Hello! I am a university student and this year I competed in the MITRE embedded CTF with my team. This was the first year we have done this, and I’ll tell you its been a lot of learning to understand how embedded systems work (We are all mostly cybersecurity and computer science majors). But its been a lot of fun! We were lucky enough to have a professor agree to get a CW Husky for us to try out, and its been a big learning curve. The competition is over now, but were still wanting to learn how to use the Husky so we can be more prepared for next year.
I’ve been able to set up the Husky and run through a good amount of the labs to get my bearings. Were wanting to move on now to using it against the target board we received for the competition, but I have no idea how to connect them together.
Specifically, how do I attach the Crowbar to the board if it doesn’t have an SMA adapter?
We have already removed the resistors on the main power line (VCOREA in the schematics) and know where we want to attach the crowbar on the target (the board still works!). The issue is just getting a way to connect the two together. We have a PCBite on a pad connected to VCOREA and a male GPIO pin just resting in the hole of the SMA adapter on the Husky. I wanted to get an opinion before we ran it to make sure we wouldn’t break anything, or if there is a better way to do it.
Im assuming there would be a little piece of hardware to buy, but I don’t know where to find something like that.
Also, on another note, we are wanting to trigger off of UART, and so we have hooked up a PCBite to the UART TX on the target board and have the wire plugged into the IO1 pin on the CW Husky. Does that work haha?
Thanks for helping us out! It’s been a blast learning how embedded systems and security work over the course of the last 4 months!
Hi,
Glad to hear you’ve been enjoying the Husky/tutorials so far and that your foray into the embedded world is going well! Probably the most solid way of connecting the glitch port would be to solder an SMA port to the power pin of the microcontroller, similar to what we do in our LPC1114 glitch: chipwhisperer-jupyter/courses/faultapp1/LPC1114_Fuse_Bypass.ipynb at main · newaetech/chipwhisperer-jupyter · GitHub. You could also cut the end off of an SMA cable and solder the center/that to your board.
I highly recommend having a solid soldered connection here, as there’s a fair amount of current drawn when glitching, so variances in resistance/inductance/capacitance end up mattering a lot to the glitch. Small shifts in the wire could drastically change these values, resistance especially, so you’re introducing a lot of variance in your setup. We even see large differences in glitching from using longer/shorter cables, so the variance in contact resistance isn’t something that should be ignored. The outside of the glitch port is also ground, so this setup is a small bump away from shorting power to ground, potentially damaging something. Similarly you’ll want a soldered ground connection here as well.
Something more solid would be ideal for the UART connection as well, but I’d consider that less important than making sure power/ground are well connected.
Also, if you haven’t yet, you’ll probably want to remove the target’s decoupling capacitors as well. I’m not sure what the resistors were there for. If they’re shunt resistors, you may actually still want them there, as it will make it easier for the ChipWhisperer to pull the power line of the target down.
This is amazing advice! Thank you so much for taking the time to help us out!
And you are right, I meant to say that those resistors were actually the decoupling capacitors. My brain just didn’t remember correctly yesterday haha.
I’ll try out soldering a SMA port on the power pin. And when you say power pin, do you mean the 3v3 GPIO pin? Our current theory was to have a wire connected on the positive end pad of one of the decoupling capacitors we removed. Would adding a soldered connection there work as well?
Thanks again!
Yup, the positive pad of the decoupling capacitor is a pretty good location to pick.
The positive power pins are generally labelled as VCC/VDD. GPIO stands for general purpose input/output, so that’d be most of the other pins on the chip that you use for IO, rather than the power pins.
1 Like