Fault 1_1 - Introduction to Clock Glitching

I managed to get through all the steps OK. So now I’m trying to learn the theory and the approach part.
It mentions to vary things until “an interesting” region is found. How do I know it’s interesting? What output indicates the glitch attack did something? What I’m really asking about is what is the approach in the exploratory phase to zoom in an area of interest? What’s the thought process.

Hi Michael,

Your three primary goals with this lab are to:

  1. Use clock glitching to mess up the calculation being run on the device
  2. Detect when this happens
  3. Find sets of glitch settings that cause clock glitching successes

The first objective you’re trying to complete by just inserting glitches with various settings.

For the second, try considering three cases.

First, what happens if you insert a glitch and it has no effect (aka a “normal” result)?


The target will send you the correct result of the calculation (2500 as a hex string, IIRC ['9C, '04', '00', '00'])

Second, what happens if you insert a glitch and it messes up the calculation (aka a “success” result)?


The target will send you the incorrect result (maybe 2501 as a hex string instead). This is the “interesting” result you’re looking for.

Finally, what happens if you insert a glitch and it has an effect, but not the one you wanted (called a “reset” result)?


This one is a bit trickier, as a lot of different things can technically happen, but most likely the target will either crash or reset, meaning you won’t receive anything back.

Regarding the zooming part of your question, glitching has various parameters you can vary, usually width, offset, and ext_offset. Searching exhaustively through these settings can take a very long time, so it makes sense to start with a coarse search, narrowing that down until you find something. Often, successful settings are close to each other (aka “interesting regions”) so, to help with the third objective, it makes sense to do a fine search around where you found successes.

Hope that helps,


Hi Alex,
Thanks, yes this clarifies things. I’ll play around with it having this in mind.