PocketBeagle-Based PocketGlitcher Automates Voltage Glitch Testing, and Fits in Your Pocket
Designed to completely automated voltage-glitch testing, the PocketGlitcher is a compact solution to a thorny problem.
Pseudonymous security researcher LimitedResults has turned a PocketBeagle single-board computer into an automated voltage glitcher, designed to be usable with a minimum of hardware skills: the PocketGlitcher.
"I recently found back my PocketBeagle in a box, bought three years ago. It is a 5cm (around 1.97in) board, $25, Arm-based… Exactly the type of hardware I like. Consequently, I have decided to develop a fully-automated and integrated fault-injection system, based on this nice little board.
"This PocketGlitcher is a glitching mod-device. It uses the Texas Instruments PRU [Programmable Real-time Unit] to create deterministic signals (5ns precision, not so bad), associated with determined configs. An analog PCB Cape is then plugged to the PocketBeagle to provide a sufficient glitching effect, once connected to the VDD target. As a result, it is now possible to reactivate the nRF52 debug with a low-cost plug-and-play solution. And the most important, the system fits in a pocket."
The project combines the PocketBeagle with a specially-designed cape add-on which offers analog connectivity, suitable for solderless testing using Sensepeek PCBite connectors, and a USB port. The hardware bundle also includes an 8GB microSD card, pre-loaded with the BeagleBone Linux-based operating system and the scripts required to carry out automated voltage-glitch testing on a target device.
"It provides an automated way to perform voltage glitching, without any expensive electronic equipments or any 'hardware' skills," LimitedResults notes. "As proof of concept, the nRF52 Debug Resurrection Attack presented at BlackHat EU 2020 can be reproduced easily using this plug-and-play solution."
More information on the project is available on LimitedResults' blog, while the PocketGlitcher - including PocketBeagle, Analog Cape, 8GB microSD, scripts, and a user manual - can be purchased on Tindie for $99. LimitedResults has not yet released any source code or hardware design files.