Android Hardware Reverse Engineering

EMFI Attacks on Android Secure Elements: A Hands-On Reverse Engineering Lab

By Antigravity Research Published May 29, 2026 ⏱️ 6 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction: The Silent Threat of Electromagnetic Fault Injection

In the evolving landscape of mobile security, Android Secure Elements (SEs) stand as critical bastions protecting sensitive data and operations. These hardware-backed security enclaves, ranging from TrustZone-based Trusted Execution Environments (TEEs) to dedicated embedded Secure Elements (eSEs) and UICCs (SIM cards), are designed to be resilient against software attacks. However, a different class of adversary emerges from the physical domain: fault injection. Among these, Electromagnetic Fault Injection (EMFI) has proven to be a highly effective and stealthy technique to induce transient errors in silicon, potentially bypassing robust security mechanisms. This article delves into the principles of EMFI and outlines a hands-on reverse engineering lab methodology to explore its application against Android Secure Elements.

Understanding Android Secure Elements

Android devices rely on a layered security model, with hardware-backed security playing a pivotal role. Secure Elements are dedicated, tamper-resistant environments isolated from the main Android OS, designed to handle cryptographic operations, secure key storage, secure boot, attestation, and payment processing. Their integrity is paramount.

Types of Secure Elements in Android:

  • Trusted Execution Environment (TEE): Often implemented using ARM TrustZone, the TEE runs a separate, minimal Trusted OS (e.g., OP-TEE, Trusty) alongside the Rich OS (Android). It executes Trusted Applications (TAs) or Trustlets that perform security-critical tasks.
  • Embedded Secure Element (eSE): A dedicated hardware chip on the device motherboard, similar to a smart card chip, providing a highly secure environment for sensitive applications like NFC payments.
  • Universal Integrated Circuit Card (UICC) / SIM Card: While primarily for network authentication, modern SIMs can host Java Card applets, acting as a secure element for certain applications.

The security guarantees of these elements are crucial. A successful fault injection attack can compromise these guarantees, leading to data exfiltration, privilege escalation, or authentication bypasses.

Electromagnetic Fault Injection (EMFI) Fundamentals

EMFI is a non-invasive physical attack technique that leverages localized, high-intensity electromagnetic pulses to induce transient voltage fluctuations within integrated circuits. These fluctuations can manifest as various types of faults:

  • Bit flips: Changing a 0 to 1 or vice-versa in memory or registers.
  • Instruction skips: Causing the CPU to miss an instruction or a sequence of instructions.
  • Register corruption: Altering the contents of CPU registers.
  • Program Counter (PC) corruption: Forcing a jump to an unintended memory address.
  • Cache misses/hits: Influencing cache behavior to reveal information or alter execution.

The principle relies on generating a focused H-field (magnetic field) or E-field (electric field) using a specialized probe, coupled with a high-current pulse generator. When this pulse interacts with the target IC’s internal circuitry (e.g., metal traces, transistors), it can induce currents or voltages that temporarily disrupt normal operation.

EMFI Setup Components:

  1. EM Injector: Consists of a pulse generator (e.g., a custom MOSFET driver, commercial fault injection tool like Riscure Inspector) and an EM probe (H-field or E-field, typically custom-designed for precision).
  2. Target Device: An Android smartphone or development board with an exposed System-on-Chip (SoC) or Secure Element. Often, decapping (removing the chip’s epoxy packaging) is required for precise targeting.
  3. Triggering Mechanism: A precise timing system (e.g., FPGA, microcontroller, oscilloscope with trigger output) to synchronize the EM pulse with specific vulnerable operations within the target firmware.
  4. Observation & Debugging: Tools like JTAG/SWD debuggers, logic analyzers, oscilloscopes, and serial consoles to monitor the target’s behavior and analyze the effects of the fault.
  5. Micropositioning Stage: A high-precision XYZ stage to accurately position the EM probe over the tiny areas of the chip’s die.

