Fault injection attacks on microcontrollers: clock glitching tutorial

There is a lot of published papers with information about practical attacks using glitching on cryptographic devices or embedded systems in general. These papers are usually detailed in the process of glitching but not in the setup they use to inject the glitches. They just say at most what kind of FPGA (or commercial station) are using and what “glitching capabilities” they get (frequency, resolution, etc).

If you look for schematic and code to replicate the attacks on these papers, you will not find too much. Almost nothing is published so the reader might think that glitching is something complicated and not easily to perform without specialized and expensive equipment so a false illusion of security against these attacks is perceived.

However, the truth is that glitching can be done with simple and cheap hardware as it has already shown, for example, with the XBOX360 glitch hack or the unloopers that jeopardized the pay-tv smartcards in the mid-00’s.

Today I am going to show you how to clock-glitch for less than 15$ on equipment.

Continue reading

Ultra-low cost IC decapsulation

or how to decap microcontrollers at home and cut your life expectancy in 20 years

Have you ever read about IC reversing? Would you like to introduce you to the world of invasive IC attacks but do you think it is very expensive?
Of course! It is very expensive! I am not going to lie you about that. However, your can do the first step of a invasive IC attack – the decapsulation – at your home using very cheap tools. Instead of spending thousands of euros in chemical laboratory equipment we can spend just only 40€ in common household equipment.

Continue reading

Optimization of Microchip PIC XC8 compiler in Free and Pro mode

I don’t like to program PICs in C language. In fact, I even used to hate it due to the poor quality of the C compilers.

When I started to program PICs microcontrollers in 1998 there was not too many options to program PICs in C. As far as I remember, only Hi-Tech, IAR and CCS had compilers – not even Microchip has his own one – and they were quite horrible compiling. But the fault was not in the compilers manufacturers, but in the PIC core architecture.

Those days Microchip had only what we know nowadays as the ‘base-line’ (12C50X) and ‘mid-range’ (16C54,16F84,16F87X…) architectures. Those cores were so simple that it was not easy no make a C compiler for them. Few memory, scarce resources, small instructions set, few addressing modes…
Anyway, who needs a C compiler with such simple architectures?

Years later Microchip released the more C oriented PIC17/PIC18 architecture and a new range of C compilers for the new PICs were created. Finally we had “reasonable efficient” tools to program Microchip microcontrollers in C!

Two years ago Microchip bought the Hi-Tech company and renamed their Picc compiler as XC8. With this movement, Microchip provide to their clients a cheap and decent C compiler as their old and deprecated C18 compiler was – in my opinion – plenty of bugs and not worthy to work with.

I still use ASM to program the PIC12 and PIC16 family. However, I program the PIC18 devices in C but I often had to dive into the asm of the generated binary  to optimize it.
In those optimizations I have seen weird things made by compilers and I have been long time wanting to write about it.
Today I am only going to write shortly about how the free mode of the XC8 compiler bloats the binary to make the Pro version look more efficient.

Continue reading

Comming back from OHM 2013

Past week I was in the OHM 2013, a hackers/makers international camping festival in Holland.

With the rest of the Spaniards that attended the camp, we mounted a “Spanish Village” where we offered cured ham (jamon serrano), spanish red wine (Rioja), “tinto de verano” and sangria. No topics here ;)

Ham operator

Myself as “ham operator”

Besides the food, we had time to share ideas, projects and good chats with some of the most interesting people out there.

Thanks to all the attendees for the good time and see you in two years!