Info

This document is part of an original submission for the RP2350 Hacking Challenge.

For more detailed and up-to-date content, refer to “Laser Fault Injection on a Budget: RP2350 Edition”.

Software & Gateware Overview

Overview

This page provides a brief overview of the software utilized in executing the attack. The code is currently a bit too messy to be released, but I hope to make it public after the challenge’s deadline.

FPGA Gateware

The I/O Board is interfaced with a Glasgow Interface Explorer device.

Glasgow embeds an FPGA and is built around a convenient software framework, allowing the gateware to be described using the Amaranth HDL.

The gateware written for this project is responsible for:

  • Basic I/O Control:
    • Turning the power supply of the target RP2350 on and off.
    • Controlling the RUN and BOOTSEL signals.
  • Trigger Timing: Monitoring the QSPI bus in real time.
  • Attack Orchestration:
    • Dynamically selecting the active QSPI Flash memory.
    • Pulsing the laser.

Laser Pulser Board

The Laser Pulser Board communicates with the host computer through a USB-to-I2C bridge component.

No firmware running on the board needed to be written, and the host computer can be directly used to configure the high-voltage power supply for the pulser circuit.

Delta Stage Control

The Delta Stage position is controlled by software running on a Raspberry Pi single-board computer.

The position of the stage can be programmatically set using a web-based API.

In the context of this attack, this API is leveraged to slowly scan over the sensitive areas while pulsing the laser.

Last update: November 24, 2024