Android Hardware Reverse Engineering

Practical EMFI Attacks on Android Secure Enclave (SEP): A Step-by-Step Hardware Hacking Tutorial

By Antigravity Research Published May 29, 2026 ⏱️ 5 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction to EMFI and Android’s Secure Enclave

Modern Android devices rely heavily on hardware-backed security features, chief among them being the Secure Enclave Processor (SEP), often implemented using ARM TrustZone or dedicated secure elements. This SEP is responsible for handling sensitive operations like cryptographic key management, secure boot verification, and biometric authentication. While robust, these hardware enclaves are not entirely impervious, and advanced side-channel and fault injection attacks, such as Electromagnetic Fault Injection (EMFI), present a significant threat.

This tutorial delves into the practical aspects of mounting an EMFI attack against an Android SEP. We will explore the theoretical underpinnings, the necessary tooling, a detailed methodology, and potential exploitation scenarios, providing an expert-level guide to understanding and performing such sophisticated hardware attacks.

Understanding Android’s Secure Enclave (SEP)

The Secure Enclave Processor (SEP) on Android devices provides an isolated execution environment, often referred to as the Trusted Execution Environment (TEE). It operates alongside the main Application Processor (AP) but with a much smaller, security-hardened codebase (Trusted OS) and dedicated hardware resources. Its primary functions include:

  • Key Management: Generating, storing, and using cryptographic keys without exposing them to the rich operating system (Android).
  • Secure Boot: Verifying the integrity of the boot chain from ROM to the Android OS.
  • Attestation: Providing verifiable proof of the device’s software and hardware state.
  • Biometric Processing: Securely handling fingerprint, face, or iris data for authentication.

The SEP is designed to resist software attacks from the Android kernel or applications. However, physical attacks like EMFI aim to bypass these protections by inducing transient faults directly into the SEP’s computation or control flow.

Electromagnetic Fault Injection (EMFI) Principles

EMFI is a non-invasive physical attack technique that leverages localized electromagnetic pulses to induce transient voltage or clock glitches in an integrated circuit (IC). These glitches can alter instructions, skip operations, or corrupt data during execution, potentially leading to security bypasses or information leakage.

How EMFI Works:

  • An EMFI injector coil is placed directly over the target IC.
  • A high-current pulse is sent through the coil, generating a strong, localized magnetic field.
  • This magnetic field induces an electromagnetic force (EMF) in nearby conductors within the IC.
  • The induced EMF can manifest as a voltage transient (power glitch) or disrupt local clock signals (clock glitch), leading to a computation error.

The effectiveness of an EMFI attack hinges on precise timing (synchronizing the pulse with a critical operation) and spatial targeting (positioning the coil over the sensitive part of the SEP die). Faults can cause outcomes such as: bit flips in registers or memory, skipped conditional branches, altered arithmetic operations, or premature termination of cryptographic routines.

Prerequisites and Tooling for EMFI Attacks

Mounting a successful EMFI attack requires specialized equipment and expertise:

  • Target Device: An Android device with a known SEP architecture. Devices like Google Pixel or Samsung Galaxy often employ dedicated secure elements or TrustZone implementations. Access to device schematics or X-ray imaging for precise SoC layout can be invaluable.
  • EMFI Injector: A dedicated EMFI platform (e.g., Riscure EM-FI Plate, NewAE ChipWhisperer-Husky with EMFI add-on, or custom-built solutions). This includes the pulse generator and a precisely controllable EM-probe.
  • Oscilloscope: For precise timing, triggering, and monitoring power consumption or clock signals. A multi-channel oscilloscope (e.g., Keysight, Tektronix) is essential for synchronizing the EMFI pulse with target operations.
  • Micro-positioning Stage: To precisely position the EM-probe over the target die area.
  • Software Development Kit (SDK) / Debugging Tools: To interact with the Android device, trigger SEP operations, and monitor responses (e.g., ADB, JTAG, UART).
  • Reverse Engineering Tools: For analyzing SEP firmware or relevant TEE applets (e.g., Ghidra, IDA Pro) to identify attack points.

Attack Methodology: Targeting the Android SEP

Step 1: Target Identification and Reverse Engineering

The first step involves identifying a vulnerable operation within the SEP. This often requires reverse engineering the SEP firmware or analyzing the Trusted Applications (TAs) running within the TEE. Look for:

  • Cryptographic operations: Key derivation functions, signature generation, encryption/decryption routines.
  • Authentication checks: PIN verification, biometric matching algorithms.
  • Integrity checks: Secure boot verification, firmware integrity checks.

Once a target operation is identified, analyze its assembly code to pinpoint specific instructions that, if faulted, would lead to a desired bypass (e.g., a `CMP` instruction for PIN verification, or a branch instruction that could be skipped).

Step 2: Physical Access and EMFI Setup

  1. Device Preparation: Decapsulate the SoC if direct access to the die is required. Alternatively, some attacks can be performed through the package if the field penetrates sufficiently. Carefully mount the target PCB onto the micro-positioning stage.
  2. Probe Placement: Using X-ray images, datasheets, or power analysis to locate the SEP on the SoC, precisely position the EMFI probe over the target area. This is a critical step; even slight misalignments can drastically reduce faulting success rates.
  3. Trigger Mechanism: Establish a reliable trigger for the EMFI pulse. This can be:
    • Software Trigger: A specific API call from the Android OS to the TEE that initiates the target operation. The EMFI pulse is triggered shortly after this call.
    • Power Trace Trigger: Monitor the device’s power consumption using an oscilloscope. A distinctive power transient associated with the target SEP operation can serve as a trigger.
    • GPIO Trigger: If a debug header is available, a GPIO pin can be toggled by the TEE at the start of the sensitive operation to provide a precise trigger signal.

Example Trigger Setup (conceptual):

// Pseudocode for Android app triggering TEE operation and EMFI externally#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>#include <chrono>#include <thread>void trigger_sep_op_and_fault() {    // 1. Prepare Keymaster operation (e.g., sign a challenge)    // This call will activate the TEE / SEP    // auto keymaster = IKeymasterDevice::getService();    // keymaster->sign(key_blob, params, challenge_data);    // 2. Send trigger to external EMFI device (e.g., via USB serial or GPIO)    // Replace with actual EMFI control library/command    // For a simple example, imagine a serial command:    // system(

        
        
        

            

                
            

            

                
Android Mobile Specs & Compare Directory

                
Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

                Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #EMFI #Fault Injection #Hardware Hacking #Secure Enclave

Related Technical Guides

Lab Guide: Intercepting & Modifying Samsung ODIN Data Packets for Custom Firmware Injection

May 30, 2026

Mastering Glitch Attacks: A Practical Guide to Bypassing Android Secure Boot with Fault Injection Techniques

May 30, 2026

Hardware Hacking Android: Voltage Faulting for Persistent Root Access

May 29, 2026