- An airtag
- A
probe-rscompatible debug adapter such as a J-Link - A Raspberry Pi 3b+
- An NFET
Other versions of Pi will also work, but you need to adjust the corresponding pins yourself.
Connect the following pins from the Raspberry Pi 3b+ to the airtag (`test point numbering):
| Function | Raspberry Pi 3b+ | Airtag |
|---|---|---|
| Glitch output | wiringPi 3 | 28 (using an NFET) |
| Trigger | wiringPi 2 | 34 (1.8V) |
| Power | wiringPi 0 | VCC1 + VCC2 |
Copy the airtag-glitcher folder to your Raspberry Pi 3b+, enter it and execute the run.sh.
Copy the airtag-dump folder to your computer where the SWD adapter connected and run Cargo run. Next, pray that your glitch will succeed :)
- pd0wm for his original stm32-version dumper
- LimitedResults for their original research into glitching the NRF52: https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
- Colin O'Flynn for documenting the test points: https://github.com/colinoflynn/airtag-re
- stacksmashing for his video explaining the procedure: https://www.youtube.com/watch?v=_E0PWQvW-14