Hi Alex, Hi Melvin!
I found glitch parameters fot the STM32F3 with CW308.
With short coax connector (near 3 cm) parameter it is:
width = 19%
offset = -21%
After changing coax cable to 60 cm coax cable I’ve lost my glitch. But I found that he has another parameters:
width = 33%
offset = -37%
While I tryed to find my lost glitch, seems I found a few things how to find glitch quickly:
- With function glitch_infinite () not realy matter the value of external_offset. It work in wide range. I have normaly from 2500 to 3000.
- For the quick finding parameter scope.glitch.repeat should be around 10. This value is normal just for finding glitch parameters, not for atacking because you can losted something important after glitch
When I setup scope.glitch.repeat = 3 or less, glitch happened very rare.
- Retry youre attack, it has near 30-40% chance to happened.
- I found very important rule (I hope this work with another targets, I can’t to check this). The width of glitch must be near to witdh of reload target. I.e. glitch normal work on the boarder with rebooting device.
- After setuping scope.glitch.repeat = 10 and with short range width of impulse, than you must find just only impulse offset.
In my example. STM32F3 reloading near pulse width 34%. Than I start My attacks with range of width (29, 33) and offset (-49, 49). And found 33% and -37% respectively.
By the way. When I’m change the cable length, the width of overload target changes too. With 3 cm it was near 20-21%. With 60 cm it was near 33-34 %. And probability of glitch from 90% has come to 45%. I think it is because cable has induction-capacitance losses which doing more worses fronts of VCC impulse. But I can wrong.
Hope this can help for someone.