As modern devices become more secure, hardware based fault injection methods including Electromagnetic Fault Injection (EMFI) are gaining traction. They become an important tool to bypass modern security mechanisms and perform further security research like firmware reverse engineering. However, hardware hacking setups are often expensive and inaccessible due to the limited amount of open-source hardware, software and available information. There have been efforts towards improving this, but so far, no publication presented a complete solution. In this talk, we present an accessible EMFI setup based on open-source hardware and software and prove its effectiveness against modern IoT targets. We describe the whole setup, the design considerations that went into it, release circuit diagrams and code, as well as presenting the first successful instruction skips on the latest ultra-low-power Espressif ESP32-C3 IoT System-On-Chip (SoC), which could be applied against its secure boot implementation, firmware encryption or hardware flag checks.
I am a PhD student at SEEMOO, Darmstadt. Main focus is on low-level security, including previous research on driver layer in iOS & macOS and physical fault injection.
Always been taking things (including software) apart, looking inside and tinkering with electronics. So both the hacker mindset, as well as my love for everything hardware-related come naturally.