-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Fault injection attacks are active side channel attacks where the adversary tampers with the operation of the device in-order to access privileged information. The adversary injects a fault into the device using a high-powered laser, or by altering the clock and power supply lines. [1] One of the biggest problems when performing such an attack is to find the correct point in time at which the glitch needs to be inserted. This project aims to simulate binaries for various architectures to find suitable glitch points as well as count the number of instructions executed towards these glitch points to enable a precise timing on when to insert a glitch.
This project is build on the opensource binary analysis framework angr [2]. Angr is a python tool which loads binaries for various architectures and lifts them into an intermediate representation called vex. Furthermore, angr provides a framework to enable further analysis through symbolic execution and control-flow analysis.
On the one hand the tools developed during the project can be used in a jupyterlab notebook [3]. This allows maximum flexibility, which is needed since most embedded binaries need special setups to be evaluated effectively. On the other hand a ghidra plugin was developed. For most usecases glitchings can be found directly from ghidra. The plugin is inspired by angry-ghidra [4] but does not share any code with it.
The project is devided into three subprojects.
The jupyter notebooks inside the notebooks directory provide an easy to use introduction to glitch simulation. Further documentation can be found here.
The ghidra plugin can be found in the ghidra_plugin directory. Further documentation can be found here.
Common functionality, as well as the python scripts for the ghidra plugin can be found in the py_scripts directory. Functionality is documented here. The python part can be executed without using ghidra aswell.
The example_binaries directory contains multiple examples that can be used with both the notebooks and the ghidra plugin. More information and instructions on how to build the examples can be found here.