Glitching in 3D: Low cost EMFI attacks

  Saturday, 24 February

  45 mins

DESCRIPTION

This work describes the process of performing a new fault injection attack. We begin with the test firmware we used to dial in the physical glitch parameters such as location, placement, etc. After dialing in these glitch parameters for maximum consistency, we target the boot ROM of the STM32F4. To determine where to place the glitch, we review the power trace of the boot ROM and an extracted boot ROM in ghidra. The first section of the talk will focus on traditional voltage glitching and power trace analysis.

After demonstrating that a readout protection bypass is possible via voltage glitching, we will discuss the risk of these attacks and how they can permanently damage devices. Given this risk, we attempted to trigger the same glitch with an EMP instead of a traditional voltage glitch. Performing an EMFI attack introduces new variables, probe shape, placement, and pulse shape, to name a few.

While some tools exist to help instrument and perform EMFI attacks, they are prohibitively expensive and require bespoke training and extensive experience. We wanted to complete one of these attacks as cheaply as possible and utilize open-source hardware for the instrumentation of the EMP probe, leading us to use the PicoEMP to generate the EMP and a 3D printer to automate the positioning and placement of the probe.

After 3D printing a custom bracket for the EMP and developing software to control the printer, we could automate glitch data collection while instrumenting the X/Y/Z coordinates of the probe. We determined the optimal probe placement for performing our previously discovered RDP bypass using the resulting data. A portion of this talk will review that data and some of the tools we developed to help visualize the data collection results to determine optimal probe placement.

Using the probe placement data generated from our testing, we developed a consistent RDP bypass for the STM32F4 via a targeted EMP using the power trace analysis from our first glitch. This attack allowed for flash readout capabilities on locked STM32F4 processors. We also will discuss how we've used these tools and resulting workflows to target other microcontrollers, such as the Nuvoton M032 series.

After this talk, we will release the Jupyter notebooks, libraries, tools used to instrument the 3D printer, and the ChipWhisperer Husky and PicoEMP. We will also publish a long-form write-up (blog post) describing the process.