As part of my ongoing research into fault injection techniques, my current goal is to understand and successfully use fault injection in a target SoC with minimal modification to the board, which would reduce the entry barrier for performing an attack and minimize potential damage to the target board.
I chose the well-known nRF52 family, known for its unpatchable vulnerability that allows re-enabling SWD access. For this, I have been using the ESP32_nRF52_SWD glitcher, which is affordable at around $100. This setup allows me to easily introduce faults into the target system and observe the effects.
As part of this process, I moved from soldering to using a set of PCBites, which work well for this application (I may later post about when and where these pogo- pin-like needles are useful or not recommended). The ease of use provided by these tools has significantly reduced the time spent on setting up my experiments.
The next step was trying to successfully glitch the device with the fewest number of capacitors removed. At this stage, I had to remove the capacitor connected to DEC1 because I wasn’t able to correctly identify the glitching point; I could have tried going completely blind, but I decided to remove one capacitor and leave the other connected to VCC.
If we zoom in on the red section on the left, we can observe that it’s a few moments before the voltage drops slightly. According to the available online information, this is the precise moment when the glitch needs to be injected to be successful.
After running several hours’ worth of experiments, adjusting timing parameters, I realized that I might need to remove the other capacitor. Before doing so, I wanted to check what would happen if instead of using a crowbar circuit (N-Channel MOSFET), I used an analog CMOS switch like the MAXIM4619. Below is a shot of the messy setup using the switch (IC on the top left corner of the bread board).
I had always had the impression, after reading many papers, that a crowbar circuit was superior due to their timing and current characteristics. However, to my surprise, after a few minutes of starting the experiment with the new setup, the SWD interface was unlocked! So, what happened?
Without being 100% certain, as you can see below by comparing both images (first crowbar and second switch), there is a main difference that I think was responsible for the result. It’s the ringing effect when the glitching point returns to its regular voltage. As can be seen, using the switch results in a higher overvoltage when the switch changes position, which could have allowed generating an internal current bypassing the filtering provided by the capacitor.
The left image shows the induced glitch using a crowbar circuit, while the right one depicts the glitch generated by an analog CMOS switch. There are a couple of evident differences between these two setups: the ground level appears to be slightly different, and the switch version exhibits a higher overvoltage.
I find this result quite interesting and it makes me want to explore more the differences between both techniques and other collateral interactions.
Let’s see where this gets us!
Would you like to receive notifications about new posts?