Thanks to blogger Matt Brugman, the Bus Pirate 5 universal serial interface now has the capability to perform power glitching to breach hardware security.
This is achieved through the Serialipheral interface (SPI) and Parametric Glitching Engine (PGE) firmware that turns a generic Arduino into a glitcher.
Vulnerable code is loaded into the Arduino to establish a trigger for the Bus Pirate’s new glitch feature, which is now part of the main codebase.
All parameters are customisable and the feature is robust, reliably achieving faults on the target in less than 10 attempts.
The hacked code was taken almost unchanged from an IoT device, demonstrating that power glitching is an underutilised and effective vector for reverse engineering.
This inexpensive and accessible method of hacking provides yet another incentive for developers to secure their hardware.
