Field Programmable Gate Array• Reprogrammablelogic.• Logic simultaneously“executes” in a singleclock cycle.• Embedded memoriesfor data buffering.Source: http://commons.wikimedia.org/wiki/File:LEGO_Bits_Box_2.jpg
Die Datenkrake• Open-Source Hardware & Software• User friendly interfaces and connectors• Test pads, breakout of GPIO pins(terminated & unterminated),bread-boardable• Firmware & bitstream updates of theDDK via USB serial interface
Microcontroller• Controls FPGA power and reset• Controls buffer power• Provides clock for FPGA• Interfaces to the user/PC• IEEE1532 ISP of FPGA
FPGA• 3 UARTs / 6 GPIO interfacing the µCfor data exchange• 16bit parallel bus interfacing the µCfor data and command exchange• 56 general purpose 3.3/5V tolerant,terminated I/O for interfacing yourtargets
Hardware Fuzzing• Fuzzing multiple hardware instances.• Determine the current state of the target.• Example application: concurrent monitoringof embedded linux devices via serial interface(Odroid-U2)• Crash detection, target device reset andlogging (FIFO memory).• Multiplexing signals to the device.
Hardware Glitching• Transient, non-invasive fault injection (rise &hold-time violations).• Attacks a single clock cycle. May cause"incorrect" values to be loaded into registers ormemory locations.• Require precise timing on the order offractions of clock-cycles of the target.• Two common forms: Voltage supply and clockglitching.
Clock Glitching• Alter the clock period during execution.• Results in incorrect intermediate valuesas the result is sampled too early.• DDK includes PLLs, frequency dividersand multiple global clock signals.• Multiple clock frequencies can begenerated (i.e. 20ns, 10ns ...).
Hardware Glitchingin-ges,se-im-rialperesetsixcesour-U2. Inhar-ncehinuto-dulechXsmartcardmvccmgndvccgndoeclkrstI/Os1s2vccvglitchvglitchFigure 2: Hardware GlitcherSecure systems are susceptible to several classes of
Software Defined Radio• Utilize digital RF transceivers with a digitalserial output of data.• Multiple transceivers and multipleconfigurations can be monitoredsimultaneously.• Only certain parts of the payload are ofinterest while others can be discarded.• Protocol decoding must keep up with the datarate of the target.