Hello,
I’m new to fault injection / voltage glitching, but very interested in learning properly. Before purchasing ChipWhisperer, I’d like to understand whether it fits my use case.
I’m working with a Nuvoton W78E052DDG (8051-based MCU) with internal Flash and full physical access (VCC, GND, RESET, XTAL). My goal is to explore voltage glitching to bypass read protection or induce instruction faults during boot/Flash access.
I would really appreciate guidance on:
-
Whether voltage glitching is feasible on W78E05x or similar 8051 MCUs
-
If CW-Lite is sufficient for a beginner, or if CW-Pro is recommended
-
Whether clock synchronization is required, or if voltage-only glitching can work at these clock speeds
I’m eager to learn and follow best practices, and any advice, references, or prior experiences would help a lot.
Thank you for your time and guidance.
Mohamed Asif
Welcome! Your questions are a bit too general. I suggest you search for what others have published about this target, and if/how they were able to bypass read protection.
That’s the first step towards figuring out which ChipWhisperer you may need.
1 Like
Thanks for the direction.
I did search specifically for W78E052 / W78E05x, but couldn’t find any public write-ups or confirmed read-protection bypasses. I then broadened the search to generic 8051, older Winbond/Nuvoton MCUs, and reset/early-boot glitching, but information is still very limited.
Given this lack of prior art, would it be reasonable to treat this as an exploratory target and start with basic VCC glitching around reset, using CW-Lite just to determine feasibility?
I appreciate any guidance on how experienced users approach undocumented targets.
The first step that I recommend, if you haven’t done this sort of thing before, would be to learn the ropes by learning to do some fault attacks on a target for which success is known to be possible. You can do this by buying a ChipWhisperer kit and going through our tutorials.
For your target I would recommend either the CW-lite or Husky. CW-Nano could in theory be used but it’s not ideal for external targets, and CW-lite has capabilities over the Nano that can make things much easier.
Whether or not you need a Husky depends on mostly:
- Do you need its higher clocking rates? Depends on your target’s clock rate. Being able to run things synchronously to your target clock can be hugely advantageous.
- Do you need its increased sample storage? For this kind of attack, probably not.
- Do you need the additional triggering options that it gives you? This will depend on your target and how much control you have over it.
All the specs and comparisons can be found here.
1 Like
Thank you, that helps a lot.
I understand the recommendation to first learn on a known-vulnerable target using the ChipWhisperer tutorials before attempting an undocumented MCU like the W78E052.
Based on your explanation, I’ll start with CW-Lite and focus on learning basic voltage glitching and synchronization concepts first. Once I’m comfortable, I’ll revisit my target and evaluate whether tighter clock sync or additional triggering (Husky) is actually needed.
Thanks again for taking the time to explain the differences and the learning path — much appreciated.