Android Hardware Reverse Engineering

Building an Android SEP Glitching Workbench: Hands-on Secure Enclave Hardware Attack Lab

By Antigravity Research Published May 29, 2026 ⏱️ 10 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction: The Imperative of Secure Enclaves and Hardware Attacks

In the evolving landscape of mobile security, Android devices rely heavily on hardware-backed security features, chief among them being the Secure Enclave Processor (SEP), often a component of a larger Trusted Execution Environment (TEE). The SEP is designed to protect sensitive operations such as cryptographic key storage, biometric authentication, and secure boot processes from software-level attacks. However, as software defenses mature, hardware-level attacks, particularly fault injection or "glitching," are gaining prominence as a means to bypass these critical security mechanisms. Building a dedicated hardware attack workbench offers invaluable hands-on experience and a deeper understanding of these vulnerabilities.

This article provides a detailed guide on constructing an Android SEP glitching workbench. We’ll cover the essential components, setup procedures, and a conceptual approach to fault injection against a Secure Enclave, transforming theoretical knowledge into practical, actionable skills for hardware reverse engineers and security researchers.

Understanding Secure Enclaves and Glitching Fundamentals

What is a Secure Enclave (SEP)?

A Secure Enclave is a physically isolated, hardware-protected environment within a System-on-Chip (SoC) that operates independently of the main application processor. It has its own memory, cryptographic engines, and often a dedicated operating system (e.g., Trusty OS, OP-TEE). Its primary goal is to provide a "root of trust" for critical operations, ensuring their integrity and confidentiality even if the rich operating system (Android) is compromised.

The Principle of Fault Injection (Glitching)

Fault injection, or glitching, is a powerful hardware attack technique that involves intentionally introducing transient errors into a target system to disrupt its normal execution flow. By precisely manipulating environmental parameters like supply voltage, clock frequency, or electromagnetic fields, attackers can cause a processor to misfetch an instruction, skip a comparison, or execute an unintended code path. When applied to an SEP, a successful glitch can potentially bypass security checks, extract secret keys, or escalate privileges.

The two most common types of glitching for SEPs are:

  • Voltage Glitching: Momentarily dropping or raising the supply voltage to the SEP or a critical component at a precise moment.
  • Clock Glitching: Introducing an extra clock pulse, skipping a clock pulse, or altering the clock frequency to disrupt synchronous operations.

Essential Components of Your Glitching Workbench

Building an effective glitching setup requires specialized equipment that allows for precise control and observation.

1. Programmable DC Power Supply

A high-precision, programmable DC power supply is crucial for voltage glitching. It must be capable of:

  • Fine voltage resolution (mV or sub-mV).
  • Fast voltage transient generation (e.g., microseconds).
  • Current limiting for device protection.
  • External triggering capabilities.

Recommendation: Keithley 22xx series, Rigol DP832A, or similar lab-grade supplies. For budget-conscious setups, a fast MOSFET switch controlled by an MCU can be used to momentarily short the power line, though this is less precise than a dedicated programmable supply.

2. High-Speed Oscilloscope

An oscilloscope is indispensable for visualizing voltage and clock signals, verifying glitch timing, and observing the target device’s response. Key features include:

  • High bandwidth (at least 100MHz, preferably 200MHz+ for faster signals).
  • High sampling rate (1GS/s or more).
  • Multiple channels (for simultaneous observation of glitch trigger, supply voltage, and device behavior).
  • Advanced triggering capabilities (e.g., edge, pulse, Runt, Pattern).

Recommendation: Rigol DS1054Z (hacked to 100MHz), Keysight MSOX series, or Tektronix MDO series.

