Following up on my previous blogpost, I got some people asking to clarify how to connect the Analog CMOS to the ESP32 glitcher so I listened to them. I hope this helps everyone trying to reproduce the results!

https://www.gabrielcybersecurity.com/fault-injection-iii-connecting-the-maxim4619/

Using the ESP8266 for Low-Cost Fault Injection - As a general concept, fault injection is a technique that studies how a system rea... - https://hackaday.com/2025/01/15/using-the-esp8266-for-low-cost-fault-injection/ #voltageglitching #faultinjection #securityhacks #toolhacks #esp8266

Currently trying to solder probes to a mainboard's RAM DIMM connectors to try memory fault injection. Soldering 100+ wires is a huge pain, would anyone know of an existing interface/PCB with pogo pins/something that could make my life simpler?

Or are there tricks to batch-solder such a quantity of small wires?

Great talk by Aedan Cullen (@aedancullen) at #38c3 on breaking security on the #RP2350 by glitching the OTP VDD.

https://streaming.media.ccc.de/38c3/relive/625

I expect the bus between the state machine and OTP is like Wishbone or M68K and has a request and an acknowledge, and the data is latched on the ACK. No ACK? Guard word stays in the latch.

In my recent post https://gabrielcybersecurity.com/fault-injection-i-crowbar-circuit-vs-analog-cmos-switch/ I describe my last experiments on the known vulnerability of the nRF52 family. I ended up using an analog CMOS switch (MAXIM4619) which yielded surprising results!

Use PicoGlitcher For Voltage Glitching Attacks - We see a fair few glitcher projects, especially the simpler voltage glitchers. Sti... - https://hackaday.com/2024/10/30/use-picoglitcher-for-voltage-glitching-attacks/ #voltageglitching #faultinjection #securityhacks #voltageglitch #toolhacks #pipico #rp2040

The fault injection library (PicoGlitcher, Chipwhisper etc) was just updated with the results of me playing around with my PicoGlitcher yesterday evening. This info comes from actual glitches against a so-far unnamed IoT device based on the STM32F412.

https://github.com/MKesenheimer/fault-injection-library/tree/master/stm32f412-glitching

Summary:

1) No, it's not realistic to glitch ReadMemory to read out the internal flash from these devices with the known methods.

2) Still fun though and why not study the v3.1 bootloader intensely?

Laser Fault Injection, Now With Optional Decapping - Whether the goal is reverse engineering, black hat exploitation, or just simple cu... - https://hackaday.com/2024/09/20/laser-fault-injection-now-with-optional-decapping/ #reverseengineering #faultinjection #laserhacks #decapping #ablation #package #silicon #epoxy #laser #die

me buddy Janne dropped part 2 of his laser #faultinjection blog!

https://blog.fraktal.fi/laser-fault-injection-for-the-masses-part-2-b86a42fd28a1

Laser Fault Injection on the Cheap - One can only imagine the wonders held within the crypto labs of organizations like... - https://hackaday.com/2024/08/09/laser-fault-injection-on-the-cheap/ #laserfaultinjection #reverseengineering #faultinjection #galvanometer #glitching #galvo #lfi

sharing is caring! great work by my buddy here:

https://blog.fraktal.fi/laser-fault-injection-for-the-masses-1860afde5a26

Get Your Glitch on With a PicoEMP and a 3D Printer - We’re not sure what [Aaron Christophel] calls his automated chip glitching setup b... - https://hackaday.com/2024/08/03/get-your-glitch-on-with-a-picoemp-and-a-3d-printer/ #reverseengineering #faultinjection #chipwhisperer #picoemp #glitch #emfi

Glitching An ATMega328P Has Never Been Simpler - Did you know just how easily you can glitch microcontrollers? It’s so easy, you re... - https://hackaday.com/2024/06/03/glitching-an-atmega328p-has-never-been-simpler/ #microcontrollers #voltageglitching #faultinjection #securityhacks #voltageglitch #eminjection #atmega328p #glitching #how-to #attack #glitch

#PicoEMP #ChipShouter-PicoEMP
#FaultInjection #EMFI

https://github.com/newaetech/chipshouter-picoemp

faulTPM: Forscher knacken Bitlocker per Angriff auf AMD-TPM
#ITSicherheit #AMDRyzen #AMDSecurityProcessor #AMDTPM #Bitlockerknacken #BruteForce #FaultInjection #faulTPM #fTPM #RobertBuhren #ZenCPU https://tarnkappe.info/artikel/it-sicherheit/faultpm-forscher-knacken-bitlocker-per-angriff-auf-amd-tpm-274099.html

Cool secure boot bypass by fault injection in ESP32 CPUs

https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/

Happy Friday folks! Here are some slides on fault injection:

https://wrongbaud.github.io/replicant-slides/

Feel free to ping me with any questions, corresponding blog post is here:

https://voidstarsec.com/blog/replicant-part-1

​ finally seems to be flat-lining, trying out this new mastodon thing...

#introduction, for peeps I've not met prior via my bird app handle @ntpopgetdope. I'm a vulnerability researcher that's worked in the industry professionally for >4yrs

My background stems from an obsession with #windowsinternals & the vastly underrated 'HAL.dll'. These days I'm into baseband vuln research working on obscure hardware, architectures & attacks. Love chatting about all things:
#fpga #uefi #baseband #faultinjection #openhardware #embeddedelectronics #pcbdesign and #cats !

Currently with the @InterruptLabs crew, a boutique vulnerability research & exploit development firm in the UK.

RT @colinoflynn@twitter.com

Come see how EMFI to bypass secure boot feels like magic at booth 4-153, embedded world #ew20 #faultinjection