Approved_users, administrator
366
edits
Changes
→Using the Glitch Explorer - The Basics
{{Warningbox|For the older V3.x tools, see [[V3:Glitch_Explorer]]}}
The Glitch Explorer allows an automatic exploration of a range of one or more parameter values. It means that the user can test multiple glitch setups at the same time and see the result in a nice scatterplot, highlighting the successful attempts.
[[File:glitch explorer overviewglitch_explorer_overview_v4.pngPNG|1100px]]
== The Glitch Explorer Window ==
The main window of the glitch explorer looks like this:
[[File:Screen Shot 2016-07-15 at 10.24.13 AMglitch_explorer_window_v4.png|400px]]
In top, the output of the system combined with the parameters of the glitch is displayed (the 'output window').
In bottom, you can adjust general parameters of the glitching system, such as what counts as a successful glitch or not and how many parameters to fiddle with. == Using the Glitch Explorer - The Basic ==To start using the Glitch Explorer, you should first switch ability to the "Target Settings" tab and set the "Output Format" to be $GLITCH$. This will mean load existing data is no longer sent to the terminal emulator when using the capture 1 or capture M buttons, but instead, is logged in into the glitch explorer window. Then, you should define what is a Normal and a Successful Response. This information is used to highlight the individual attacks. You should use Python expressions here, where 's' is a str-type variable which contains the response of the system (ex.: s.endswith("123456")). The next step is to set the number of tuning parameters. You may want to start with 1 (0 is used to just record manual exploration attempts in the table) and then increment it to 2 or more later. This will generate another group in the list where you can tune the settings for each parameter:
== Using the Glitch Explorer - The Basics ==Here are a few steps that should be done before using the glitch explorer (example uses the ChipWhisperer Lite):<ol><li> Connect the ChipWhisperer Scope and Target (example: run the <code>connect_cwlite_simpleserial.py</code> script)[[File:Screen Shot 2016run_connect_script.png|800px]]</li><br><li>Set up the parameters for glitching (example: run the <code>setup_cwlite_glitch.py</code> script)[[File: run_glitch_script.png|800px]]</li><br><li>Setup the automatic reset aux module (example: run the <code>aux_reset_cw1173.py</code> script)[[ File: run_reset_aux_script.png|800px]]<br><b>Note: This file may have to be edited if you later have issues with trigger timeouts. The trigger timeouts can usually be fixed by switching the appropriate lines in a copy of the script</b><syntaxhighlight lang=python># Reset before arming -07more stableaux_list.register(Resetter.resetThenDelay, "before_trace")# Reset after arming -15 at 10scope can catch entire reset#aux_list.30register(Resetter.53 AMdelayThenReset, "after_arm")</syntaxhighlight>to <syntaxhighlight lang=python># Reset before arming - more stable#aux_list.register(Resetter.resetThenDelay, "before_trace")# Reset after arming - scope can catch entire resetaux_list.register(Resetter.delayThenReset, "after_arm")</syntaxhighlight><b> Another note: Remember to run this script and disable the other aux module inside the "Aux Settings" tab.</b></li><br><li>Change the glitch trigger source from manual to external single. Run this command in the python console:<code>self.scope.glitch.trigger_src = "ext_single"</code></li><br><li>Register the change_glitch_parameters function as the glitch explorer iterator (example: run the <code>ge_widthoffset_vary.py</code> script). Changes to the step size and range that the glitch explorer covers can be customized by changing variables within this script and running the changed script.[[File: register_ge_iterator.png|400px800px]]* Name </li><br><li>Set the normal and successful outputs (example: using the firmware in glitch- is just a reminder of what we are tuningsimple, after editing the c to use the glitch1() function rather than the glitch_infinite() function)[[File: set_responses.png | 400px]]</li><br><li>Open the glitch explorer graph widget by pressing the <b>Plot Widget</b> button inside the Glitch Explorer Window.</li></ol>
Now you are ready to click the "Capture M" to start the exploration.</b>If you run into forced trigger issues go back to the previous steps where it was mentioned how to fix the issue.</b>
== Using the Glitch Explorer - Advanced ==
To get more detailed information of how to use the Glitch Explorer, follow the [[Tutorial A2 Introduction to Glitch Attacks (including Glitch Explorer)|A2]] and [[Tutorial A3 VCC Glitch Attacks|A3]] tutorials.
If you want to create a script to fully automate this attack, check out the example in the file <code> chipwhisperer/software/chipwhispererscripting-examples/tests/glitchscriptglitch_explorer_simple.py that currently is being used internally for testing purposes</code>.