diff --git a/docs/assets/ch341a.png b/docs/assets/ch341a.png
new file mode 100644
index 0000000..ddaed0a
Binary files /dev/null and b/docs/assets/ch341a.png differ
diff --git a/docs/assets/pin2pwn_practical_example.png b/docs/assets/pin2pwn_practical_example.png
new file mode 100644
index 0000000..1a5f953
Binary files /dev/null and b/docs/assets/pin2pwn_practical_example.png differ
diff --git a/docs/assets/spi_pin2pwn.png b/docs/assets/spi_pin2pwn.png
new file mode 100644
index 0000000..f8c5446
Binary files /dev/null and b/docs/assets/spi_pin2pwn.png differ
diff --git a/docs/gadgets/ch341a.md b/docs/gadgets/ch341a.md
new file mode 100644
index 0000000..f8d7814
--- /dev/null
+++ b/docs/gadgets/ch341a.md
@@ -0,0 +1,23 @@
+# CH341A
+
+![CH341A](../assets/ch341a.png)
+
+### Dump SPI flash
+
+#### ch341eeprom
+
+> https://github.com/plumbum/ch341eeprom
+
+```bash
+sudo apt install git make libusb-1.0-0-dev clang
+git clone https://github.com/plumbum/ch341eeprom.git
+make
+./ch341eeprom -v -s 24c05 -r dump.bin
+```
+
+#### Flashrom
+
+```bash
+sudo flashrom -V --programmer ch341a_spi -r dump.bin
+sudo flashrom -V --programmer ch341a_spi -r dump.bin -c W25Q16.V # Specify the chip
+```
\ No newline at end of file
diff --git a/docs/side-channel/fault-injection.md b/docs/side-channel/fault-injection.md
index e41f0fd..debb07e 100644
--- a/docs/side-channel/fault-injection.md
+++ b/docs/side-channel/fault-injection.md
@@ -3,3 +3,17 @@
 ### AVR Glitch: Modifying Code Execution Paths Using Only Voltage
 
 [https://flawed.net.nz/2017/01/29/avr-glitch-modifying-code-execution-paths-using-only-voltage/](https://flawed.net.nz/2017/01/29/avr-glitch-modifying-code-execution-paths-using-only-voltage/)
+
+### Pin2pwn
+
+[https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEF%20CON%2024%20-%20Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle-UPDATED.pdf](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEF%20CON%2024%20-%20Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle-UPDATED.pdf)
+
+In the case of an external SPI flash, it is possible for an attacker to short these pins :
+
+![SPI flash example](../assets/spi_pin2pwn.png)
+
+The MCU will not be able to get data from the external flash and then show a stacktrace, get a shell in the bootloader or worst a root shell on the embedded Linux.
+
+Here is a practical example, putting a cable between MOSI and Chip Select :
+
+![SPI flash example](../assets/pin2pwn_practical_example.png)
\ No newline at end of file