VoidStar Security Wiki
  1. Fault Injection

Fault Injection

Fault injection (FI) involves introducing an error/modification minor enough to cause undefined behavior on a target but not enough to stop the target from operating entirely. This typically involves injecting a high-voltage pulse or temporarily draining the voltage from a targeted power source or “rail” on the target system.

By causing momentary voltage modulations (either above or below the expected voltage), we can force our target system to enter a realm of undefined behavior. An adequately targeted fault can bypass various security checks or other features that may impede an attacker or reverse engineer.

When it comes to FI, I think that Furrtek explained it best here:


Regarding FI, anything capable of pulling a voltage line low or injecting a clock pulse can work. However, depending on your target and attack, you might need advanced timing or protocol triggering, where tools such as the ChipWhisperer become very handy. When learning the fundamentals of fault injection, you cannot go wrong with an introductory ChipWhisperer kit. Their materials and example targets explain the principles behind fault injection and provide a tested, repeatable learning environment. I can’t recommend their materials highly enough. If the ChipWhisperer tools are too expensive for your budget, however, there are other tools that folks have used in the past. I have included the tools in the table below and provided some example blog posts that utilize them to help get you started. We have also published a blog post here as an introduction to FI.

Item Price Link Projects / Blog Posts
RP2040 $4.00 Link Pico Glitcher, PicoRHG - Xbox 360 Glitch, AirTag Voltage Glitching
PocketBeagle $35.63 Link The PocketGlitcher,
ICEStick ICE40 FPGA $49.00 Link Grazfather’s LPC Glitch, IceStick Glitcher
ChipShouter PicoEMP $60.00 Link EMFI Made easy with PicoEMP
ChipWhisperer Lite $315.00 Link Replicant: Reproducing a FI Attack on the Trezor One
ChipWhisperer Husky $549.00 Link RL78 Glitching (done by Colin O’Flynn)
ChipShouter Kit $4125.00 Link EMFI for Automotive Safety with ChipShouter

There are also plenty of great talks that you can find online about fault injection; I’ve listed some of my favorites below: