I am attempting basic voltage glitching (enable_only with ext_offset and repeat only) on CW312T_ATSAM4S.
I am using simpleserial-glitch and I can get a lot of NORMAL and RESET statuses but I cannot get any SUCCESS (not a single one, ever). Everything seems as one would expect (RESET shows up when repeat is over a certain threshold, triggering works fine, I can see the glitches on the oscilloscope being inserted, etc.)
The very same approach works well on other targets.
Is ATSAM4S known to have that sensitive/good brown-out detectors?
Have anyone succeeded in basic voltage glitching that specific target?
Which part of simpleserial-glitch are you targeting? You may want to try targeting infinite_loop, just to minimize the ext_offset range you need to scan. Another thing to keep in mind is that, in my experience, processors running at lower frequencies tend to be harder to glitch, so running at 4MHz is probably the SAM4S at its most glitch resistant.
Thanks for the pointers. I’ve been doing glitch_loop, I will check out infinite_loop, I like the idea of not having to scan much
Meanwhile your answer got me thinking that running at 4MHz (longer clock cycle), the brownout detectors might have an easier time triggering at a glitch length required for a longer clock cycle (one that would be effective).
Just to test the theory I disabled it with these two settings:
Once disabled, it did not seem to have an effect on the success rate, but it (obviously) had a significant effect on the reset rate, which meant I was able to scan a much larger range, with smaller steps a lot quicker (normal executions are a lot faster than resets).
That eventually lead to finding an ext_offset that resulted in successful voltage glitches. Interestingly, once the offset was found I got rid of my modification to disable the brownout detectors and it is still successful at (or around) that offset.
So, at least it was good to speed things up during scanning, quite a lot actually.
For some reason the areas that lead to successful glitches are a lot less common on SAM4S than on other targets I played with (with the same simpleserial-glitch setup), not exactly sure why
Very interesting. Yeah, it makes sense that if you clock slow enough then you start running into the brownout detector. Interesting that it didn’t seem to affect the actual successes, but the speedup in glitch insertion can be quite valuable. Having an easy way to enable/disable the brownout detectors may be something I should look into implementing in our HAL, both for speeding up glitch and to make it easier to study the differences between having it enabled/disabled.
As for why you’re finding that the SAM4S is more difficult to glitch, that’s a bit difficult to say without knowing what other devices you’re comparing it to. It may be due to different Vcc core voltages (the SAM4S is 1.2V, most of our other targets are 3.3V), different internal layouts, different clocking, etc.
