Google Wifi Pro Glitching from Root to EL3 - Part 3
In this third blog post, we will explain in detail, how we were able get arbitrary code execution at EL3 leveraging the arbitrary write.
Read moreLatest Posts
Google Wifi Pro Glitching from Root to EL3 - Part 2
In this second post, we explain in detail, how we used a single EM glitch to read and write a 32-bit value from/to an arbitrary address.
Read moreGoogle Wifi Pro Glitching from Root to EL3 - Part 1
In this first post, we explain in detail, how we were able to inject EM glitches in order to characterize Qualcomm’s IPQ5018 SoC susceptibility …
Read moreEspressif ESP32: Using Crowbar Glitches to Bypass Encrypted …
In this blog post, we describe our adventure(s) reproducing our EMFI attack on Espressif’s ESP32 using Crowbar glitches.
Read moreMeasuring Billions of Traces Per Day using Segmented Memory
Side Channel Analysis (SCA) attacks generally speaking consisting of three phases: acquisition, pre-processing and analysis. The time it takes to …
Read moreEspressif ESP32: Glitching The OTP Data Transfer
Modern System-on-Chips (SoCs) include security critical features which are often configured securely using One-Time Programmable (OTP) bits, often …
Read more