Electronics > Beginners

Fast high power logic level converter for fault injection

(1/1)

squ1zzy:
For the RHme2 Fiesta challenge (https://github.com/Riscure/Rhme-2016/tree/master/challenges/binaries/fiesta) I'm trying to perform a fault injection by dropping the voltage of an Arduino Nano for a very short amount of time. When this happens exactly at the right moment with the right duration, the Arduino will probably skip some instructions and will jump out of its for loop.
To perform this very short voltage dip, I've programmed an FPGA to create a short negative pulse when I click a button. This is working great, however the FPGA operates at 3.3V and does not supply a lot of current. To power the Arduino nano I need to have something around 5 volts, with probably 30mA max (i guess). I have tried different logic level conversion techniques, but it still doesn't work.
At first I tried using a general bidirectional logic level converter from AliExpress, this is working great, even with higher speeds, however it can not supply enough current to run the Arduino.
The second try was to create a logic level converter with 2N2222 transistor, as in the following schematic (
--- End quote ---
). This did not get up to the high pulse speed produced by the FPGA, and also couldn't supply the Arduino with enough current. I tried various resistor values to get a better current throughput, at some point I got the Arduino running, but the circuit didn't even respond to the negative pulse.
The last try was with an opamp I have laying around, The LM324AN to be precise. This also didn't respond quick enough to the negative pulse.
Is there any other way or any improvements to the methods i've tried, to power the Arduino nano, and have a really quick negative pulse, to perform a fault injection attack?

pix3l:
Have you heard of Chipwhisperer? They might have some interesting documentation https://newae.com/sidechannel/cwdocs/ ...

rhb:
Read the datasheet for this:

https://www.allelectronics.com/item/llc-46/logic-level-converter-bi-directional/1.html

The maximum source drain current is 220 mA. And the worst case pulse is 50 nS.

These *look* the same, but there's no datasheet.

https://www.ebay.com/itm/10pcs-4-Channel-IIC-I2C-Logic-Level-Converter-Bi-Directional-Module-5V-to-3-3V/263460001577

Ian.M:
A genuine Arduino Nano has a total of 7.7μF decoupling capacitance on its 5V rail that feeds the Atmega328P Vcc pin.  Its clocked at 16MHz, so one instruction cycle is 62.5ns.  An Atmega328P can run down to as low as 1.8V, so the glitch is going to have to drop the 5V rail by over 3V.   Assuming a whole cycle triangular glitch will do the job, you've got to get about 25μC of charge out of the decoupling caps in about 31ns and back in immediately afterwards. That's a current of about 800A at a slew rate of 100V/μs.   Also you cant tolerate more than 0.5V overshoot.  You aren't going to be able to do that without a *LOT* of *VERY* *FAST* silicon and a vast budget.   Maybe if you are working for Fermilab you could sneak it in as a hobby project . . .

With just the MCU chip minimal decouping capacitace can be more than three orders of magnitude lower.  The current the glitch generator has to handle is reduced in the same proportion.  However its still hundreds of mA at a very high slew rate for the  currents involved and stringent limits on the tolerable overshoot.

Take out a second mortgage for development costs and have fun . . . .

Navigation

[0] Message Index

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod