Dirt Cheap Hacking Tools Blog

ITS HAPPENING! GLITCHY!

After years of thinking and slightly fewer years of iterating through different microcontrollers and wasting thousands of dollars, the #glitchy is finally nearing completion! Now that it's finally so close, it seems wise to offer a detailed description of what the Glitchy is and what it does.

Glitchy is an automated bootloader flash glitch attack tool.

It consists primarily of:

• SAMD21 microcontroller
• MCP4017 digital pot
• 2x Reed Relay

The device provides a header which exposes pins for:

• Target Flash D0
• Target MCU D0
• Target RESET
• Target RESET_ACTIVE (GND/Vcc)
• Target UART RX
• Target UART TX
• Target GND

Glitchy provides functionality like:

• optional automatic detection of target baudrates using both Edge Timing ABR and Caveman ABR
• accepting user terminal-provided baudrates for target UART by default – simple operation
• detect bootloader flash read operations via monitored target UART
• automatically actuate galvanic fault injections using the target's own GND or VCC
• moderate injections with up to 5Kohm adjustable series resistance
• manual glitch mode wherein the galvanic RESET and GLITCH are controlled in the UART interface via key chords
• fully in-UI customizable and saveable settings, including trigger, success, and failure strings, post-success payloads, pulse timings, and more
• simple terminal-based and web-serial based UIs
• easy flashing for updates and settings configuration via web-serial and UF2

Glitchy is simple to use! It has a USB C port, and 2.54mm pin headers. It goes great with Dirt Cheap Probes! Stay tuned for PCB previews and more.

What is even if the point of this?!

I do this attack a lot at play and at work, and usually i do it with a little digital pot and push button on a breadboard. this is faster and easier. this attack is so simple, it should be like the command injection of hardware attacks. Tools like the Faultier are making higher speed glitching more accessible, and tools like the PicoEMP and FaultyCat are making EMFI-based attacks more accessible. I want to make a tool that will make this attack accessible to anyone with $20.

I hope to make it available as soon as possible, either via pre-order on https://www.dirtcheaphackingtools.com or some sort of crowdfunding. Feel free to tell me how you feel about this.

Diffuse Tactics, Democratize Access. Hack The Planet.