There is a glitch in the Matrix!
This.. This blog post will be about a micro project I am trying to solve the RHME2 Fault injection challenge with. Fault.. Fault injection is a hacking technique where a system or a device is stressed in an unusual way. The.. The device may respond unexpectedly to the injection attack and reveal information that is otherwise not accessible.

In this particular case, the power supply to a microcontroller is to be interrupted for a very short time. Presumably, the flag of this challenge is protected by a simple if query which could be skipped during the glitch. Thus, the microcontroller would switch to a code path that is normally not accessible.

Since a voltage glitch attack must be timed very precisely, FPGAs or dedicated hardware is usually used. In this case, however, the glitch is to be performed with a single and cheap Raspberry Pico. The Raspberry Pico is a very powerful and easy to program microcontroller and the accuracy of the timing attack should be sufficient for this application.

Initial tests look promising. The Pico takes commands from a script that is started on the host computer. With the host, the delay at which the glitch should start and the duration of the glitch can be set. In the following video it is shown how the delay can be changed.

Since this project is work in progress, it is not guaranteed to be working in the end. Who knows.
The project can be found on github.

I've got the flag! Since most of the work was already done, the rest was relatively straight forward. I connected the gate of a MOSFET to the glitch output, the source to ground and a cable to drain. I searched for a promising pin of the Atmega328p microcontroller on the Arduino board and touched the pin with the cable. After a few adjustments, the flag was visible on the terminal.