Explore fault injection attacks on popular IoT processors using affordable equipment in this Black Hat conference talk. Delve into voltage glitching techniques for flash and RAM reads, learn the three steps to successful attacks, and understand power domains and capacitor removal challenges. Discover the chip.fail glitcher, including its FPGA bitstream and host control via Jupyter Notebook. Examine glitching results on nRF52840 and ESP32 processors, and investigate the $5 glitcher option. Analyze STM32 Read-out Protection (RDP) and bootrom dumping techniques, focusing on the STM32F2 boot process and power consumption. Learn about parameter adjustments, successful data extraction, and explore defense options against these attacks. Gain insights into the silicon vulnerabilities of the connected world and acquire knowledge of software and hardware tools for conducting fault injection attacks.
Chip.Fail - Glitching the Silicon of the Connected World
Overview
Syllabus
Intro
Takeaways
Why is this getting important?
Voltage glitching: Flash reads
Voltage glitching: RAM reads
Three steps to success
Power domains
Removing capacitors: Problem...
The chip.fail glitcher
Digilent Cmod A7
MAX PMOD
Hooking it up
The glitcher
FPGA Bitstream
Host control: Jupyter Notebook
Host control: Example glitcher
nRF52840: Test firmware
Glitching results
ESP32: Glitching
The 5$ Glitcher...
Previous work
STM32 Read-out Protection (RDP)
Dumping the bootrom
Let's apply our methodology
Bootrom Glitching
STM32F2 Boot process (1.4ms)
Power consumption after reset (200)
Parameters
Dumping the money!
The STM32F2 Glitcher
Options for defense
Conclusion
Taught by
Black Hat
