Glitching in 3D: Low cost EMFI attacks
Matthew Alt - Saturday, 24 February - 45 Mins
BOOK YOUR TICKETWATCH THE TALK
ABSTRACT
This work describes the process of performing a new fault injection attack. We begin with the test firmware we used to dial in the physical glitch parameters such as location, placement, etc. After dialing in these glitch parameters for maximum consistency, we target the boot ROM of the STM32F4. To determine where to place the glitch, we review the power trace of the boot ROM and an extracted boot ROM in ghidra. The first section of the talk will focus on traditional voltage glitching and power trace analysis.
After demonstrating that a readout protection bypass is possible via voltage glitching, we will discuss the risk of these attacks and how they can permanently damage devices. Given this risk, we attempted to trigger the same glitch with an EMP instead of a traditional voltage glitch. Performing an EMFI attack introduces new variables, probe shape, placement, and pulse shape, to name a few.
While some tools exist to help instrument and perform EMFI attacks, they are prohibitively expensive and require bespoke training and extensive experience. We wanted to complete one of these attacks as cheaply as possible and utilize open-source hardware for the instrumentation of the EMP probe, leading us to use the PicoEMP to generate the EMP and a 3D printer to automate the positioning and placement of the probe.
After 3D printing a custom bracket for the EMP and developing software to control the printer, we could automate glitch data collection while instrumenting the X/Y/Z coordinates of the probe. We determined the optimal probe placement for performing our previously discovered RDP bypass using the resulting data. A portion of this talk will review that data and some of the tools we developed to help visualize the data collection results to determine optimal probe placement.
Using the probe placement data generated from our testing, we developed a consistent RDP bypass for the STM32F4 via a targeted EMP using the power trace analysis from our first glitch. This attack allowed for flash readout capabilities on locked STM32F4 processors. We also will discuss how we've used these tools and resulting workflows to target other microcontrollers, such as the Nuvoton M032 series.
After this talk, we will release the Jupyter notebooks, libraries, tools used to instrument the 3D printer, and the ChipWhisperer Husky and PicoEMP. We will also publish a long-form write-up (blog post) describing the process.
ABOUT THE AUTHOR
Matthew began his reverse engineering career in the aftermarket automotive industry, searching for vulnerabilities in engine control units' diagnostic protocol implementations. Next, he worked at MIT Lincoln Laboratory, where he led a team focused on embedded systems analysis.
While at MIT, Matthew was awarded the Outstanding Contributor Award for his technical contributions. You can find other examples of his work and teaching style on his personal blog, the VSS research blog and through the free Ghidra course he authored at Hackaday.