Hardware fault injection uses electrical manipulation of a digital circuit to intentionally introduce errors, which can be used to cause processors to behave in unpredictable ways. This unintentional behavior can be used to test for reliability, or it can be used for more nefarious purposes such as accessing code and data that was intended to be inaccessible. There are a few ways to accomplish this, and electromagnetic fault injection uses a localized electromagnetic pulse to flip bits inside a processor. The pulse induces a voltage in the processor’s circuits, causing bits to flip and often leading to unintentional behavior. The hardware to do this is very specialized, but [Pedro Javier] managed to hack a $4 electric flyswatter into an electromagnetic fault injection tool. (Page may be dead, try the Internet Archive version.)
[Pedro] accomplishes this by turning an electric flyswatter into a spark-gap triggered EMP generator. He removes the business end of the flyswatter and replaces it with a hand-wound inductor in series with a small spark gap. Pressing the power button on the modified flyswatter charges up the output capacitor until the developed voltage is enough to ionize the air in the spark gap, at which point the capacitor discharges through the inductor. The size of the spark gap determines the charge that is built up—a larger gap results in a larger charge, which produces a larger pulse, which induces a larger voltage in the chip.
Audacious times generate audacious efforts, especially when national pride and security are perceived to be at stake. Such was the case in the 1950s and 1960s, with the Space Race that started with a Russian sphere whizzing around the planet and ended with Neil Armstrong’s footprint on the Moon. But at the same time, other efforts were underway to answer big questions of national import, such as determining how durable the United States’ strategic assets were, and whether they could withstand the known effects of electromagnetic pulse (EMP), a high-intensity burst of electromagnetic energy that could potentially disable a plane in flight. Finding out just what an EMP could do to a plane would take big engineering and a large forest’s worth of trees.
Recent developments on the world political stage have brought the destructive potential of electromagnetic pulses (EMP) to the fore, and people seem to have internalized the threat posed by a single thermonuclear weapon. It’s common knowledge that one bomb deployed at a high enough altitude can cause a rapid and powerful pulse of electrical and magnetic fields capable of destroying everything electrical on the ground below, sending civilization back to the 1800s in the blink of an eye.
Things are rarely as simple as the media portray, of course, and this is especially true when a phenomenon with complex physics is involved. But even in the early days of the Atomic Age, the destructive potential of EMP was understood, and allowances for it were made in designing strategic systems. Nowhere else was EMP more of a threat than to the complex web of communication systems linking far-flung strategic assets with central command and control apparatus. In the United States, one of the many hardened communications networks was dubbed the Groundwave Emergency Network, or GWEN, and the story of its fairly rapid rise and fall is an interesting case study in how nations mount technical responses to threats, both real and perceived. Continue reading “Radio Apocalypse: The GWEN System”→
Almost exactly one year ago, [Kreosan] published a video detailing an EM “weapon” built out of three magnetrons, some batteries, and a taser. It all seemed a bit too good to be true, so [Allen] decided to try and replicate the results for himself.
[Kreosan]’s original video was impressive, showing everything from home stereos to a humble moped exploding when in the presence of their powerful device. However, many of those watching the video doubted the footage. Most criticism centered around the nature of the power supply to the magnetron falling short of the usual 700-1000W seen in a microwave oven.
[Allen] starts by experimenting with a single magnetron, successfully using it to light a compact fluorescent bulb at a range of a few centimeters. Scaling up to the full triple magnetron setup with a cardboard and foil feedhorn, [Allen] is, at best, able to crash a calculator at a distance of a few feet.
The microwaves cause no explosions, and the device doesn’t seem to have anywhere near the 50-foot range claimed by [Kreosan] for their device. [Allen] puts forth the theory that the explosions seen in the original footage are far more likely to be from small firecrackers rather than any electronic components dying from microwaves.
Pulsed power is a technology that consists in accumulating energy over some period of time, then releasing it very quickly. Since power equals energy (or work) divided by time, the idea is to emit a constant amount of energy in as short a time as possible. It will only last for a fraction of a second though, but that instantaneous power has very interesting applications. With this technology, power levels of more than 300 terawatts have been obtained. Is this technology for unlimited budgets, or is this in reach of the common hacker?
Consider for example discharging a capacitor. A large 450 V, 3300 uF electrolytic capacitor discharges in about 0.1 seconds (varies a lot depending on capacitor design). Since the energy stored in it is given by 1/2 CV², which gives 334 Joules of energy, the power delivered will be 3340 watts. In fact a popular hacker project is to build large capacitor banks. Once you have the bank, and a way to charge it, you can use it to power very interesting devices such as:
Railguns in particular are subject to serious research. You may have read about the navy railgun, capable of reaching a muzzle speed of more than 4,600 mph (around Mach 6), more than any other explosive-powered gun. Power is provided by a 9-megajoule capacitor bank. The capacitors discharge on two conducting rails, generating an electromagnetic field that fires the projectile along the rails. The rail wear due to the tremendous pressures and currents, in the millions of amperes range, is still a problem to be solved.
Imagine you’re in charge of a major heist. Right as your crew is about to rob the main vault, you need all of the electronics in the building to fail at exactly the right moment with no other collateral damage (except, maybe, to your raggedy panel van). Obviously you will turn to one of the entertainment industry’s tired tropes, the electromagnetic pulse! The only problem is that if you were to use a real one rather than a Hollywood prop either there would be practically no effect, a large crater where the vault used to be, or most of humanity would be in deep trouble. After all, the real world isn’t quite as convenient as the movies make it seem.
Our curiosity into this phenomenon was piqued when we featured an “EMP generator” from [FPS Weapons]. The device doesn’t create an enrapturing movie-esque EMP pulse suitable for taking down a casino or two, but it does spew a healthy amount of broadband electromagnetic interference (EMI) in every direction. It probably also doesn’t send the EMI very far; as we’ve seen in many other projects, it’s hard to transfer energy through the air. It got us wondering, though: what is the difference between being annoying and creating a weapon? And, is there any practical use for a device like this?
Taking a break from his book, “How to Gain Enemies and Encourage Hostility,” [FPS Weapons] shows us how to build our own handheld EMP generator which can be used to generate immediate dislike from anyone working on something electronic at the hackerspace.
The device is pretty simple. A DC source, in this case an 18650 lithium battery cell, sends power to an “Ultra High Voltage 1000kV Ignition Coil” (as the eBay listing calls it), when a button is pressed. A spark gap is used to dump a large amount of magic pixies into the coil all at once, which generates a strong enough magnetic pulse to induce an unexpected voltage inside of a piece of digital electronics. This usually manages to fire a reset pin or something equivalent, disrupting the device’s normal operation.
While you’re not likely to actually damage anything in a dramatic way with this little EMP, it can still interrupt an important memory write or radio signal and damage it that way. It’s a great way to get the absolute shock of your life if you’re not careful. Either from the HVDC converter or the FCC fines. Video after the break.