Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.
This course has been heavily updated with new targets and new tooling for 2024 - this year featuring the open-source Faultier fault-injection tool & framework!
Have you ever encountered a device and wanted to dump its firmware, only to find out that the debug interfaces are locked? Have you ever tried to bypass a firmware signature verification without having to find a bootloader vulnerability first?
In this training you will learn how to use fault-injection to do just that. You will learn the basics of using voltage fault-injection to bypass a diverse set of protections, including re-enabling the debug interfaces on microcontrollers, bypassing firmware security measures and recovering cryptographic key material by using fault-injection.
You will build some of the most well-known fault-injection attacks, such as the STM32 RDP2 and RDP1 glitches used to recovery keys from crypto-wallets, the nRF52 APPROTECT glitch used to hack a lot of IoT devices, and more. We will also glitch a TrustZone-M enabled chip, showing that even a lot of hardware security features can be bypassed.
You will also learn how to characterize new targets: Found a chip in a device and want to know whether it's susceptible to glitching? In this course we will look at attacking new targets and building new attacks for new targets.
We will also look at how a chip is glitchable: What instructions can we glitch? With which precision? What are the side-effects we can create? Can we just skip, or can we also manipulate instructions?
You will also get a full fault-injection tool & get to keep multiple targets to repeat the attacks back home.
The training is based all around hands-on practical exercises: The attacks are performed on real, physical hardware, and students will be well equipped to perform the attacks on new targets in the future.
Students will learn how to:
On day one we will dive into the world of fault-injection: What is it, how does it work, what are famous examples of it? What can we achieve using fault-injection?
After the basic theory is covered, we will dive right into the deep end: The students will build their first attack using just a Raspberry Pi Pico and a MOSFET - the target: The Damn Glitchable Wallet, a crypto-wallet we built that is susceptible to glitching and a learning tool to learn the basics of fault-injection. We start by simply writing a for loop for glitching, and then slowly evolve into a fully featured glitcher with configurable triggering, delays, pulse-length, and nano-second precise glitches.
We will also look at triggering: What makes a good trigger, what can we commonly trigger on? And then we will try to glitch single instructions with a high reproducibility: How stable can we get our attack, and what type of checks and instructions can we bypass? We will target single-instructions, and learn how to build characterization payloads for a target.
On day 2 you get thrown into the cold water: You get an STM32 target, a debug probe, and a fault-injection tool. Your job is to apply what you learned on day 1: Use the datasheet to figure out where to glitch the target, build firmware for the target to see whether it's actually susceptible to glitching, and then characterize the different types of instructions we can glitch and which side-effects we can create.
Once we understand those things we will look at the bootloader of the chip and its protection levels. And after understanding how the bootloader works, we will attack it: We will lock the chip to read-out protection level 1, and build the RDP1 bootloader glitch, which allows us to read-out firmware. We will also learn a hard lesson: Sometimes chips will brick when glitching!
After exploiting the RDP1 bootloader we will then lock the chip to RDP2: The higher protection level that completely disables the debug interfaces - this is the famous glitch that was used in wallet.fail to dump the Trezor Crypto wallet! You will implement it - on your own but with our help - and perform the full attack on a fully locked chip. Can you dump the seed?
On day 3 we start out with the nRF52 on our totally-not-AirTag-inspired GlitchTag: The nRF52 is one of the most commonly found IoT microcontrollers, and we will learn how to use a power-sidechannel to identify where to glitch the nRF52 to bypass its APPROTECT protection - again dumping the firmware and re-building the AirTag glitch.
Afterwards we will look at combining side-channels and glitching - electro magnetic fault-injection in this case. How to use a power or EM trace to identify glitching locations, and how to trigger on them. We will also use the PicoEMP to perform some simple electro-magnetic glitches.
We will also take a (virtual) look at glitching processors beyond microcontrollers: We will look at glitching SoCs (such as the Tegra used in the Nintendo Switch) and the challenges involved with doing so.
Finally we will look at firmware and hardware based countermeasures: Chips with glitch monitors, and firmware patterns that help mitigate fault-injection attacks.
Students need to bring a laptop capable of running a virtual machine in VMware Player/Workstation/Fusion. Please avoid VirtualBox if possible. Windows 10 & 11 as well as macOS >12 are supported. If you use Linux, please make sure you have a good understanding on how to forward different types of USB devices to your VM (udev & co).
The laptop must have at least two (free) USB-A ports (or a USB-C dongle providing at least two USB-A ports)
Thomas Roth, also known as stacksmashing, is a security researcher with focus on embedded systems. His published research includes research on vulnerabilities in microcontrollers, hardware wallets, industrial systems, TrustZone and mobile devices. He is also well known for publishing educational material on his YouTube channel “stacksmashing”, and released a lot of open-source hardware security tools, such as the chip.fail glitcher.t