Some hacking incidents were muddy and dusty things in remote areas, others happened in dark halls, but I went to an incident where I could experience luxury rest in a European city full of culture and history. Newline was held in Hackerspace Gent, a Belgian city of the same name, where I learned about the atmosphere and plans for lectures and seminars last weekend.One of the good start is by [PoroCYon], His fascinating introduction to fault technology Participating in recovering boot ROM from Nintendo DSi has taught us a lot of things we have never seen before.
The conversation you will find under Interruption first describes the process of failure-using power interference to interrupt the operation of the microprocessor and avoid certain instructions-bypassing the security code. Then, it continues to discuss some protection mechanisms used in different generations of Nintendo game consoles and handheld devices, and then continues to discuss the work of DSi. At this time, the conversation shifts to a field that may be an old hat in the failure circle, but it is New to me; EM failure.
EM glitches involve the use of a small coil to generate precisely timed electromagnetic pulses that induce glitch voltages in the chip. The fascinating part is that the EM probe can be made small enough to locate various areas of the chip, so using it involves a brute force technique that attempts to fix the probe in a computer-controlled XY mount for all time and position combinations.
DSi has two onboard processors, which was successful on ARM7, but its companion ARM9 has not yet been developed. There is a set of promising attack vectors to try, and it seems that ARM7 puts ARM9 in a state where it can fail. Obviously, there is still a lot to do this quarter.
More details of the conversation can be found In this repository, For those interested in EM failures, you can learn more In this video And use it in this project to attack Gecko Microcontroller.