Get Your Glitch on With a PicoEMP and a 3D Printer
Aaron Christophel has crafted an innovative automated chip glitching setup, which we’re calling the “Glitch-o-Matic 9000.” This device, built from a 3D printer, isn’t a commercial product or designed for repeated use but rather a tactical, proof-of-concept build that showcases some impressive capabilities.
The project began with a preliminary exploration, as shown in Aaron’s first video. He assembled and tested the main components, including a PicoEMP, which generates high-voltage pulses to temporarily scramble a running microcontroller, a ChipWhisperer, and an oscilloscope. The target chip for this endeavor was an LPC2388 microcontroller. The initial manual setup required Aaron to physically move the PicoEMP over the chip to find the glitch points, a tedious and error-prone task.
To automate this process, Aaron mounted the PicoEMP on his 3D printer, providing three-axis control over the tip’s position. This allowed him to create a heat map of potential glitch spots, eventually leading to a successful fault injection attack and a clean firmware dump, as demonstrated in his second video. This automation significantly improved the precision and efficiency of the glitching process.
The extreme measures Aaron took were necessary due to the LPC2388 microcontroller’s resilience against power supply-induced glitching attacks. While the Glitch-o-Matic 9000 may not be something everyone needs, it’s a powerful reminder of the ingenuity required to tackle tough challenges in hardware security. This project not only highlights the potential of automated glitching setups but also provides valuable insights for anyone facing similarly resilient targets.
Read more: Get Your Glitch on With a PicoEMP and a 3D Printer