image image
Adam Laurie, Grzegorz Wypych

EMFI and Voltage Fault injection attacks with Raiden

Trainers: Grzegorz Wypych & Adam Laurie

Date: 5-8 July 2021 (5hrs for 4days)

Time: 9:00am to 2:00pm PDT

Platform : Zoom + Discord


This 4-day training is focused on learning fault injection techniques using our own pulse generator - Raiden (open sourced during Black Hat Asia 2020). We build it, we know it inside out, and we can share this knowledge with students. During training we want to teach you not only how to use Raiden but also how to apply gained knowledge for real attack scenarios. We want to show you attack vectors like: Voltage glitching, Electromagnetic Field Injection. You will learn how to build test setup, trigger fault injection attacks on UART/USB packets. Labs will include real CVEs reported in 2020 by us.

Hardware Targets

NXP 11xx series, STM32CubeX Microcontrollers

Target Audience

  • security researches
  • embedded developers who want to understand how bootloader architecture issues could impact security
  • everyone who wants to learn how hackers may reverse engineer and exploit your product


  • Know your tools: Oscilloscope, Raiden, USB hardware triggering, Logic Analyzer, GDB
  • Bootloader reverse engineering for profit
  • Understanding use of Differential Power Analysis for more accurate timing
  • Understand where and how apply voltage/EMFI glitching attacks
  • Understanding how to use manuals to find flaws and potential attack vectors
  • Understand how USB2 descriptors works
  • Building custom tools in Python to support device recon


  • Connecting tools and targets
  • Recompiling and upgrading libUSB library to support USB glitching attacks
  • Reverse engineer USB device library and find attack vectors
  • Bypassing CRP3 protection on NXP microcontrollers
  • Firmware recovery on protected NXP microcontrollers
  • Reverse engineer USB device library and find attack vectors
  • Attacking USB device library for memory leaks
  • Bypassing authentication using UART as trigger

Note: Labs will be available remotely via VPN access. Students will have chance to work with advanced devices and configurations in order to solve provided challenges and tasks. Labs will include real vulnerabilities with CVEs that trainers found during they research work. This will give students necessary skills to start their own hardware research journey after training and ability to reuse gained skills

Class requirements

  • Understanding of reverse-engineering hardware and software (basic knowledge)
  • Basic knowledge of IoT and/or embedded systems security
  • Understanding of C language and python scripting skills
  • Laptop with network access


Grzegorz Wypych is a 37 year old security researcher, tool inventor, speaker at, SecurityPWNing - Poland. He specializes in reverse engineering binaries and fault injection attacks. He is the author of blogs on, reporting 0-day vulnerabilities for IoT devices. Before joining X-Force Red, he worked as a Software Developer and Network Engineer/Architect.

Adam Laurie is an old school hacker, DEF CON Quartermaster who specializes in embedded systems and OTA protocols. He also runs the hardware live hacking contest called Hardpwn at