Переглядів 1,038
Electromagnetic fault injection (EMFI) is often used to exploit embedded devices, but it requires a precise selection of several parameters to be consistently successful. In our talk we will present our novel algorithm for automatically estimating position, intensity and timings parameters for EMFI attacks, as well as the exploits we could perform by applying it to different real world targets using different microcontroller architectures. We will show how these architectures react differently to fault injection and how it is possible to obtain code execution and JTAG uncensoring within an hour on a black-box target, doing minimal hardware reverse engineering.
-------------------------------------------------------------------------------------------------------------------------------------------------------
Website: hardwear.io
X : / hardwear_io
LinkedIn: / hardwear.io-hardwarese...
Facebook: / hardwear.io