Lab Setup: Preparing for a Practical EMFI Attack

Hardware Requirements:

  • Target Android Device: An older Android device (e.g., a Google Pixel 1/2, a specific development board like a DragonBoard) with an accessible SoC. Decapping tools (heat gun, chemicals like fuming nitric acid or concentrated sulfuric acid, safety equipment) will be necessary to expose the die.
  • EMFI Rig: Purchase or build a pulse generator capable of delivering short, high-current pulses (e.g., 50A+ in nanoseconds). Acquire or fabricate a set of EM probes.
  • Oscilloscope: A digital storage oscilloscope (DSO) with at least 200MHz bandwidth for precise trigger synchronization and pulse monitoring.
  • Logic Analyzer/Debugger: A JTAG/SWD debugger (e.g., J-Link, OpenOCD compatible adapter) connected to the target SoC’s debug port (if exposed).
  • Micropositioning Stage: A high-resolution motorized or manual XYZ stage.
  • Magnification: A stereo microscope or high-resolution camera for precise probe placement.

Software Requirements:

  • ADB (Android Debug Bridge): For interacting with the Android operating system.
  • GDB (GNU Debugger): To connect to the target via JTAG/SWD for debugging TEE firmware.
  • Firmware Analysis Tools: Ghidra or IDA Pro to reverse engineer the TEE OS and Trusted Applications.
  • Custom Android Application: A simple app to trigger the desired secure element operation (e.g., PIN verification, cryptographic function call) from the Rich OS.
  • Custom TEE/Trigger Code: If available, modify TEE Trusted Applications to expose trigger points or monitor specific events.

Attack Methodology: A Step-by-Step Guide

1. Target Identification & Reverse Engineering

The first step involves identifying the specific Secure Element on the PCB and locating the vulnerable code within its firmware. This often requires significant reverse engineering:

  1. PCB Analysis: Identify the SoC and any dedicated SEs. Use datasheets or visual inspection.
  2. Decapping: Carefully remove the epoxy package of the SoC to expose the silicon die. This is crucial for precise probe placement.
  3. Firmware Acquisition & Analysis: Obtain the TEE firmware (e.g., from publicly available device images, or via debug ports if not locked down). Use tools like Ghidra or IDA Pro to identify critical code sections (e.g., `memcmp` for PIN verification, cryptographic routines, conditional branches).

2. Trigger Point Identification & Setup

Precise timing is paramount. Identify an exact instruction or a small block of instructions within the target operation where a fault would yield the desired effect.

  • Software Trigger: If possible, modify a Trusted Application to toggle a GPIO pin or write to a specific memory address immediately before the target instruction. This signal serves as the trigger for the EMFI pulse.
  • Hardware Trigger: Use an oscilloscope to detect specific events (e.g., data bus activity, power consumption spikes) that correlate with the execution of the target code.

For example, if targeting a PIN verification function, the trigger should fire just before or during the comparison instruction:

// Pseudocode for a Trusted Application (TA) PIN verification
TA_RESULT verify_user_pin(const uint8_t* provided_pin, size_t pin_len) {
    uint8_t stored_pin[PIN_LENGTH];

    // Assume load_secure_pin() is a trusted function
    load_secure_pin(stored_pin);

    // <-- EMFI TRIGGER POINT HERE -->
    // Target instruction: memcmp for PIN comparison
    if (memcmp(provided_pin, stored_pin, PIN_LENGTH) == 0) {
        return TA_SUCCESS; // PIN matches
    } else {
        return TA_AUTH_FAILED;
    }
}

3. EMFI Pulse Application & Synchronization

Mount the EM probe on the micropositioning stage. Using the microscope, carefully position the probe tip directly over the target area on the decapped die (e.g., a specific CPU core, memory controller, or cryptographic accelerator). Connect the pulse generator and oscilloscope. The oscilloscope will monitor the trigger signal from the target and, after a precisely calibrated delay, trigger the EM pulse generator.

  • Parameter Sweeping: Start with low pulse voltage and duration. Systematically vary parameters (probe position, pulse amplitude, pulse width, delay relative to trigger) to find the

    Android Mobile Specs & Compare Directory

    Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

    Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #EMFI #Fault Injection #Hardware Hacking #Secure Element

Related Technical Guides

ROP Chains & JTAG: Crafting Advanced Samsung SBOOT Bypass Exploits (Exynos/Snapdragon)

May 29, 2026

Advanced UFS Controller Exploitation: Bypassing Security for Raw Data Dumps

May 30, 2026

JTAG & ISP for Android: Hardware-Level Firmware Injection on Bricked or Secure Devices

May 30, 2026