Ghidra fault emulation

Practical fault injection is a widely used technique which bypasses security measures (such as signature checks) and breaks cryptographic algorithms. Practical fault injection can be made by means of short power glitches, electromagnetic pulses, laser fault injection and other techniques. Those methods require physical access to a device, and so can be only applied after device manufacturing.
While companies perform security testing after production, there is a clear need to develop secure code during device manufacturing. This is especially true for ROM code (i.e. the hardcoded binary that can not be modified). In case any fault attack is found in the ROM code after the chip production, this vulnerability can be patched only in the following hardware revisions of the device.
To find fault attack vulnerabilities during the manufacturing phase, companies develop fault injection emulation. At first, public tools emulating faults were released to break white-box cryptography (i.e. software cryptographic algorithms masking all key operations). Those tools include Unicorn-based emulation, Qemu emulation, binary instrumentation with Intel Pin and Valgrind, and radare2 emulation. Later the tools were adapted to emulate faults in devices’ firmware, including ROM code.
The recent Ghidra reverse engineering tool offers code emulation. Ghidra code emulation can be used to simulate faults in the analysed binary. Those faults can be instruction skipping, operand modification, data modification, or more complex scenarios. In comparison with previous fault emulation tools, Ghidra is more user-friendly, and includes reverse engineering and emulation in the same environment. In addition, Ghidra supports many CPU architectures and any new CPU architecture can be added with SLEIGH language.
This talk will demonstrate how Ghidra emulation is used to simulate fault injection in some simple functions used during firmware execution and White-Box Cryptography. To illustrate the Ghidra efficiency, ARCv2 support was added (and will be publicly released during this talk).