Introduction to AndroFI and Fault Injection on Android SoCs

Fault injection (FI) is a powerful technique used in hardware security research to induce transient or permanent errors in a target system, often revealing vulnerabilities or bypassing security mechanisms. AndroFI, a specialized fault injection platform, is designed to target Android System-on-Chips (SoCs). While incredibly versatile, setting up and maintaining a stable AndroFI rig for consistent fault injection experiments can be challenging. This guide provides an expert-level walkthrough of common issues encountered during AndroFI setup and operation, offering practical troubleshooting steps and solutions to help you achieve reliable results.

1. Hardware Connectivity and Driver Issues

One of the most frequent hurdles involves establishing a robust connection between your host machine, the AndroFI hardware (often an FPGA or microcontroller-based board), and the Android target device. Intermittent or absent communication can stem from various sources.

1.1 USB/Serial Communication Problems

The AndroFI host software typically communicates with the injection hardware via USB-to-serial converters. Issues here can prevent the host from sending commands or receiving feedback.

• Symptom: Host software cannot detect the AndroFI board; `ls /dev/ttyUSB*` or `Get-WmiObject Win32_SerialPort` shows no new devices.
• Fixes:
  • Verify Cables: Ensure USB cables are not damaged and are securely connected. Try different cables.
  • Driver Installation: Confirm correct drivers (e.g., FTDI, CH340) are installed for your USB-to-serial chip. On Linux, check `dmesg | grep tty` after plugging in. On Windows, verify in Device Manager.
  • Permissions (Linux): Add your user to the `dialout` or `uucp` group: `sudo usermod -a -G dialout $USER && newgrp dialout`.
  • Device Manager (Windows): Check for unrecognized devices or driver errors. Reinstall drivers directly from the chip manufacturer’s website.

# Example: Checking dmesg for USB-serial detection (Linux)dmesg | grep ttyUSB

1.2 JTAG/SWD Connectivity to Target SoC

Proper JTAG/SWD connection is critical for debugging, initial setup, and sometimes for delivering fault payloads. Issues often arise from incorrect wiring or signal integrity.

• Symptom: JTAG/SWD debugger (e.g., OpenOCD, Segger J-Link) fails to connect or identify the target SoC.
• Fixes:
  • Pinout Verification: Double-check the target SoC’s JTAG/SWD pinout against your wiring. Mismatched TCK, TMS, TDI, TDO, or nRESET are common errors. Refer to the SoC datasheet.
  • Soldering Quality: Inspect solder joints for cold joints, bridges, or poor contact. Reflow if necessary.
  • Pull-up/Pull-down Resistors: Ensure correct termination resistors are in place on JTAG lines, especially for TRST, TDI, and TMS if recommended by the SoC manufacturer.
  • Cable Length & Shielding: Long, unshielded cables can introduce noise. Use shorter, shielded cables for cleaner signals, especially for high clock rates.
  • Voltage Levels: Confirm the JTAG/SWD adapter’s voltage levels match the target SoC’s I/O voltage (e.g., 1.8V, 3.3V).

2. Software and Firmware Configuration Problems

Even with perfect hardware, software configuration mistakes can render your AndroFI rig inoperable.

2.1 AndroFI Host Software Configuration

The host software needs to correctly identify and control the injection hardware.

• Symptom: AndroFI software reports
  
  Android Mobile Specs & Compare Directory

  Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

  Compare Devices Specs →