FaultyCat firmware v3.0.0.0 is here, and it is a clean-sheet rewrite built specifically for the existing v2.x hardware. Rather than patching the legacy codebase, the team rebuilt the firmware around a layered architecture (HAL → drivers → services → apps) so each fault-injection technique is its own well-defined module.
Two engines, two modes
The headline change is a 2×2 matrix of capability. v3 ships two physical fault-injection engines and two operational modes that compose freely:
- Engines: EMFI (electromagnetic) and Crowbar (voltage glitching)
- Modes: Direct single-shot fires, and Campaign parameter sweeps over delay / width / power
That means you can run a quick single EMFI pulse to validate a setup, then switch to a Crowbar campaign that sweeps glitch parameters automatically to find the window that drops a target into a faulted state.
Tooling ships as a paired set
Firmware and the host faultycmd CLI/TUI are versioned together and released as a set: a .uf2 for the board, a standalone Windows .exe, a .whl for pip install on Linux/macOS, and a source .tar.gz. Flashing is the familiar RP2040 dance: hold BOOTSEL, drag the .uf2, or use the “magic baud 1200” remote BOOTSEL on any of the CDC ports.
In v3.0, scan swd is the only publicly exposed scanner verb; JTAG scan and the direct SWD/JTAG verbs are gated as work-in-progress for v3.1.
Safety first: the plastic shield is critical. Never operate FaultyCat without it, and treat the output SMA as always carrying high voltage.
Grab the release from the FaultyCat GitHub repo, or get the hardware at the Electronic Cats store.