Let’s complete this series of chapters on fault injection by breaking a real target: the Trezor One wallet. We’ll use electromagnetic fault injection to demonstrate memory dumping and to allow us to extract the recovery seed, which is all that’s needed to access the wallet’s contents.

This chapter will be the most open-ended one in the book. It describes an advanced attack that may require more specialized equipment and has a very low success rate, even when well-tuned. In fact, re-creating this attack would make a good academic term project. To follow along with the entire attack, you’ll ...