458
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
no edit summary
<li>
<p>Open the appropriate programmer from top main menu ''Tools'', and in the dialog press ''Check Signature'' to verify you can connect to the target</p>
<p>[[File:xmega_programmer.png|300px325px]]</p>
</li>
<li>
<p>Find the correct firmware file, previously compiled for the target you are using, and press the ''Erase/Program/Verify FLASH''</p>
<p>[[File:xmega_programmer_press_program.png|300px325px]]</p>
</li>
<li>
<p>Time to setup the voltage glitching parameters. Start with the ''Glitch Module'' section under the ''Scope Settings'' tab</p>
<ol>
<li>
<p>Set the ''Clock Source'' as ''CLKGEN'':</p>
<li>
<p>Now activate the lower power glitch module, by enabling the ''HS-Glitch Out Enable (Low Power)'' toggle under ''Trigger Pins'' section in the ''Scope Settings'' tab</p>
<p>For the ChipWhisperer-Lite (CW1173/CW1180), set ''Target HS IO-Out'' option to ''CLKGEN''.</p>
<p>[[File:low_power_glitch_enable.png|500px]]</p>
</li>
<li>
<p> Navigate to the ''Target Settings'' tab and remove all the text in the ''Load Key Command'', ''Go Command'', and ''Output Format'' fields</p>
<p> Set the ''Output Format'' field to ''r$GLITCH$\n''</p>
<p>[[File:target_output_setting.png|500px]]</p>
</li>
</syntaxhighlight>
<ol/li> <li>Optionally, <p>You can see what aux modules are active in the ''Aux Settings'' tab. Here you can also configure see the power measurement setup toopreview, enable/disable, and remove each module</p> <p>[[File:aux_setting.png|500px]]</p> </li> </ol>
=== Monitoring Glitch Insertion ===
False</pre>
<p>Finally, configure the Glitch Explorer:</p>
<blockquote> <ol style="list-style-type: lower-alpha;"> <li>Set the ''Normal Response'' to <code>s.endswith("hello\nA") and (len(s) < 12)</code></li> <li>Set the ''Successful Response'' to <code>"1234" in s</code></li> </ol> </blockquote> <p>You can test the updated color-coding seems to be working too with a few ''Capture 1'' events.</p> </li> <li> <p>Using the following table, set the ''Glitch Width (as % of period)'' and ''Repeat'' on the ''Scope Settings'' tab:</p>
{| class="wikitable"
! Parameter
| 10
|}
</li> <li> <p>Finally, let's configure the Glitch Explorer to give us the required sweep of the ''Offset'' parameter.<ol style="list-style-type: lower-alpha;"><li>Adjust the and ''Glitch Offset (as % of period)Width'' up or down parameters by 1 in running the ''Glitch Module'' settings. We do this only to get the required string printed to the ''Script Commands'' output.</licode><li>Set the ''Tuning Parameters'' to ''1'' in the Glitch Explorerge_widthoffset_vary.py</licode><li><p>Set . The starting, stopping and step attributes can be changed for both parameters by editing the parameters as appropriate:script</p>{| class <syntaxhighlight lang=python>"wikitable""Glitch Explorer example to modify clock offset & width.! Option! ValueTo use this be sure to set 'Output Format' as $GLITCH$ so data is passed through.|-"""| Name| Offsetclass IterateGlitchWidthOffset(object):| def __init__(self, ge_window): self._starting_offset = -40| Script Command self._starting_width = -40| ['Glitch Module' self.ge_window = ge_window def reset_glitch_to_default(self, 'Glitch Offset scope, target, project): """ Set glitch settings to defaults. """ self.offset = self._starting_offset self.width = self._starting_width def change_glitch_parameters(as % of periodself, scope, target, project)']:|- """ Example of simple glitch parameter modification function. """| Data Format # This value is minimum clock offset/width increment| Float scope.glitch.offset += 0.390624|-| Range if scope.glitch.offset > 40:| -49 scope.glitch.offset = self._starting_offset scope.glitch.width += 0.390624 if scope.glitch.width > 40: 49|- scope.glitch.width = self._starting_width| Value| -49 # Write data to scope|- #scope.glitch.width = self.width| Step #scope.glitch.offset = self.offset| 0 #You MUST tell the glitch explorer about the updated settings if self.5ge_window:|- self.ge_window.add_data("Glitch Width", scope.glitch.width)| Repeat self.ge_window.add_data("Glitch Offset",scope.glitch.offset)| 1|}glitch_iterator = IterateGlitchWidthOffset(self.glitch_explorer)self.aux_list.register(glitch_iterator.change_glitch_parameters, "before_trace")#self.aux_list.register(glitch_iterator.reset_glitch_to_default, "before_capture") </syntaxhighlight> </li> <li> <p> You can again check if the aux module was registered by going to the ''Aux Settings'' tab.</olp> <p>[[File:aux_settings_with_glitch_vary.png|500px]]</p> </li> <li> <p>On the ''General Generic Settings'' tab:</p> <blockquote> <ol style="list-style-type: lower-alpha;"> <li>Ensure the ''Trace Format'' is set to ''None'' (i.e., no traces will be written to disk).</li> <li>Set the ''Number of Traces'' to 200.</li></ol> </blockquote> </li> <li>Press the ''Capture Multi'' button. You will get a warning as there is no trace writer, but can just hit ''Continue Anyway'', since we do not want to store traces to disk.</li> <li> <p>Hopefully you will determine some useful parameters for glitching this target:</p> <blockquote> <p>[[File:ge-success.png|image]]</p> </blockquote> </li> <li>Try reducing the ''Repeat'' parameter in the ''Glitch Module'' settings. See how few cycles you can glitch while still achieving a reliable glitch.</li></ol>
Once you have the glitch parameter determined, you can work on trying to recreate some of the previous tutorials such as glitching passed the password prompt.
<p>The following shows an example of inserting several glitches successfully:</p>
<p>[[File:rpi-glitch.png|image]]</p></li></ol>
== Links ==
{{Template:Tutorials}}
[[Category:Tutorials]]
