The Replay Protected Memory Block (RPMB) in modern storage systems provides a secure area where data integrity is ensured by authentication. This block is used in digital devices to store pivotal information that must be safeguarded against modification by potential attackers. This paper targets the authentication scheme of the RPMB in three different eMMCs from a major manufacturer. A glitch was injected by sending an electromagnetic pulse to the target chip. RPMB authentication was successfully glitched and the information stored in two target eMMCs was overwritten with arbitrary data, without affecting the integrity of other data.

翻译：现代存储系统中的重放保护内存块（RPMB）通过身份验证机制确保数据完整性，为数字设备提供存储关键信息的安全区域，防止潜在攻击者篡改。本文针对某主流制造商的三款不同eMMC芯片中的RPMB身份验证方案展开研究。通过向目标芯片发射电磁脉冲实施故障注入，成功干扰了RPMB身份验证过程，并在不影响其他数据完整性的前提下，将任意数据覆盖写入两款目标eMMC的存储信息中。