Scrambling Pocket Calculators Made Easy With EMP Box V2

[Rostislav Persion] has for some time been interested in making small, portable EMP devices capable of interfering with nearby electronics. In these EMP devices, high voltage is used to create a portable spark gap generator, whose operation in turn creates electromagnetic pulses capable of resetting or scrambling nearby electronics such as pocket calculators.

Bridging adjacent holes narrows the spark gap, resulting in more frequent pulses.

His original EMP box designs relied on spark gaps constructed from metal screws threaded into a clear plastic insulator, but this newest design ditches fussy screw adjustments and relies on perfboard. By cutting out a single row of plated perfboard holes and soldering the high voltage terminals to each end, the empty holes in between form the essential parts of a spark gap.

It’s even adjustable: one simply bridges adjacent holes with solder to effectively decrease the gap. As for generating the high voltage itself, a DC voltage multiplier from Amazon takes care of that. Watch the device reset some calculators in the short video below.

Looking for high-voltage experiments that aren’t so sketchy? Get yourself a Van de Graff generator, some metal balls, and a little bit of oil, and make some art.

Continue reading “Scrambling Pocket Calculators Made Easy With EMP Box V2”

EM-Glitching For Nintendo DSi Boot ROMs

Some hacker events are muddy and dusty affairs in distant fields, others take place in darkened halls, but I went to one that can be experienced as a luxury break in a European city steeped in culture and history. Newline takes place at Hackerspace Gent, in the Belgian city of that name, and I was there last weekend to catch the atmosphere as well as the programme of talks and workshops. And of those a good start was made by [PoroCYon], whose fascinating introduction to the glitching techniques involved in recovering the boot ROMs from a Nintendo DSi taught us plenty of things we hadn’t seen before.

The talk which you’ll find below the break starts by describing the process of glitching — using power supply interference to interrupt the operation of a microprocessor and avoid certain instructions — to bypass security code. It then moves on to some of the protection mechanisms used in the various generations of Nintendo consoles and handhelds, before moving on to the work on the DSi at which point the talk moved onto a field which may be old hat in glitching circles but was new to me; that of EM glitching.

EM glitching involves using a small coil to generate precisely timed electromagnetic pulses which induce the glitch voltages in the chip. The fascinating part is that the EM probe can be made small enough to target individual areas of the chip, so using it involves a brute-force technique trying all combinations of timing and position with the probe held in a computer-controlled X-Y mount.

The DSi has two processors on board, this achieves success with the ARM7 but leaves its companion ARM9 as yet untapped. There are a promising set of attack vectors left to try, of which the ARM7 placing the ARM9 into a state from which it can be glitched seems to be the most promising. It’s fairly obvious that there’s plenty more to come from this quarter.

More details of the talk can be found in this repository, and for those interested in EM glitching you can find out more in this video and in this project using it to attack a Gecko microcontroller.

Continue reading “EM-Glitching For Nintendo DSi Boot ROMs”