In ChipWhisperer, we typically build a SimpleSerial project to work with any block cipher for fault injection and side-channel analysis. Similarly, I would like to understand how to set up a project using ChipSHOUTER. Specifically, to perform bit-flip fault injection on a block cipher using ChipSHOUTER, how should the firmware and project be structured? Could you please guide me on this? Thanks in advance.
You don’t need to change anything about your target firmware to glitch with the ChipShouter, it’s just another method of fault injection.
Thanks. Could you please share any details of the fault injection using ChipShouter in case of a block cipher?
Can I observe the traces of the glitch by connecting the ChipShouter with the ChipWhisperer instead of targeting an oscilloscope?
It would be the same as chipwhisperer-jupyter/courses/fault201/Lab 1_3B - DFA Attack on AES.ipynb at main · newaetech/chipwhisperer-jupyter · GitHub, except using the ChipSHOUTER instead of voltage/clock glitching.
No, the ChipWhisperer is designed for small voltage signals. The voltages present on the oscilloscope probe outputs are far too large for the ChipWhisperer to handle.
Thanks. If I am understanding it correctly, The ChipShouter can be connected with the ChipWhisperer for which I can build my own firmware if I want.
In case of clock glitching with ChipWhisperer, we used the below parameters:
scope.io.hs2 = “glitch”
scope.glitch.clk_src = “clkgen”
However, is there any parameters to be strictly followed while using the ChipShouter?
Hi Alex
When I am doing clock/voltage glitching using the ChipWhisperer, I usually build the target firmware on the STM32F303 microcontroller unit on the CW308 board, and connect it with the CWlite device.
Whereas in case of the EMFI using the ChipShouter, do we need to connect the same breakout board CW308 with STM32F303 MCU with the ChipShouter device only?
Or Do I need to build the firmware on the CW322 Simple EMFI target?
Could you please guide me with this? Thanks a lot in advance 
The only difference is the presence of the ChipShouter. You should keep the target and the ChipWhisperer the same. You don’t need to build or upload firmware for a different platform. You can even trigger the ChipShouter off of the ChipWhisperer.
Hi Alex, Thank you so much!
I have connected the ChipWhisperer glitch port with the SMB to SMA - so to connect it with the ChipShouter via the SMA cable, as per the user manual of the ChipShouter.
Basically, I want to trigger the ChipShouter with the ChipWhisperer.
Am I doing the right connection? Could you please support me with this?
Yup, that’s an acceptable way to trigger the ChipShouter. So long as you’ve got the correct settings on your ChipShouter (high impedance, active low), you should be good to go.
Thanks a lot! I will follow these settings
Hi Alex,
Thank you so much!
I have also connected the ‘Measure’ port of the ChipWhisperer Lite with the ‘VOUT’ of CW308 (with STM32F Target board).
Whereas, the glitch port is connected with the ChipShouter.
I hope this is the right connection. So, I can do precise glitching with the ChipShouter on my Target with the API configuration.
I am really grateful for your support on this matter.
I recommend against connecting the measure port. It’s probably fine, but there’s a chance you could get some large voltage spikes that wouldn’t be great for the amplifier.
Hi Alex,
Thank you for your reply.
But the reason behind connecting the measure port with the CW308 (where STM32F Target board) is to make this change in my own firmware/mcu/crypto/TINYAES128C/aes.c of the ChipWhisperer and we can start the lab of glitching the target (by connecting the glitch port of the ChispWhisperer) using the ChipShouter.
Won’t it be a correct way of glitching the target?
I don’t follow. Are you trying to do some combination of power analysis and glitching?
Hi Alex
Actually, I follow this connection of CW308 (with target STM32F) so that I can build any modification of aes.c in ‘firmware/mcu/crypto/TINYAES128C/aes.c’ (or any block cipher) , so to glitch for doing the precise faults in the target.
So, without the connection of CW308 how can I glitch?
I have followed this connection while using the ChipWhisperer.
I am trying to do both power analysis and glitching.
What would be the connection for glitching on STM32F target (where my crypto code is build)?
Hi Alex
I am trying to glitch the target firmware build on the STM32F (on CW308). For this I am connecting the measure port of the CWlite with the CW308 VOUT.
Simultaneously I am trying to glitch the target firmware crypto on that STM32F with the ChipShouter (where the ChipShouter is connected with the ChipWhisperer lite glitch port).
Can I perform precise glitching on the crypto code using this connection? I am grateful for your suggestion.
I’m still confused on why you need to have the measure port hooked up. The measure port is irrelevant for glitching, it’s only used for measuring the power consumption of the target.
Hi Alex,
Thanks for your reply.
Could you please suggest then how can I connect the ChipWhisperer-Lite device with the CW308(with STM32F target on it) ?
Because I am glitching the targeted crypto (any primitive) build on the STM32F with the ChipShouter.
Here, I want to know to how to do precise glitch on the STM32F target without the connection of the measure port?
else, Could you please suggest any other alternatives?
