The final #glitchy prototype is on the way from Shenzhen, along with an early #ESP32anza prototype and some other delights.
We had to give up the ghost on galvanic glitching in order to keep the BOM low enough to still sell it in the $20-30 range.
That is okay! We replaced the NPN+Relay circuits with N-Channel MOSFETs similar to what the Hextree Faultier uses. This works out because NAND flash bootloader glitching uses ground, and most everything out there is an active low reset.
Between that and replacing the discontinued digital pot, and many other roadblocks, it has been a long and difficult journey. We are finally approaching completion of the #glitchy project and cannot wait to make it available to you, the “valued” “customer”.
ITS HAPPENING! GLITCHY!
After years of thinking and slightly fewer years of iterating through different microcontrollers and wasting thousands of dollars, the #glitchy is finally nearing completion! Now that it's finally so close, it seems wise to offer a detailed description of what the Glitchy is and what it does.
Glitchy is an automated bootloader flash glitch attack tool.
It consists primarily of:
SAMD21 microcontroller
MCP4017 digital pot
2x Reed Relay
The device provides a header which exposes pins for:
Target Flash D0
Target MCU D0
Target RESET
Target RESET_ACTIVE (GND/Vcc)
Target UART RX
Target UART TX
Target GND
Glitchy provides functionality like:
optional automatic detection of target baudrates using both Edge Timing ABR and Caveman ABR
accepting user terminal-provided baudrates for target UART by default – simple operation
detect bootloader flash read operations via monitored target UART
automatically actuate galvanic fault injections using the target's own GND or VCC
moderate injections with up to 5Kohm adjustable series resistance
manual glitch mode wherein the galvanic RESET and GLITCH are controlled in the UART interface via key chords
fully in-UI customizable and saveable settings, including trigger, success, and failure strings, post-success payloads, pulse timings, and more
simple terminal-based and web-serial based UIs
easy flashing for updates and settings configuration via web-serial and UF2
Glitchy is simple to use! It has a USB C port, and 2.54mm pin headers. It goes great with Dirt Cheap Probes! Stay tuned for PCB previews and more.
What is even if the point of this?!
I do this attack a lot at play and at work, and usually i do it with a little digital pot and push button on a breadboard. this is faster and easier. this attack is so simple, it should be like the command injection of hardware attacks. Tools like the Faultier are making higher speed glitching more accessible, and tools like the PicoEMP and FaultyCat are making EMFI-based attacks more accessible. I want to make a tool that will make this attack accessible to anyone with $20.
I hope to make it available as soon as possible, either via pre-order on https://www.dirtcheaphackingtools.com or some sort of crowdfunding. Feel free to tell me how you feel about this.
Diffuse Tactics, Democratize Access. Hack The Planet.