Info

This document is part of an original submission for the RP2350 Hacking Challenge.

For more detailed and up-to-date content, refer to “Laser Fault Injection on a Budget: RP2350 Edition”.

Sample Preparation

Goal

The fault injection attack is performed from the backside of the die.

This choice has been made for two reasons:

  • Accessing the backside can be achieved with cheap mechanical tools. Exposing the top of the die would have required chemicals I don’t want to deal with.
  • Based on images available online, it seems the top of the die is fully covered by a metal layer, possibly making fault injection more complicated.

This page details how the backside of the die was exposed while still keeping the RP2350 functional. Note that I’m not an integrated circuit packaging expert, so the wording used here could be a bit vague.

Die Exposure

A cheap (€30) dremel-like tool, advertised as an “Engraving Tool”, has been used to carefully remove material around the ground pad.

Engraving Tool

Cheap Engraving Tool used for this work

After enough material has been removed, the metallic ground pad can be taken off, exposing a layer of what looks like silver (heat-conductive?) paste. This paste can easily be scratched out, revealing the backside of the die.

Exposed Backside after Mechanical Grinding

Exposed Backside after Mechanical Grinding

Soldering

The RP2350 with the exposed die can now be soldered onto a custom board that:

Assembled RP2350 component

The target component, soldered on a custom PCB, viewed from the bottom

Ground Connection Repair

An obvious issue with grinding down the ground pad to access the die is that the only ground connection to the integrated circuit is destroyed.

Trying to use the PGND pin of the internal DC/DC converter doesn’t work. It seems this signal isn’t internally connected to ground.

Instead, a way to restore a good enough ground connection has been implemented.

It’s challenging to see in the pictures shared above, but specks of exposed copper, as well as “holes” where severed bond wires were passing, are visible.

Slightly scratching these areas can sometimes reveal more conductive material. I’m not sure if these are bond wire residues or a very thin copper layer.

In any case, applying conductive epoxy on top of these small exposed copper bits was enough to restore a good enough ground connection.

Conductive Epoxy has been applied

View of the applied epoxy glue, after curing

The reference of the conductive epoxy I used is MG CHEMICALS 9410, cured at \(150°C\) for about 10 minutes.

Limitations

This process is, of course, a bit risky. While I’ve gotten better at it after a few attempts, I don’t think I can claim a 100% success rate.

Additionally, the ground connection restored thanks to the conductive epoxy is far from perfect. For instance, I’m usually not able to run such a modified RP2350 at high clock speeds, as it results in higher current being drawn.

Finally, I found that some I/O pads can sometimes stop working. I’m not sure all ground bond wires are internally connected on the die; I may not restore a good enough connection for all of them.

However, the target of the attack is the Boot ROM. The hardware is configured very conservatively by this ROM: clock speeds are low, etc. In this context, the “ground connection repair” method appears to be good enough.

Last update: November 22, 2024