IMPLEMENTING PRACTICAL ELECTRICAL GLITCHING ATTACKS presented at BlackHatEU 2015

by Brett Giller,

Summary : Techniques for glitching attacks are well known, but there is little information on how to implement a full reliable exploit on a target. In this talk, we attempt to implement and execute successful voltage and clock glitching attacks on a group of target devices. During the talk, we detail the necessary conditions required to create an affordable, and reliable exploit for a target device. Other attacks typically involve decapping the target chip, with the use of expensive equipment typically out of reach of the normal hobbyist. In contrast, electrical glitching is a technique that can be used non-invasively, and can allow attackers the ability to bypass normal software protections or generate exploitable conditions within the target device.
Electrical glitching involves modification of the clock or the voltage supplied to a chip. Clock glitching involves sending an out of cycle clock edge in order to make the chip advance to its next state prematurely, allowing us to bypass entire instructions. Voltage glitching involves increase or decreasing the voltage supplied to a chip in order to alter the state of the propagation delay experienced by the transistors in the chip, allowing you to corrupt register memory. The talk will involve studying and reproducing results from well known cases of electrical glitching such as the Xbox 360 clock glitch exploit.