i have some questions about chipwhisperer lite and ADC , because i read yours tutorials
but still cant understand some things.
the chipwhisperer lite doesnt accept 5V levels on I/O ports (i already fixed this with simply voltage translators) but whats about ADC input
? can i connect it directly to 5V power source and perform measurment on GND and VCC line ? or if not then how i can fix this problem ?
whats the difference beetwen VCC and GND measurment ?
lets say i wanna glitch some devices like mega/xmega/pic but i need also teach it , for example like that:
power on -> device start -> CW receive high signall on its input -> CW begin counting the delay
CW exceeded delay 50ms -> CW generate power glitch + awaiting for device replay
on specific port -> CORRECT REPLAY RECEIVED -> CW save result and do nothing after the glitch
-> WRONG REPLAY RECEIVED -> CW reboot device + move the delay of glitch repeat again all steps
and sent the glitch after with 100ms fixed delay (this is just example)
can i setup chipwhisperer lite GUI like that without any code modiffications ?
where i can find simply example tutorial about how to setup chipwhisperer lite for generate vcc and clk glitch on custom device ?
sorry for asking 4th question , there is one tutorial about xmega glitching but it still awaiting for yours fix
whats if i will switch something in CW lite configuration GUI which i shouldnt and damage all configurations inside fpga + arm
so after… can i simply click something and fix this device to default state without fpga or arm reprogramming ?
im asking because the CW lite board + xmega on it its only this whats i have order for now… i dont have any externall tools like xilinx jtag or arm jtag and if something goes wrong with wrong configuration it will be bad for me
The input is AC-coupled. So it doesn’t care about DC levels… meaning it’s OK to connect to a 5V or 3.3V rail. It will only see the small variations within.
Depends… basically sometimes it’s more useful to do VCC sometimes GND. It’s something you can experient with (depends for example as some platforms have a separate VCC for the ‘core’, so you get a cleaner signal).
It will require some Python scripting I think! The GUI tends to be for more basic stuff only…
No worries - everything can be programmed over USB! In fact the ARM microcontroller has a ROM-resident bootloader even, so it’s almost impossible to get the system into an unrecoverable state. The only way is if you physically blow something up
ok thanks for answer for now i playing with VCC glitches and i found many strange things/errors ? which i wants to report now:
This is my settings for VCC glitching:
-Freq Counter Src > CLKGEN Output
-CLKGEN Settings > Desired Frequency > SET 7.37mhz for example…
-Target HS IO-Out > CLKGEN
-Glitch Module > Clock Source > CLKGEN > Output Mode > Enable Only (Enable Only because when choose Glitch Only the glitch was never generated!)
Now everything is fine and i can generate VCC glitch like on posted photo below
YELLOW LINE > VCC LINE WITH GLITCH GENERATED
BLUE LINE > A POINT BEETWEN R37 THAN GATE OF HV TRANSISTOR
VIOLET LINE > HS2 OUT A POINT WHERES WE GOT THE DCM CLK RESULT
Now lets rise desired frequency from 7.37 to higer like 80 or 100 or even 120mhz like that:
When desired frequency going higher the FPGA start generating continuous CLK signall on line which is beetwen R37 a HV gate transistor - FINAL RESULT - the power transistor generate continous VCC GLITCH omg it looked like a pure CLK signal check the photo below
QUESTIONS:
is my CW LITE is maybe damaged ? or maybe there is some errors in FPGA code ?
regards
EDIT:
ok i found possibly error - this CLK signall is even generated if i setup 7.37mhz CLK (it is generated just there is small not visible noises) and with lower frequencies this CLK signal perhaps doesnt damage VCC spike - this is a problem with TARGET HS IO OUT - when i SET it to CLKGEN , but when is SET to GLITCH MODULE everything is correct !
i found note about that option that it should be CLKGEN for CW LITE and GLITCH MODULE for CW BIG then ?
look on photo below now with choosed GLITCH MODULE it looks like that:
VIOLET LINE - it generate one hi/lo signall now… , and yes i can change now frequency even on the fly (only from 1 to 50mhz perhaps because this transistor willnt switch under 50mhz like 100mhz etc) so this means there is an error in yours tutorials look:
6.3.3.2. Software Setup
Connect to the ChipWhisperer device:
As the Scope Module, select the ChipWhisperer/OpenADC option
As the Target Module, select the Simple Serial option
Switch to the Scope Settings tab, and as the connection, select the ChipWhisperer Rev2 or ChipWhisperer-Lite option
Switch to the Target Settings tab, and as the connection, select the ChipWhisperer Rev2 or ChipWhisperer-Lite option
Run connect on both the Scope & Target. They should both switch to green circles indicating the system is connected.
Setup the CLKGEN Module to Generate a 7.37 MHz clock and route it through the Glitch Generator
Switch the Freq Counter Src to the CLKGEN Output
Set the Desired Frequency to 7.37 MHz. Note you should only adjust the ‘frequency’ portion of this, if you highlight the entire field you may not be able to type the frequency into the system.
Confirm the DCM Locked checkbox is checked, if not hit the Reset CLKGEN DCM box. Check the Freq Counter to ensure the system is correctly generating about a 7.37 MHz clock.
