Injecting Bugs With An Electric Flyswatter

Hardware fault injection uses electrical manipulation of a digital circuit to intentionally introduce errors, which can be used to cause processors to behave in unpredictable ways. This unintentional behavior can be used to test for reliability, or it can be used for more nefarious purposes such as accessing code and data that was intended to be inaccessible. There are a few ways to accomplish this, and electromagnetic fault injection uses a localized electromagnetic pulse to flip bits inside a processor. The pulse induces a voltage in the processor’s circuits, causing bits to flip and often leading to unintentional behavior. The hardware to do this is very specialized, but [Pedro Javier] managed to hack a $4 electric flyswatter into an electromagnetic fault injection tool. (Page may be dead, try the Internet Archive version.)

[Pedro] accomplishes this by turning an electric flyswatter into a spark-gap triggered EMP generator. He removes the business end of the flyswatter and replaces it with a hand-wound inductor in series with a small spark gap. Pressing the power button on the modified flyswatter charges up the output capacitor until the developed voltage is enough to ionize the air in the spark gap, at which point the capacitor discharges through the inductor. The size of the spark gap determines the charge that is built up—a larger gap results in a larger charge, which produces a larger pulse, which induces a larger voltage in the chip.

[Pedro] demonstrates how this can be used to produce arithmetic glitches and even induce an Arduino to dump its memory. Others have used electromagnetic fault injection to corrupt SRAM, and intentionally glitching the power supply pins can also be used to access otherwise protected data.

9 thoughts on “Injecting Bugs With An Electric Flyswatter

  1. Great Idea! Now, make the coils pluggable, and you can make various coils for specific purposes easily swappable! EMF/EMP effects are fun to experiment with, and sometimes, can tell you a great deal about your hardware/code and its robustness.

      1. I bet this can/will cause ‘undesired behavior’ with most consumer electronics stuff(kinda the point). At this low power level though, there is not a lot of havoc that could be caused to most HAM bands and or gear. I bet that the bad connections on your local power grid, or you neighbors’ crappy powerline ethernet extenders from (insert favorite vendor here) will be more problematic! In fact, everybody’s favorite budget Handy Talkie from (insert favorite chinese vendor name) is going to be more of a problem at the end of the day than something like this.

  2. In ’90 poker machines ware very popular in eastern European countries. Since they didn’t have almost any protection, simple magnet generator from lighter was good enough to produce impuls on key switch to add credit.

  3. I found EMP very useful when parking. Here in VietNam, with many new buildings opening – due to the buoyant economy – many have installed computerised parking access systems.

    I have an EMP system in my motorcycle handlebar instrument cluster and I find that most parking computers are susceptible to EMP which, after the system collapses, results in parking charges being waved.

    And why do I have an EMP generator? I design electronics used by First Amendment Auditors to penetrate / disrupt police electronics.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.