At Black Hat USA 2019 we presented our research on glitching standard microcontrollers using equipment of less than a 100 US dollars. The slides of our talk can be found here.
The targets we were able to glitch during our research include, but are not limited to:
- STMicroelectronics STM32F2 (incl. a vulnerability that allows downgrading the read-out protection)
- Espressif ESP32
- Microchip SAM L11 Secure Microcontroller
- Microchip SAM D21
- Nordic Semiconductor nRF52840
The goal of chip.fail is to provide hardware developers and hardware auditors with an easy-to-use framework for testing the susceptability of chips for glitching.
The chip.fail glitcher is based on an FPGA module produced by Digilent:
As multiplexer for providing interruptable power and for controlling the glitch-pulse, we use the Maxim MAX4619 Multiplexer, for which we have designed a custom PCB that plugs right into the Cmod A7. Feel free to ask us (in person or by e-mail) for a PCB, the schematic & design files can also be found here:
A power-supply is used to feed in the core voltage to the CPU. In our case, we used the DSP3003/DPS3005/DPS5005 power supplyes that can be found for cheap on sites like Amazon, Alibaba etc.
The source-code for FPGA can be found here, it also includes the Jupyter Notebooks used to control the glitcher: