Close

May 30 2024: Successful glitches

A project log for PicoGlitcher v2

A hardware device to carry out voltage glitching attacks against microcontrollers with a Raspberry Pi Pico

matthias-kesenheimerMatthias Kesenheimer 05/31/2024 at 19:290 Comments

During the last days I refined the software and I added example scripts to attack ESP32 and STM32 processors.

The library works and is able to produce reliable glitches. First I tried to reproduce results that were previously published by Sec-Consult. In this scenario the read-out protection (RDP) of STM32 microcontrollers is attacked during the bootloader stage. If a glitch is successful, the RDP level can be reduced and thus the internal flash memory be dumped. The above figure shows a successful glitching campaign. On the x-axis the glitch delay in nanoseconds is shown. This is the time between the trigger and the point in time were the glitch is set. The y-axis shows the duration of the glitch (length) in nanoseconds. The longer this time is, the more aggressive is our glitch and the target is more likely to fail. 

Points in green and yellow are expected behavior or communication errors (not shown in the plot). Magenta and red points are successful glitches and successful memory dumps. With this setup we reach a success rate of about 0.2% which is considered good.

Since the PicoGlitcher hardware is not ready yet, the attack was made in this case with the ChipWhisperer Pro.

Discussions