Skip to content

newaetech/chipjabber-basicbbi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
basicbbiv0
basicbbiv0
 
 
basicbbiv1
basicbbiv1
 
 
cardis2020
cardis2020
 
 
img
img
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

ChipJabber-BasicBBI

What the heck is Body Biasing Injection? This is a method of injecting faults into the backside of an IC, which results in an injection somewhere between EMFI & Laser-FI. This work has been presented since 2012, yet there has been less follow on work compared to topics such as EMFI & Laser FI. ChipJabber-BasicBBI tries to help with that by making available both the injection tool & target for all!

You can see the following papers for the origins of this:

  • Philippe Maurine. Techniques for EM Fault Injection: Equipments and Experimental Results. FDTC 2012: Workshop on Fault Diagnosis and Tolerance in Cryptography. 9 Sept. 2012. PDF Available.

  • Philippe Maurine, Karim Tobich, Thomas Ordas, Pierre Yvan Liardet. Yet Another Fault Injection Technique: by Forward Body Biasing Injection. YACC’2012: Yet Another Conference on Cryptography, Sep 2012, Porquerolles Island, France. PDF Available.

  • Karim Tobich, Philippe Maurine, Pierre Yvan Liardet, Mathieu Lisart, Thomas Ordas. Voltage Spikes on the Substrate to Obtain Timing Faults. 2013 Euromicro Conference on Digital System Design, Los Alamitos, CA, 2013, pp. 483-486. PDF Available

  • Noemie Beringuier-Boher, Marc Lacruche, David El-Baze, Jean-Max Dutertre, Jean-Baptiste Rigaud, Philippe Maurine. Body Biasing Injection Attacks in Practice. In Proceedings of the Third Workshop on Cryptography and Security in Computing Systems (CS2 '16), 2016. PDF Available

BBI Made Simple

BBI uses a simple idea - use a physical probe on the IC die backside. While it turns out that WLCSP devices expose the backside (or have some flimsy film over it you can remove easily), allowing you to perform BBI without becoming John McMaster.

The idea of this repo is to perform BBI using a simple probe, which uses a transformer to generate the required pulses. This looks something like this:

CARDIS 2020 Paper

This work was presented at CARDIS 2020, see an extended version of the paper in the CARDIS directory of this repository. If you use these results (or this design), please reference:

O'Flynn, Colin. (2021) Low-Cost Body Biasing Injection (BBI) Attacks on WLCSP Devices.
In: Liardet PY., Mentens N. (eds) Smart Card Research and Advanced Applications. CARDIS 2020.
Lecture Notes in Computer Science, vol 12609. Springer, Cham. https://doi.org/10.1007/978-3-030-68487-7_11

You can pull the citation from the SpringerLink page as well.

About

A Basic BBI Tool - So Simple, But So Good!

Resources

Readme
Activity
Custom properties

Stars

28 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages