Clock, power, and EM glitching discussions. Does not need to use ChipWhisperer.
#2076 by br1234
Fri Aug 10, 2018 1:59 pm
I have a JTAG locked target similar to CW308T. I want to perform clock glitching to unlock JTAG and access flash. I am using PE Micro's programmer. I hooked up the JTAG signals to the logic analyser and can verify the JTAG pins I found on the target are correct. I read through the tutorials on clock glitching and looked at the github repo for CW308T. I still have some questions on it.

1. Should I feed JTAG clock as input to the chipwhisperer and connect the glitched clock output from cw to the microcontroller's jtag clock. Or should I use the glitched clock output from cw module as the external clock to the microcontroller?

2. How do I determine at what point I should glitch the clock? Is this generally a specific number of cycles after the TRST/JCOMP signal resets? or when the bootloader is checking a register to see if the JTAG is locked. How can I determine at what clock cycle this operation occurs?

Thanks in advance.