3. Glitch Controller (FPGA/MCU)

This is the brain of your glitching setup, responsible for generating precisely timed pulses that trigger the power supply or directly inject faults. Microcontrollers and FPGAs offer different advantages:

  • Microcontrollers (MCUs): Good for simpler, less demanding timing. Boards like the Raspberry Pi Pico (using its PIO state machines for sub-microsecond precision) or Teensy 4.x (with its high clock speed) are excellent choices.
    • // Example Pico PIO C code snippet for generating a precise pulse (conceptual)uint336_t glitch_program_instr[] = {  // Pull 'x' from TX FIFO, 'y' from TX FIFO  pio_mov(pio_x, pio_osr),  // Move OSR into X, used as loop counter  pio_mov(pio_y, pio_osr),  // Move OSR into Y, used as delay after pulse  // Set output high for pulse  pio_set(pio_pins, 1),      // Set the glitch pin high.  pio_jmp(pio_x_dec, glitch_loop_label), // Loop X times, keeping pin high  // Set output low to end pulse  pio_set(pio_pins, 0),      // Set the glitch pin low.  pio_jmp(pio_y_dec, delay_loop_label), // Loop Y times, keeping pin low  // End of program  pio_jmp(pio_wrap_target)};
  • FPGAs: Offer superior timing precision (nanosecond-level) and parallelism, ideal for complex glitching strategies and very fast targets. Low-cost Lattice iCEstick or ECP5 boards are good starting points.

4. Target Device & Fixturing

An Android device with exposed test points or easily accessible power rails (e.g., older Samsung or Pixel devices with known debug interfaces) is ideal. Device preparation involves:

  • Disassembly: Carefully open the device.
  • Identification of SEP power/clock lines: Requires schematics (if available), datasheets, or careful reverse engineering using a multimeter and microscope to trace power management ICs (PMICs) to the SEP.
  • Soldering fine wires: To inject faults and monitor signals. Consider using a custom PCB fixture with pogo pins for repeatable connections.

5. Probes, Cables & Connectors

  • High-quality oscilloscope probes (e.g., passive 10x probes).
  • Low-inductance wires and coaxial cables for connecting the glitch controller to the power supply and target.
  • Breadboards or custom PCBs for intermediate circuitry (e.g., MOSFET switches).

6. Workstation & Software Tools

A Linux workstation is recommended for:

  • Controlling the glitch controller (e.g., custom Python scripts, MicroPython for Pico/Teensy).
  • Analyzing oscilloscope data.
  • Firmware development for FPGA/MCU.

Workbench Setup: A Step-by-Step Guide

1. Device Preparation and Target Identification

Begin by carefully disassembling your target Android device. Using a microscope, identify the SEP chip. If schematics are unavailable, use a multimeter in continuity mode to trace power rails from the PMIC to the SEP. Look for power lines (VCC_SEP, VDD_CORE) and clock lines. Often, you’ll find small inductors or capacitors on these lines that are convenient points for injection.

# Example conceptual steps for device prep1. Safely open the Android device enclosure.2. Locate the main SoC and identify the Secure Enclave area (often integrated or nearby).3. Use a digital multimeter (DMM) to probe voltage rails around the SEP and PMIC.4. Identify a suitable power rail to the SEP, typically after a low-dropout (LDO) regulator.5. Solder thin enamel wires (e.g., 36 AWG) to this power rail and a stable ground.   Ensure wires are short and secure to minimize inductance.

2. Integrating the Programmable Power Supply

Your programmable power supply needs to inject the voltage glitch into the SEP’s power rail. This often involves cutting the existing power trace to the SEP and inserting the programmable supply in series or parallel, or using a fast switch.

  • Series Injection (recommended for precision): Desolder a component (e.g., a ferrite bead or LDO output capacitor) on the SEP’s power line. Connect the output of your programmable supply to the SEP side of the cut, and the supply’s ground to the device’s ground. The input to the LDO will still power the rest of the board. This allows full control over SEP voltage.
  • Parallel Injection (simpler, less precise): Connect the programmable supply in parallel to the SEP’s power rail. The supply will momentarily dip the voltage when activated.

3. Connecting the Glitch Controller

The glitch controller (FPGA/MCU) will orchestrate the attack. Its output needs to trigger the programmable power supply or a fast-switching circuit. If your programmable supply has an external trigger input for voltage transients, connect the glitch controller’s output directly to it. If not, you might use the glitch controller to activate a fast MOSFET that shorts the power line to ground for a brief moment.

