No Code Hardware Hacking - Introducing Glitchy
Вставка
- Опубліковано 21 жов 2024
- BECOME A PATREON!
/ recessim
Glitchy fuses together all the peripherals you need to hack hardware without wring a single line of code! Glitch processors like a PRO! Full source code available on my GitHub below.
Video uses the following hardware in the demo:
NewAE ChipWhisperer: www.newae.com/...
Envox BB3 Power Supply: www.envox.eu/e...
VoltLog VoltLink Serial Adaptor: www.tindie.com...
Landing Site: recessim.com/
Twitter: / bitbangingbytes
Discord: / discord
GitHub: github.com/Bit...
Wiki: wiki.recessim.com
Full Disclosure: VoltLog sent me the serial adaptor for free because they liked my videos, I included it in my video without any compensation because I like their product!
Nice work and I'm glad to see the Voltlink in action.
I think tool makers are the most underrated kinds of ppl
When I bought the ChipWhisperer-Lite I expected this level of UserInterface and control.
Microchip HowTo Hackit video's would be nice ;-)
Keep up the good work!!
Nice! i use a pico to do most of my glitching, as the clockspeeds are quite enough. maybe interesting to have a gui for that as well, maybe i am going to dive into the code if i have some spare time. Thank you! It looks nice!
Without delving into your code, could you answer this question:
Does your program inject the print messages into the device you've glitched?
That way you get around the problem with the smart meter in your last video and needing a print statement to output the firmware.
No, I still need the device to print something or output some data. I am going to take a look at the meter again and see if it's outputting data anywhere else I might have missed that I can use to exploit it.
Awesome content. It would be great to have a series on Chipwhisperer analysis.
Will think about what I can put together on it, been a bit since I played with it. Missing all the fun I had!
@@RECESSIM I am ex-Flight Engineer who started with Embedded electronics during the pandemic and your Channel has been one of my favorites. Try not to miss you reportage as well. For the Chipwhisperer, a more fundamental and basic ground up video series might be great as none to my good search of UA-cam exists. Every videos tarts at higher baseline. There is one from Liveoverflow Channel but lacks Chipwhisperer scope and depth.
Awesome video, trying to learn all this stuff but finding it hard to find any decent resources. Also a bit of a newbie to it all, including electronics, got any recommendations on how to learn it all?
Also, what power supply would you recommend? I tried to find the same one you have (love the connectivity it has! Over the network etc. so cool) but they don't seem to be available anymore.
I've also got a ChipWhisperer Husky on the way but it's not even shipped until February 😭 was half looking at maybe I could try and do some power analysis, on some code that asks the user to enter a password and checks if it's correct, but I also don't have an oscilloscope so any recommendations there too would be grand 😂 Legend though, appreciate any videos on this stuff. Someone needs to set up a beginners guide to getting a setup like this going, or doing it as cheap as possible. If no one has by the time I learn, I'll create it!
This GUI is fire, "about" tab too
Anyone that wants to spice it up with color, no more than 8 bit PR's on Git will be approved! 😂
the mascot rocks, love it
I don't know enough about this stuff.... but wouldn't it be beneficial to have a power supply not only capable of sourcing current... But also sinking current?
Completely synchronized in one device. I mentioned source measure units on another one of your videos...
with an SMU... You can basically do anything. It's nearly like having a whole test bench in one integrated device
Which is hugely beneficial when trying to synchronize a bunch of different processes and measurements quickly and repeatedly with great precision
it's all combined in one package and communicating with each other.
Just thought with glitching and other attacks.... it would be just as important to sink the power out of the device before starting another cycle.
Or possibly even going negative voltage? Rapidly in succession while monitoring everything in unison.
Of course this can also be done with separate power supply and electronic load devices. Along with other monitoring equipment and stand-alone pieces of gear.
But an all in one integrated device makes everything so fast, programmable, and effortlessly precise.
Please ignore if is a dumb idea i honestly don't know enough about glitching to even comment.
my specialty is test gear and metrology equipment. So I just thought I would throw that out there.... Since SMU's are used so widely when trying to reverse-engineer or characterize something.
What keyboard are you using? It sound like a mechanical keyboard.
Very nice work!
Are your dumps consistent when you use the same glitch cycle and width?
I guess I don't need to worry, but are you using the original bootloader? I guess you would ideally try to glitch the bootloader to get more consistent results on different devices with differing fw but (near) identical bootloader's.
If you dump outside of the flash memory region you could accidentally dump ram contents. But the distance in address space might be too big.
I always look forward to new videos :)
Dumps are consistent with the same cycle/width. Interesting about dumping RAM, I hadn't thought of that. Perhaps that is what I saw, I could probably try to fill the RAM and see if it's also getting dumped as its dumping the flash.
Thanks for watching!
Your videos are super informative!
Wearing a black hooded jacket will increase the odds of success.
I can't code but that's the single fact I know about hacking.
Thank you so much for this!
You’re welcome! I think I’m going to use it again in a future video to try to dump firmware in a Landis + Gyr IWR modem
What alternative do you recommend for the Bus pirate? I'm just trying to find something that can handle JTAG. Basically, I just want to be able to connect it to a board (It has an STM chip) and dump the firmware off of it. Is there a general way to connect JTAG to the bus pirate, like when you connect to UART? Thanks
I used a Flyswatter2 in the past, although not the lowest cost device it worked well.
Hey if i have a microcontroler which i need to read but it has Protection, can you read it?
Depends what it is, email hash@recessim.com pics
That is a great idea, I love it! 👍
Really cool utility
would you do a video about your toolset on your desk?
All the various meters, scopes and stuff like that?
@@RECESSIM exactly + your setup, i have been doing arduino basics and stuff but was looking forward to getting into "firmware hacking/reverse engineering" , is that the right term? my pleasure to purchase the basic tools then get into business. also tips how to get started are most welcomed!
Thank you very much for this excellent suite of tools! Fine work!! - 73 DE KE5DEV
is there a way i can run it on Windows?
I wonder if we can use these on game consoles
Uh, gonna check that out.
Is this project open-sourced
Description says so
Yes, github.com/BitBangingBytes/Glitchy
Hello, friend great video and good job.......
Thanks!
based on that ui i'm almost certain i've used ur cracks before lol
Looks at the link before watching video… $10,000
The one I use is only a few hundred dollars, but NewAE does have some very advanced stuff for more cash 💰
🎶 ≋p≋r≋o≋m≋o≋s≋m
This seems like a waste of time lol
Nothing good to watch on Netflix so… 🤷🏽♂️