Breaking News

Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)


One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.

This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.

Schematic of an EM injector built from a camera flash.
Schematic of an EM injector built from a camera flash.

His final trick is to take a look at glitching by EM injection using an electromagnetic pulse. Here he takes us into a much lower-tech direction, as while he shows us his ChipShouter product the main thrust of the segment comes in demonstrating a much more rudimentary but cheaper EM injector built from the parts of a disposable camera flash. From an electronic design perspective the interesting part comes in the probe and its trigger, an IGBT is used to pulse a small coil mounted on an SMA plug. Here the target is a Raspberry Pi running repeated RSA signing test code, and even the simpler EM injector is able to crash it and extract the keys. He wraps up with a few smaller examples of the same technique on microcontrollers, and even mentions that the same technique can yield results from such rudimentary tools as an electrostatic gas lighter.

Whether this talk inspires you to break out the piezo lighers, cobble together a simple glitching rig yourself, to invest in a ChipWhisper, or none of the above, Colin’s talk sheds some light on another of our community’s Dark Arts.

Read full news from source

No comments