliability-of-emfi-for-in-situ-automotive-ecu-attacks/

@colinoflynn

#hardwarehacking #hacking #faultinjection

Low-Cost Body Biasing Injection (BBI) Attacks on WLCSP Devices

https://eprint.iacr.org/2020/1228.pdf

https://github.com/newaetech/chipjabber-basicbbi

@colinoflynn

#hardwarehacking #hacking #faultinjection #glitchattacks

Laser Fault Injection on a Budget: RP2350 Edition

This article details the development of a custom laser fault injection platform to bypass the Secure Boot feature of the RP2350 microcontroller.

https://courk.cc/rp2350-challenge-laser

#hardware #faultinjection

Currently trying to solder probes to a mainboard's RAM DIMM connectors to try memory fault injection. Soldering 100+ wires is a huge pain, would anyone know of an existing interface/PCB with pogo pins/something that could make my life simpler?

Or are there tricks to batch-solder such a quantity of small wires?

#hardware #soldering #faultinjection

Backside of a computer Mainboard with some wires soldered to its ram connector pins

Ich denke noch über den #BitLocker Talk nach und die Hacks mit #FaultInjection.

Vielleicht ist die Variante mit #TPM + PIN auch keine Alternative. Bleiben noch USB-Stick oder ein Passwort zur #Verschlüsselung.

#38C3
https://www.tomshardware.com/news/amd-tpm-hacked-faultpm

Great talk by Aedan Cullen (@aedancullen) at #38c3 on breaking security on the #RP2350 by glitching the OTP VDD.

https://streaming.media.ccc.de/38c3/relive/625

I expect the bus between the state machine and OTP is like Wishbone or M68K and has a request and an acknowledge, and the data is latched on the ACK. No ACK? Guard word stays in the latch.

#ICRE #ICReverseEngineering #FaultInjection

SIFA-based attacks on AES

This repository contains scripts designed to experiment with SIFA-based attacks on symmetric cryptography implementations, specifically AES.

https://github.com/jogolden/sifatools

#crypto #faultinjection

In my recent post https://gabrielcybersecurity.com/fault-injection-i-crowbar-circuit-vs-analog-cmos-switch/ I describe my last experiments on the known vulnerability of the nRF52 family. I ended up using an analog CMOS switch (MAXIM4619) which yielded surprising results!

#faultinjection #embedded #cybersecurity

The fault injection library (PicoGlitcher, Chipwhisper etc) was just updated with the results of me playing around with my PicoGlitcher yesterday evening. This info comes from actual glitches against a so-far unnamed IoT device based on the STM32F412.

https://github.com/MKesenheimer/fault-injection-library/tree/master/stm32f412-glitching

Summary:

1) No, it's not realistic to glitch ReadMemory to read out the internal flash from these devices with the known methods.

2) Still fun though and why not study the v3.1 bootloader intensely?

#ReverseEngineering #FaultInjection