3. FaultyCMD

What is FaultyCMD

FaultyCMD is a unified host tool and command-line interface (CLI) / terminal user interface (TUI) designed for hardware security research, fault injection, and target debugging. This tool centralizes in a single binary all the core capabilities needed to drive FaultyCat v3 hardware, completely replacing legacy standalone scripts and reference clients.

By automating hardware configurations, protocol framing (using CRC16-CCITT), and cross-platform port mappings, FaultyCMD eliminates environment friction and allows researchers to focus on vulnerability analysis, glitch timing, and pinout discovery.

Key Capabilities

• Multi-Engine Control Centralization: Seamlessly manages independent hardware engines for Electromagnetic Fault Injection (EMFI), Crowbar (voltage glitching), parameter sweeps (Campaign), and hardware scanning via a unified terminal environment.

• Intuitive 2×2 TUI Dashboard: Features an interactive, keyboard-driven Textual interface with dedicated modals for real-time configuration, instant trigger modifications, and safety validations (such as High-Voltage confirmation before arming EMFI).

• Automated Sweep Campaigns: Orchestrates complex parameter sweeps (modulating delays, pulse widths, and power levels) over underlying glitch hardware, featuring real-time diagnostic logging and runtime pause/stop controls.

• Hardware Pinout Discovery: Automatically scans target interfaces (such as SWD/Serial pin mapping permutations) utilizing isolated text-shell interactions over dedicated communication channels.

• Platform & Version Safety: Bundles cross-platform port fallback detection (pyserial and udevadm) and strictly enforces host-to-firmware version parity checks to guarantee predictable wire-protocol behavior during operations.

Target Audience

• Hardware Security Researchers: Analyzing chip vulnerabilities, bypassing bootloaders, and executing physical fault injection attacks (EMFI/Glitching).

• Embedded Firmware Developers: Testing the resilience of firmware implementations against hardware-level disturbances and side-channel variations.

• Hardware Pentesters: Assessing the physical attack surface of secure microcontrollers, IoT devices, and automotive components.

• Reverse Engineers: Utilizing hardware scanning capabilities to map out obfuscated debug interfaces (SWD/JTAG) on target printed circuit boards (PCBs).

What does FaultyCMD contain?

• faultycmd/: this is the application code

  • cli.py & tui.py: these are the main scripts and the entry points, providing access to all system functionalities through either a command-line interface or an interactive terminal user interface.

  • framing.py: Handles CRC16-CCITT generation and frame building/parsing for the wire protocol.

  • usb.py: Implements cross-platform serial port detection and CDC mapping logic across Linux, Windows, and macOS.

  • persistence.py: Manages the XDG storage configuration states for individual hardware engines.

  • tui_modals.py: Defines the user-interactive modal control screens for safe hardware operations.

• protocols/: Subdirectory containing specific communication clients and abstraction wrappers for each engine, including:

  • emfi.py: Protocol client driver for the Electromagnetic Fault Injection engine.

  • crowbar.py: Protocol client driver for the voltage glitching (crowbar) engine.

  • campaign.py: Parameter sweep manager multiplexed over the underlying EMFI and crowbar protocols.

  • scanner.py: Driver for the target hardware text shell, exposing SWD and serial bus interrogation routines.

  • dap.py: Integration wrapper stub for pyocd and cmsis-dap communication.