Hi, I am trying to Vcc glitch without success the STM32F3 (CWLITEARM). By browsing the others pages on this forum, I saw that I need shorter cables. What is the length I should use ? Is is posible to shorten the one I am having or should I buy a new ones ? Is someone having success with longer cable ?
Hi Asus,
It’s been a while since I did F3 UFO glitching (I’m assuming that’s your setup) and I don’t have access to my notes from back then at the moment, but I remember being able to glitch on 15cm and 30cm, though the settings were pretty different between the two. You’ll need to buy a new cable to get a different length.
Alex
Thanks,
over the weekend I bought a male to male sma convertor and manage to glitch it.
Can you provide more details? I’m still unable to glitch mine…
I got a succesful glitch at [-33.59375, -46.875, 0.4, 0.4] here is a pic of my setup and my script
#!/usr/bin/python3
import chipwhisperer as cw
import time
from collections import namedtuple
SCOPETYPE = 'OPENADC'
PLATFORM = 'CWLITEARM'
CRYPTO_TARGET = 'NONE'
sample_size = 5
def reset_target(scope):
if PLATFORM == "CW303" or PLATFORM == "CWLITEXMEGA":
scope.io.pdic = "low"
time.sleep(0.05)
scope.io.pdic = "high_z" #XMEGA doesn’t like pdic driven high
time.sleep(0.05)
else:
scope.io.nrst = "low"
time.sleep(0.05)
scope.io.nrst = "high"
time.sleep(0.05)
scope = cw.scope()
target = cw.target(scope)
scope.gain.db = 45
scope.adc.samples = 3000
scope.adc.offset = 1250
scope.adc.basic_mode = "rising_edge"
scope.clock.clkgen_freq = 7370000
scope.clock.adc_src = "clkgen_x4"
scope.trigger.triggers = "tio4"
scope.io.tio1 = "serial_rx"
scope.io.tio2 = "serial_tx"
scope.io.hs2 = "clkgen"
if "STM" in PLATFORM or PLATFORM == "CWLITEARM" or PLATFORM == "CWNANO":
prog = cw.programmers.STM32FProgrammer
elif PLATFORM == "CW303" or PLATFORM == "CWLITEXMEGA":
prog = cw.programmers.XMEGAProgrammer
else:
prog = None
print(scope.clock.adc_locked)
fw_path = 'C:\\Users\\14182\\ChipWhisperer5_32\\chipwhisperer\\hardware\\victims\\firmware\\glitch-simple\\glitchsimple-{}.hex'.format(PLATFORM)
cw.program_target(scope, prog, fw_path)
Range = namedtuple('Range', ['min', 'max', 'step'])
if PLATFORM == "CWLITEARM" or PLATFORM == "CW308_STM32F3":
scope.glitch.clk_src = "clkgen"
scope.glitch.output = "glitch_only"
scope.glitch.trigger_src = "ext_single"
scope.glitch.width = 35
scope.glitch.offset = -17.4
scope.glitch.repeat = 20
width_range = Range(-36, -30, 0.4)
offset_range = Range(-48, -40, 0.4)
scope.glitch.offset_fine = 24
def glitch_on(scope):
scope.io.glitch_lp = False
scope.io.glitch_hp = True
def glitch_off(scope):
scope.io.glitch_hp = False
glitch_on(scope)
scope.glitch.ext_offset = 80000
print(scope.glitch)
from tqdm import tnrange
reset_target(scope)
target.flush()
from tqdm import tnrange, tqdm_notebook
reset_target(scope)
glitches = []
glitch_text = []
if SCOPETYPE == "OPENADC":
target.flush()
scope.glitch.trigger_src = "ext_continuous"
scope.glitch.offset_fine = 24
scope.glitch.repeat = 1
scope.glitch.offset = offset_range.min
t_offset = tqdm_notebook(total=int((offset_range.max-offset_range.min)/offset_range.step) + 1, desc="Offset")
while scope.glitch.offset < offset_range.max:
scope.glitch.width = width_range.min
t_width = tqdm_notebook(total=int((width_range.max-width_range.min)/width_range.step), leave=False, desc="Width")
while scope.glitch.width < width_range.max:
print("offset: ", scope.glitch.offset, ", width: ", scope.glitch.width)
successes = 0
crashes = 0
for j in tnrange(sample_size, leave=False, desc="Attempt"):
line = ""
while "\n" not in line:
time.sleep(0.1)
num_char = target.in_waiting()
if num_char == 0:
print("glitchoff")
reset_target(scope)
#glitch_off(scope)
#time.sleep(0.01)
#glitch_on(scope)
break
line += target.read()
lines = line.split("\n")
if len(lines) > 1:
line = lines[-1]
else:
line = ""
while "\n" not in line:
time.sleep(0.1)
num_char = target.in_waiting()
if num_char == 0:
reset_target(scope)
#glitch_off(scope)
#time.sleep(0.01)
#glitch_on(scope)
break
line += target.read()
nums = line.split(" ")
if "hello" in line:
crashes += 1
#print("Target crashed")
#print(line)
try:
if nums[0] == "":
continue
if int(nums[0]) != 40000:
glitch_text += line
successes += 1
except ValueError as e:
continue
glitches.append([scope.glitch.width, scope.glitch.offset, successes / sample_size, crashes / sample_size])
if successes > 0:
print([scope.glitch.width, scope.glitch.offset, successes / sample_size, crashes / sample_size, line])
scope.glitch.width += width_range.step
t_width.update()
scope.glitch.offset += offset_range.step
t_offset.update()
t_width.close()
t_width.close()
t_offset.close()
scope.glitch.trigger_src = "ext_single"
def sort_glitch(glitch):
return glitch[2]
glitches.sort(key=sort_glitch,reverse=True)
for glitch in glitches:
if glitch[2] > 0:# or glitch[3] > 0:
print(glitch)
*** There is a sma converter than a T on my cw setup
The thing that struck me is that your CW is connected directly to the CW308. Indeed cable length could be the decisive factor here. Will need to try this.