Under the Glitch Module set the Clock Source as CLKGEN:
_images/glitchgen-clkgen.png
Set the Target HS IO-Out appropriately. This depends on the hardware in use:
For the ChipWhisperer-Lite (CW1173/CW1180), set Target HS IO-Out option to CLKGEN. - SET THIS TO GLITCH MODULE !!!
For the ChipWhisperer-Capture Rev 2 (CW1002), set Target HS IO-Out option to Glitch Module.
i did connect externall transistor IRLML2502 to CW LITE to avoid damage of CW LITE and was trying to glitch externall AVR SMARTCARD by using externall trigger triggered from its RST line - when i press the reset button glitch should be generated , unfortunatelly the voltage drop is just maybe 0,1v it looked like the transistor couldnt latch completly … it is also connected without any shunt resistor to the power line of smartcard
i think there should be additionall DRIVER before transistor gate because maybe 3,3V couldnt drive it proper ?
if yes then why IRF7807ZTRPBF can drop voltage on RAPSBERRY PI correctly with just 3,3v being delivered ?
also why IRLML2502 internally soldered in CW LITE can glitch correctly NOTDUINO board or XMEGA board with vcc by generating full spike ???!?!?!?! and it is even connected via shunt which is limiting the power seeks under glitching ?
ADDED:
smartcard is running in usb phoenix reader which is use FT232RL converter and is set to 3,3V voltage levels so maybe there is a problem with more power needed to drop than for generic avr ?
regards
As a quick question - have you used the updated code from GIT repo? There was an error with some releases of the ChipWhisperer-Lite Glitching FPGA code. It gives errors like you are suggesting happens I think. The easiest solution is to update from GIT repo.
Are you driving it with the “HSOUT” signal? Can you upload a simple schematic by chance?
These MOSFETs use low-level voltage levels, so should work fine at 3.3V!
Hello
[quoteAs a quick question - have you used the updated code from GIT repo? There was an error with some releases of the ChipWhisperer-Lite Glitching FPGA code. It gives errors like you are suggesting happens I think. The easiest solution is to update from GIT repo.]
For the ChipWhisperer-Lite (CW1173/CW1180), set Target HS IO-Out option to CLKGEN. - its wrong it should be SET as HS IO-Out SET to GLITCH MODULE ! - if you will set it to CLKGEN out then you will got CLKGEN output on all lines like HS2 out and glitch out on R37 and also on DCM CLK OUT - this i have fixed and now everything is working correct i can also change the clk on fly too
no… i am driving it exactly like it is driven originally by yours design by GLITCHOUT 5.3E > R37 line for HV glitch just i modiffy output = remove the R37 and route this line to my externall circuit with IRLML2502 to avoid suposed damages heres the modiffied schematic:
now… when there is no shunt resistor beetwen smartcard than and IRLML2502 then the glitch spike is drop just around 0,1V , when there is 50 ohm shunt for example - yes the spike is now fully generated and transistor is latched
question is… why there must be a shunt resistor for limit power from short ? im asking because lets say i wants to generate same spike on something bigger in future DUT power around 1 - 2 Ampers then if it running with shunt the shunt propably will burn right ?
how i can SET trigger delays ? i was trying to switch some setups in Trigger:
The reason why i need to SET the trigger delay is simply - the glitch is generated after RST low level shot but ATR is given far away later than it… so i cannot hit ATR replay with the glitch
however this is just simply experiment on avr smartcard it could be also generic avr or fpga target
hey Collyn !
i am sorry there was my error ! i have no idea why it happens
when there was a SET Target HS IO-Out option to CLKGEN my externall oscilloscope RIGOL generate CLK signall on HS2 also on IO4 trigger and on R37 power transistor gate… now when i moved the cables is ok and CLK signall noises gone…
however by setting both HS IO-Out option to CLKGEN or GLITCH MODULE glitch is generated question is why ?
also… both with these settings OUTPUT MODE < > Enable Only is working… when there is SET Glitch Only then the glitch is never generated
For glitch settings there is working just trigger but without additionall options like delay for trigger and so on , is there any chances that you will add delay counter for trigger with glitch or directly for glitch in future to FPGA code ?
thanks
ADDED:
there is a externall trigger offset which suposedly could work as for delay but it working only with CLK glitching , for VCC glitches i cant move this offset
FIXED:
again there was a problem with my externall oscilloscope !!!
trigger offset working now both for CLK glitch and VCC glitch now
question is what the hell happend maybe oscilloscope generate some noises with its cables workaround or maybe is damaged ?
the last option seems to be fault OUTPUT MODE - ENABLE ONLY works , but GLITCH ONLY doesnt generate glitch !
Collyn i found the main problem !
sometimes when you power on CW LITE it working normall…
but sometimes when power on it output CLK signall on VCC lines… also OUTPUT MODE can work only with ENABLE ONLY when i choose GLITCH ONLY the glitches never working …
Sorry on the very slow responses here - working my way through everything! Am actually looking at hiring someone on our end so hopefully can speed up the development cycles a bit.
Is this still an issue? I’m going to work on cleaning up some of the FPGA again that might solve this, there was an intern problem which cause some issues in the latest release that was fixed in GIT, but I think I can make a better fix.
Alright - as mentioned in the other thread there is some known issues that sound familiar, and I think either using the latest release from GIT or waiting for a new release will fix this…
