Clock, power, and EM glitching discussions. Does not need to use ChipWhisperer.
#1886 by yifanlu
Wed Mar 07, 2018 12:56 pm
I'm trying to glitch a complex SoC with a CPU running at 111MHz. I was able to corrupt a counter with a 3500ns pulse but that seems a bit too high. If I try to glitch anything more complex (icache is actively filled with instructions rather than holding a tight loop for the counter), I get freezes instead (probably execution of junk data). A couple of questions:

1) Is there a rule of thumb for how long of a glitch width is expected for a given clock frequency if I only want to skip a handful of instructions?
2) Does removing decoupling capacitors help? I removed all the caps closest to the SoC associated with the voltage domain I'm glitching but I did not touch the caps for other domains nor did I touch the big caps near the PMIC.
3) I'm using CWlite to glitch VDD12 to GND, but would it be more effective to glitch it to -1.0V or beyond? I've seen some success doing so in this paper: https://www.riscure.com/uploads/2017/09 ... ection.pdf

Who is online

Users browsing this forum: No registered users and 1 guest