In this SySS (https://www.syss.de/) proof-of-concept video, an example of a voltage glitching attack is demonstrated using the developed iCEstick Glitcher for a Lattice iCEstick Evaluation Kit [1].
A voltage glitching attack is considered a non-invasive hardware fault injection attack, in which an attacker tries to manipulate the behavior of a targeted device in a beneficial way by modifying its supply voltage.
By triggering a successful glitch, it may be possible to bypass security features like read-back protections, to activate disabled debug interfaces, or to bypass authentication or integrity checks.
In this demo video, a security vulnerability in the code read protection (CRP) feature of NXP LPC-family microcontrollers is exploited which was found and published by Chris Gerlinsky in 2017 [2].
Our simple voltage glitcher implementations iCEstick Glitcher [3] and iCEBreaker Glitcher [4] are based on and inspired by Dmitry Nedospasov's FPGA-based Arty Glitcher [5] which was also published in 2017 together with a blog article series [6-8] and by Grazfather's glitcher [9, 10] for the iCEBreaker FPGA.
[1] Lattice iCEstick Evaluation Kit
http://www.latticesemi.com/icestick
[2] Breaking Code Read Protection on the NXP LPC-family Microcontrollers, Chris Gerlinsky, 2017
https://recon.cx/2017/brussels/resour...
[3] SySS iCEstick Glitcher, Matthias Deeg, SySS GmbH, 2020
https://github.com/SySS-Research/ices...
[4] SySS iCEBreaker Glitcher, Matthias Deeg, SySS GmbH, 2020
https://github.com/SySS-Research/iceb...
[5] Toothless Arty-Glitcher, Dmitry Nedospasov, Toothless Consulting, 2017
https://github.com/toothlessco/arty-g...
[6] NXP LPC1343 Bootloader Bypass (Part 1) - Communicating with the bootloader, Dmitry Nedospasov, Toothless Consulting, 2017
https://toothless.co/blog/bootloader-...
[7] NXP LPC1343 Bootloader Bypass (Part 2) - Dumping firmware with Python and building the logic for the glitcher, Dmitry Nedospasov, Toothless Consulting, 2017
https://toothless.co/blog/bootloader-...
[8] NXP LPC1343 Bootloader Bypass (Part 3) - Putting it all together, Dmitry Nedospasov, Toothless Consulting, 2017
https://toothless.co/blog/bootloader-...
[9] Grazfather's glitcher for the iCEBreaker, Grazfather, 2019
https://github.com/Grazfather/glitcher
[10] Glitching the Olimex LPC-P1343, Grazfather, 2019
http://grazfather.github.io/re/pwn/el...
#SySS #glitching #iCEstick
Информация по комментариям в разработке