The Cheap Way To Glitch An STM8 Microcontroller

Reverse engineering or modifying a device often requires you to access the firmware stored on a microcontroller. Since companies are usually not fond of people who try to peek into their proprietary data, most commercial devices are readout protected. [rumpeltux] ran into this problem when he tried to dump the firmware on an HC-12 wireless serial communication module for yet undisclosed reasons. Hacking into the device was a challenge that he gladly accepted and in the end, he succeeded by building a low-cost setup for voltage glitching.

Voltage glitching is a form of fault injection that has, e.g., been successfully used to hack the Playstation Vita. It involves the injection of voltage spikes on the power line in order to force the bootloader to skip security checks. The hard thing is trying to find the right shape of the waveform and the best way to inject the signal.

While there are already open-source boards for fault injection like ChipWhisperer, [rumpeltux] chose to build his own setup around an FPGA. By using a cheap EPM240 board, some MOSFET, and a USB-to-Serial converter, the total costs of the glitching setup were under 20 Euros. [rumpeltux] then recorded a larger number of voltage traces on the VCC pin around the reset phase and analyzed the differences. This helped him to pinpoint the best time for injecting the signal and refine the search space. After some unsuccessful attempts to glitch the VCC and GND pins, he got lucky when using one of the voltage regulator pins instead.

Be sure not to miss Samy Kamkar’s talk at Supercon 2019 if you want to know more about hardware attacks or how to eavesdrop on people using a bag of potato chips.

18 thoughts on “The Cheap Way To Glitch An STM8 Microcontroller

  1. I do this at work, not for trying to hack firmware, but for testing new silicon for faults in startup. This is a more expensive way to do this but it works quite well: older/nicer HP/Agilent/Keysight power supplies have a jumper or dipswitch setting that makes them act as power amplifiers or voltage followers or whatever you want to call it, so they’ll dump out a substantial output when fed with an arbitrary waveform generator. You can use a microcontroller as your AWG, if you want. Some of the Agilent supplies could manage 5V/nS slopes, and I’ve bought some working 600W supplies, like the HP 6038A, for under $100 off ebay. It’s easier to set up the AWG if you have a GPIB or ethernet setup because then you can upload waveforms you’ve built in Excel to the AWG, but if you’re using a microcontroller with a fast DAC, like the more recent Teensys, that’d be a much easier interface for most home users. You don’t have to talk to the PS at all. It just follows. We use this for ISO 16750 startup testing where you’re simulating the varying voltage from a car battery as the engine is starting, and it’s worked really well.

    1. You can also do this more cheaply but with more design work using, for instance, an OPA541 op amp as the voltage follower. We’ve paralleled a whole bunch of them to make a substantial fast variable power supply for an ISO 16750 test that needed 30A, while still managing 10V/uS rise times. It was nowhere near as robust as the commercial power supply, though.

      1. The power good line is an output from the equivalent of power supply supervisors in the PSU. It is not the power on/off pin which is you want to glitch. I don’t think the PSU would be too happy to see a glitch on the On/Off line nor can it switch fast enough in microseconds for a tiny amount of load.

        It is probably easier just to take a modern day adjustable LDO with an /EN (enable) pin that you can turn it on/off at logic level. You can also fool around with adjusting the output voltage a bit just above the threshold.

        All this makes me wonder why the brownout detector inside microcontrollers don’t catch it.

          1. My question is also towards the parts that doesn’t have their internal regulator (for core) broken out. If only the vendors also monitor the internal rail for brownout properly (at least until exiting hidden system boot up code), they could close a security hole.

  2. No way! I was doing a very similar hack with similar hardware and got practically identical results. It’s like science or something.
    I had got to the stage where the glitch on vcc didn’t work, but I was looking at that vcap pin with beady eyes.

      1. Thanks, I had a project where the flash got corrupted because of a dodgy power supply and the BOD saved the day. If you can bypass it with very short pulses, it’s quite difficul to make a reliable product (on the other end, it is the developer’s responsability to make a sufficiently good power supply…)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.