Changes

Glitch Explorer

849 bytes added, 12:59, 6 September 2018

→‎Using the Glitch Explorer - The Basics

{{Warningbox|For the older V3.x tools, see [[V3:Glitch_Explorer]]}}

The Glitch Explorer allows an automatic exploration of a range of one or more parameter values. It means that the user can test multiple glitch setups at the same time and see the result in a nice scatterplot, highlighting the successful attempts.

[[File:~~Screen Shot 2016-07-12 at 4~~glitch_explorer_overview_v4.~~15.30 PM.png~~PNG|1100px]]

== The Glitch Explorer Window ==

The main window of the glitch explorer looks like this:

[[File:~~Screen Shot 2016-07-15 at 10.24.13 AM~~glitch_explorer_window_v4.png|400px]]

In top, the output of the system combined with the parameters of the glitch is displayed (the 'output window').

~~In bottom, you can adjust general parameters of the glitching system, such as what counts as a successful glitch or not and how many parameters to fiddle with.~~

~~To start using the Glitch Explorer~~In bottom, you ~~should first switch to~~ can adjust general parameters of the ~~"Target Settings" tab~~ glitching system, such as what counts as a successful glitch or not and ~~set~~ the ~~"Output Format"~~ ability to ~~be $GLITCH$. This will mean~~ load existing data ~~is no longer sent to the terminal emulator when using the capture 1 or capture M buttons, but instead, is logged in~~ into the glitch explorer ~~window~~table.

~~Then, you should define what is~~ == Using the Glitch Explorer - The Basics ==Here are a ~~Normal~~ few steps that should be done before using the glitch explorer (example uses the ChipWhisperer Lite):<ol><li> Connect the ChipWhisperer Scope and ~~a Successful Response~~Target (example: run the <code>connect_cwlite_simpleserial. py</code> script)[[File: run_connect_script.png|800px]]</li> <li>Set up the parameters for glitching (example: run the <code>setup_cwlite_glitch.py</code> script)[[File: run_glitch_script.png|800px]]</li> <li>Setup the automatic reset aux module (example: run the <code>aux_reset_cw1173.py</code> script)[[ File: run_reset_aux_script.png|800px]] Note: This ~~information is used~~ file may have to ~~highlight~~ be edited if you later have issues with trigger timeouts. The trigger timeouts can usually be fixed by switching the ~~individual attacks~~appropriate lines in a copy of the script<syntaxhighlight lang=python># Reset before arming - more stableaux_list. ~~You should use Python expressions here~~register(Resetter.resetThenDelay, ~~where 's' is a str~~"before_trace")# Reset after arming -~~type variable which contains~~ scope can catch entire reset#aux_list.register(Resetter.delayThenReset, "after_arm")</syntaxhighlight>to <syntaxhighlight lang=python># Reset before arming - more stable#aux_list.register(Resetter.resetThenDelay, "before_trace")# Reset after arming - scope can catch entire resetaux_list.register(Resetter.delayThenReset, "after_arm")</syntaxhighlight> Another note: Remember to run this script and disable the ~~response of~~ other aux module inside the ~~system (ex~~"Aux Settings" tab.</li> <li>Change the glitch trigger source from manual to external single. Run this command in the python console: s<code>self.~~endswith(~~scope.glitch.trigger_src = "~~123456~~ext_single"</code></li> <li>Register the change_glitch_parameters function as the glitch explorer iterator (example: run the <code>ge_widthoffset_vary.py</code> script). Changes to the step size and range that the glitch explorer covers can be customized by changing variables within this script and running the changed script.[[File: register_ge_iterator.png | 800px]]</li> <li>Set the normal and successful outputs (example: using the firmware in glitch-simple, after editing the c to use the glitch1()function rather than the glitch_infinite() function)[[File: set_responses.png | 400px]]</li> <li>Open the glitch explorer graph widget by pressing the Plot Widget button inside the Glitch Explorer Window.</li></ol>

The next step is to set the number of tuning parameters. You may want to start with 1 (0 is used to just record manual exploration attempts in the table) and then increment it to 2 or more later. This will generate another group in the list where you can tune the settings for each parameter:

~~[[File:Screen Shot 2016-07-15 at 10~~Now you are ready to click the "Capture M" to start the exploration.30If you run into forced trigger issues go back to the previous steps where it was mentioned how to fix the issue.~~53 AM.png|400px]]~~

~~Name - is just a reminder of what we are tunning.Script Command - defines what will be modified. This string can simply be copied from~~ == Using the ~~Script Commands tab of the main window.Data Format~~ Glitch Explorer - ~~defines what type of data will be inserted into the parameter.~~Advanced ==~~Range - defines the range from the minimum to maximum that will be swept for the parameter.Value - defines the current/start value~~ To get more detailed information of ~~the sweep. This is NOT automatically set~~ how to use the ~~minimum value of your sweep since you may want to stop and continue later or attack a smaller number of traces. If you want to perform the full sweep~~Glitch Explorer, ~~you must manually set this to~~ follow the ~~minimum of the range or click reset.Step - defines the incremented on each glitch attempt. When the value reaches the maximum defined by the range, it will loop around~~ [[Tutorial A2 Introduction to ~~the minimum~~ Glitch Attacks (including Glitch Explorer)|A2]] and ~~continue incrementing.Repeat - defines how many times to perform the same value. This can be used to determine the reliability of each glitch value~~[[Tutorial A3 VCC Glitch Attacks|A3]] tutorials.

~~The last step is to set the "Generic Settings"->"Acquisition Settings"->"Number of Traces"~~ If you want to create a ~~value high enough~~ script to ~~loop trough all~~ fully automate this attack, check out the ~~values combination set~~ example in ~~the Glitch Explorer. It can be performed automatically clicking in the "Glitch Explorer"-~~<code>~~"Traces Required"~~chipwhisperer/software/scripting-examples/glitch_explorer_simple.py </code>~~"Use this value" button.Now you can use the "Capture M" to start the exploration~~.

← Older edit

Adewar

Approved_users, administrator

366

edits

Changes

Glitch Explorer

ChipWhisperer Wiki