To some extent, most of our projects are fault reduction exercises. Whether it’s a self inflicted software or hardware error, or even if the problem comes from a source beyond our control, the key to the problem is to make it run smoothly and predictably.
But this is not always the case. Sometimes, deliberately causing faults can be a useful tool, especially in reverse engineering. This is where this low-cost electromagnetic fault injection tool can be used. Emfi is a method to interrupt the normal flow of programs running on embedded systems; If applied properly and with good luck, you can use it to make the system available. As Colin o’flynn voiced his emfi tool, picoemp is a slightly milder version of his previous chipshow tool. Picoemp focuses on user safety, which is an important consideration because its business terminal can apply a voltage of about 250 volts at its output. Safety functions include isolating raspberry PI Pico (generating PWM signal for high-voltage part), safety enclosure on high-voltage parts, and switch for discharging capacitor and preventing accidents.
In use, high voltage pulses are applied to the injection end, which is basically a ferrite core antenna. The tip concentrates the magnetic flux in a small area, which is expected to cause the expected failure in the target system. The following video shows picoemp for bitcoin wallet failure and some tests on HV pulses.
If you are interested in pyommp and general flash, be sure to pay attention to [Colin] 2021 remote chat on this topic. Before that, you may want to investigate the glitch attack on Nintendo DSi and the USB glitch on wacom tablet.