As a short announcement thread - we’ve been working on a low-cost EMFI tool, which we pushed designs for on GITHub. It’s still somewhat beta and the firmware needs work to be “useful”, but it may be interesting for this forum:
Hello,
I bought a picoemp and the simple CW322 EMFI target. The picoemp seems working well after the arming and pulse generation, but the target seems not be impacted by the pulse generation. I connected an oscilloscope on the J3 connector but the signal is not as “clean” as the one presented in the video Building the PicoEMP - Electromagnetic Fault Injection (EMFI) Tool - YouTube. Do you have any suggestion to troubleshoot it?
Thanks
Hi @Azbeen - a lot of this comes down to the coil itself. When I’m using these I actually unwind a few turns from the inductor, cut & re-tin the wire, and use that.
I suspect the difference on the waveform you are seeing is 100% just the tip/coil. The waveform is changed more by the coil than it is by drive characteristics/settings (this is the case on the bigger ChipSHOUTER too - you are limited by coil dynamics more than you are by the drive strength).
Hi @coflynn,
I’m experimenting with my newly purchased PicoEMP on my ChipWhisperer targets (XMEGA and STM32F303) and I haven’t been able to induce any faults or glitches so far, so I would like to follow the advice you gave in your previous message by changing the injection tip.
What would be good inductors to buy for making new injection tips? Any part number would be greatly appreciated. I saw that in the PicoEMP demo video you use the 4mm ChipSHOUTER tip to easily glitch a Trezor One. Which inductor is that tip made from?
Also, when shopping for inductors, is there any electrical characteristic to pay special attention to in order to avoid damaging the PicoEMP (for example, a minimum DC resistance)?
Hi i am building my own picoemp and was wondering if anybody knows of any working substitutes for
1,RGT16BM65DTL,Q2. Any help would be greatly appreciated. Current lead time is 340 days everywhere. Thanks
According to the parts sub issue, IKD15N60RC2ATMA1 may work. I was going to try it out as we also need to sub that part on another run, will report back.
FYI I tested the sub (IKD…) today - seems OK. Yellow is RGT16BM65DTL, blue is IKD15N60RC2ATMA1. Some differences in shape but a nice rising edge still. May see slightly different effects, will do some more testing.
Hello coflynn i have question , i already build PICOEMP and it not works (not charging HV capacitor) i use different parts:
KNOWN SUBS:
D2: US1J-13-F (NOT TESTED YET)
Q3/Q4: PMV37ENEAR
J1: 142-0701-801
I used IRLML0060TRPbF instead of AO3422 and US1J-13-F instead of MURA160T3G also HV transistor i used IKD15N60RC2ATMA1 instead of RGT16BM65DTL - do you know what i did wrong ? , have you checked US1J-13-F is it works ?
Regards
same here…
used IRLML0060TRPbF instead of AO3422 and not same leds and not charging HV…
H.V. led is not working…
All other components are same as listed.
