*inhales PDF document*

You often don't need very high resolution - can just keep retrying. Sometimes you don't have a good trigger anyway so there is some inherent jitter. You can see my PicoEMP design as something that gets away with a rather low-cost approach but people have had good success with.

​ @Colin O'Flynn Thanks for your answer. I'll describe my situation, and if you'll have something as an advise or info, I would appreciate it very much. I'm trying to reproduce double glitch attack on STM8L bootloader, described in: "Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis" article. Unfortunatelly, without success still. I even got quite clean power consumption graphs with my oscilloscope and done some analysis about what instruction executes on which cycle, and this way confirmed those time constants that they gave in article. Beginning, I was using Altera MAX II and cheap MOSFET from an old motherboard (t-ON about 12 ns). STM32 used as a PC-CPLD bridge. Then I switched to VHF MOSFET (F > 500 MHz) to get more prescise pulse width. Meanwhile it was needed to include a 20 Ohm resistor in series with MOSFET to achieve pulse width described in that article (50 ns) because other way even 20 ns pulse leads to continuous reset and my time resolution with MAX II was 10 ns. Then I used a transformer (secondary in series with target) in different polarities to make either voltage drops and spikes. It seems that spikes doesn't affect the MCU at all. Today I received a board with Cyclon IV FPGA to be able to make more complex logic. (MAX II is very tiny and can barely handle one 14 bit counter). I'm now looking for information like: how an attack should be looking on the oscilloscope, what is a proper design of FPGA-to-MOSFET and MOSFET-to-target cirquit. Can't say if it's important but MCUs power consumtion oscillogram during glitch-moment looks like it stops its clock and then starts it, continuing execution. Does it mean some glitch protection or something? (Excuse me if my text has some bad-English things)

Limp mode looks different, the TB will move between a small & slightly larger opening. The ECU still has good control in limp mode except it's more limited to how far it opens (as makes sense, normally this is because some sensors are invalid). I had triggered limp mode many times but it's not as interesting I think, compared to modes where the TB is momentarily glitching open fully. Limp home mode have such glitchy control of the TB?

@@ColinOFlynn i know,i was joking. thats y i said lmao. lol. thanks for the reply. love the channel