AE
#SySS #glitching #iCEstick

Voltage Glitching Attack using SySS iCEstick Glitcher

SySS Pentest TV
850
181 views

Transcript

The interactive transcript could not be loaded.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 30, 2020

In this SySS (https://www.syss.de/) proof-of-concept video, an example of a voltage glitching attack is demonstrated using the developed iCEstick Glitcher for a Lattice iCEstick Evaluation Kit [1].

A voltage glitching attack is considered a non-invasive hardware fault injection attack, in which an attacker tries to manipulate the behavior of a targeted device in a beneficial way by modifying its supply voltage.

By triggering a successful glitch, it may be possible to bypass security features like read-back protections, to activate disabled debug interfaces, or to bypass authentication or integrity checks.

In this demo video, a security vulnerability in the code read protection (CRP) feature of NXP LPC-family microcontrollers is exploited which was found and published by Chris Gerlinsky in 2017 [2].

Our simple voltage glitcher implementations iCEstick Glitcher [3] and iCEBreaker Glitcher [4] are based on and inspired by Dmitry Nedospasov's FPGA-based Arty Glitcher [5] which was also published in 2017 together with a blog article series [6-8] and by Grazfather's glitcher [9, 10] for the iCEBreaker FPGA.

[1] Lattice iCEstick Evaluation Kit
http://www.latticesemi.com/icestick)

[2] Breaking Code Read Protection on the NXP LPC-family Microcontrollers, Chris Gerlinsky, 2017
https://recon.cx/2017/brussels/resour...

[3] SySS iCEstick Glitcher, Matthias Deeg, SySS GmbH, 2020
https://github.com/SySS-Research/ices...

[4] SySS iCEBreaker Glitcher, Matthias Deeg, SySS GmbH, 2020
https://github.com/SySS-Research/iceb...

[5] Toothless Arty-Glitcher, Dmitry Nedospasov, Toothless Consulting, 2017
https://github.com/toothlessco/arty-g...

[6] NXP LPC1343 Bootloader Bypass (Part 1) - Communicating with the bootloader, Dmitry Nedospasov, Toothless Consulting, 2017
https://toothless.co/blog/bootloader-...

[7] NXP LPC1343 Bootloader Bypass (Part 2) - Dumping firmware with Python and building the logic for the glitcher, Dmitry Nedospasov, Toothless Consulting, 2017
https://toothless.co/blog/bootloader-...

[8] NXP LPC1343 Bootloader Bypass (Part 3) - Putting it all together, Dmitry Nedospasov, Toothless Consulting, 2017
https://toothless.co/blog/bootloader-...

[9] Grazfather's glitcher for the iCEBreaker, Grazfather, 2019
https://github.com/Grazfather/glitcher

[10] Glitching the Olimex LPC-P1343, Grazfather, 2019
http://grazfather.github.io/re/pwn/el...

#SySS #glitching #iCEstick

When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to