I was wondering how the Glitch Explorer tool can be used in Chip Whisperer.
In the post at http://hackaday.io/post/2511 it appears that one can set up parameters that are
iterated and thus allowing one to automatically find working glitch parameters.
The “Script Command” appears to be the command with the parameter that should be iterated. How do I specify which of the parameters should be changed within this command ? Is there some kind of variable I need to enter that is then substituted with the actual iteration value ?
So far I didn’t manage to get this thing working. Specifically, I would like to know how I can do the following in the Glitch Explorer tool:
(1) Send and receive serial communication with the target
(2) Toggle I/O pins to reset the target
(3) Arm the glitch trigger
(4) Specify which parameter should be iterated
Also, is there an example I could look at to understand the basic concepts used in the Glitch Explorer Tool ?
Basically, I would like to set up a loop where each iteration does the following:
- reset target (GPIO pin)
- enable bootloader (other GPIO pin)
- communicate with the target (RXD and TXD GPIO pins)
- set up glitch and digital pattern matching trigger
- send command to target (TXD) that also triggers the glitch through the digital pattern match trigger
- receive and analyze response from target (RXD)
Regarding the digital pattern trigger, is it possible to trigger on non-printable characters (i.e. “\n”) as well ?
I tried to edit the binary pattern by hand so that it triggers on a 0x10, but it didn’t work.
So far I wrote my own Python Script that varies the glitch offset while constantly resetting and communicating with the target. However, after a few iterations it tends to crash in the QT GUI code for some reason. Besides it is terribly slow (4 sec for one glitch attempt). Maybe this works better with Glitch Explorer ?
It it possible to write a non-GUI script for glitching with ChipWhisperer ?
While the OpenADC implementation seems to be well separated from the GUI, the rest of the implementation seems to require the GUI components ?