# Conceptual Python/MicroPython code for Raspberry Pi Pico (glitch controller)import machineimport time# Define glitch pin and trigger pinGLITCH_PIN = machine.Pin(0, machine.Pin.OUT)TRIGGER_PIN = machine.Pin(1, machine.Pin.IN, machine.Pin.PULL_DOWN)def apply_glitch(duration_us, pre_delay_us):    # Wait for an external trigger (e.g., device performing a secure operation)    while TRIGGER_PIN.value() == 0:        pass    time.sleep_us(pre_delay_us)    # Apply the glitch    GLITCH_PIN.value(1)    time.sleep_us(duration_us)    GLITCH_PIN.value(0)    print("Glitch applied!")# Example usage: apply a 100ns glitch after a 50us delay from trigger# (Note: real sub-microsecond control needs PIO on Pico, not time.sleep_us)apply_glitch(0.1, 50)

4. Oscilloscope Monitoring

Connect oscilloscope probes to at least three points:

  • Channel 1: The glitch trigger signal from your controller.
  • Channel 2: The actual voltage/clock line on the SEP where the glitch is injected.
  • Channel 3 (optional but recommended): A known stable clock signal or data line from the SEP or main SoC to observe the effect of the glitch on device behavior.

Configure the oscilloscope to trigger on the glitch controller’s output, allowing you to visualize the precise timing of the glitch relative to the SEP’s operations.

The Art of Glitching: Finding the Sweet Spot

Fault injection is largely an iterative process of trial and error. The goal is to find the "sweet spot" – the precise timing, duration, and amplitude of the glitch that causes a desired security bypass without simply crashing the device.

Voltage Glitching Strategy

  1. Identify Target Operation: Choose a specific security-critical operation on the SEP, such as a cryptographic signature verification, a key derivation function, or a secure boot integrity check.
  2. Program Target Device: Make the Android device repeatedly execute this target operation (e.g., repeatedly attempt biometric authentication or trigger a secure boot check).
  3. Synchronize Glitch: Use your glitch controller to generate a precise pulse. Start with a wide range of "pre-delays" (delay from a trigger event to the glitch) and "glitch durations" (width of the voltage dip/spike).
  4. Iterate and Observe: Systematically sweep through different pre-delay and duration parameters. Start with small voltage drops/spikes (e.g., 10-50mV) and short durations (e.g., 100ns to 10us). Observe the device’s behavior: crashes, reboots, unexpected success, altered output, or error messages.
  5. Refine Parameters: Once you observe a deviation from normal behavior, narrow down the parameters. Tiny adjustments (e.g., 10ns duration changes, 1us pre-delay changes) can make a significant difference.

Clock Glitching Strategy

The process is similar, but instead of altering voltage, you’re manipulating the clock signal directly. This usually involves injecting an extra clock pulse, shortening a clock pulse, or temporarily stopping the clock. This often requires highly specialized hardware (like a custom FPGA board) due to the extremely precise timing required for clock signals in modern SoCs.

Safety and Ethical Considerations

Working with hardware at this level carries risks. Always:

  • Start Small: Begin with minimal glitch parameters to avoid permanent damage to your target device.
  • Current Limiting: Use the current limiting feature on your power supply to protect the device from overcurrents during faults.
  • ESD Precautions: Use an ESD mat and wrist strap to prevent electrostatic discharge damage.
  • Document Everything: Keep meticulous notes on your parameters, observations, and results.
  • Ethical Hacking: Ensure all research is conducted ethically and legally, with proper authorization and disclosure.

Conclusion

Building an Android SEP glitching workbench is a challenging yet incredibly rewarding endeavor. It bridges the gap between theoretical knowledge of hardware security and practical exploitation. While the path to a successful glitch can be long and arduous, the hands-on experience gained in precise timing control, signal analysis, and fault injection techniques is invaluable for anyone serious about understanding the deep layers of modern mobile security. This workbench serves as a powerful laboratory for dissecting the defenses of Secure Enclaves and contributing to the ongoing effort to secure our digital world.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #Fault Injection #Hardware Hacking #Reverse Engineering #Secure Enclave

Related Technical Guides

Extracting Secrets: Recovering Secure Boot Keys and Anti-Rollback Fuses with Android Voltage Glitching

May 29, 2026

UFS Pinout Mapping & Tracing: Reverse Engineering for Physical Data Access

May 30, 2026

How-To: Building a Custom NAND Reader for Android Forensics & Data Recovery

May 30, 2026