BSides Munich 2025

login

Introduction to Hardware Fault Injection
.ical
2025-11-15 , Hochschule München - R0.006

Don't miss the glitch!

In the past few years, many new open source tools have arisen that enable reliable fault injection attacks at a reasonable budget. In addition to this, many great performing budget tools are now available that are perfectly suitable for a broad range of fault injection targets. This brings a great opportunity to get started with hardware security and learn about hardware fault injection attacks while experimenting. The part that is a bit more challenging is that most of these tools assume that you are an expert in the field and therefore they are limited to providing an interface with many options and features, some heavily tested examples and target boards that work with these examples and that are specifically designed to give the feeling of success, while not truly diving into the process and decision-making that led to them.

This workshop is intended to fill in that gap and introduce you to the basic steps that need to be taken in order to prepare and profile a generic target and be able to start a Voltage Fault Injection (VFI) or Electromagnetic Fault Injection (EMFI) campaign, all while using budget-friendly equipment and inexpensive open source hardware tools.

What to expect

After this workshop, attendees should expect to have a clear understanding on the process involved from the planning to the execution of a glitch campaign, with the following key takeaways:

-Understanding the complexity of developing a fault injection campaign
-Learning which sources of information are necessary to correctly set up the environment.
-Learning about open-source and budget-friendly hardware tools to perform fault injection attacks.
-Exercises that require no special tools or a specific OS, only an internet browser.

What not to expect

These are the things that attendees should not expect:

-Hands-on exercises with real hardware during the workshop.
-To keep anything they see during the workshop (oscilloscopes, target boards, power supplies...) besides the workshop slides.

What to bring?

While the trainers will bring some devices to run some live demos, they will not be providing any physical hardware or tools to the attendees. Even though nothing other than your attention is needed to fully benefit from attending this workshop, we recommend that you bring a laptop with an internet browser that you can use to take notes and be able to do some of the exercises (such as finding specific pinouts and other characteristics).

How to prepare for the workshop

Even though no previous experience with hardware or hardware security is required, it is expected that attendees will familiarize themselves, at least at a basic level, with the following concepts before attending the workshop:

  • In-system programming (ISP).
  • Hardware Debug ports and protocols (JTAG, SWD).
  • How do digital signals work.
  • How do voltage regulator ICs work.

Schedule

Basic concepts in electronics

The opening will have the trainers explain a few basic electronic concepts and talk about components, materials and specifications that are crucial in hardware security testing.

Planning phase

In this part, we will learn the methodology for evaluating the required physical connections to the target, as well as creating a profiling plan and defining the attacks that will be performed on the target during glitching campaigns.

Profiling phase

Here, we will go through the steps that are required to execute our profiling plan. This includes learning how to architect the profiling code tailored to a specific target, making sure that your target has the right pins connected to the right places, and how to use the oscilloscope in conjunction with the profiling code.

Attack phase

While this is the most interesting part, it is the less critical. This is where you learn how to put all the data you have gathered together, configure and start running a glitch campaign.

Which keywords describe your submission?:

hardware security, fault injection, hardware hacking
The speaker’s profile picture
Javier Vazquez Vidal

Javier Vazquez Vidal is a hardware security specialist with a lifelong passion for electronics and embedded systems security, who has been delivering hands-on hardware security trainings for over a decade. He released his first public research project at Black Hat Arsenal USA 2013 and DEFCON with the ECU tool, followed by the CAN Hacking Tool (CHT) at Black Hat Asia 2014 and his research that demonstrated that it was possible to compromise the Spanish smart power grid at Black Hat Europe.

If you see him around and want to talk with him or ask him some questions, make sure to bring an extra beer or coffee along, depending on the time of the day.