How to chose the offset_ext, glitch_width, offset and repeat?

I want to mount a clock glitch attack against a signing scheme using the cw308 and STM32F4.
I have two questions:
1- in my file glitch_simpleserial.c I called the signing function. Let’s call it “f”. I want to inject the fault to skip an instruction called during the signing but not existing in the main file. i.e., “f” calls a function “g”, “g” calls another function “h”. The instruction to be skipped is in the function “h”. How should I place the trigger_high() and trigger_low()? Or should I have all the code in the same file?

2- My second question, is how can I specify the range of the offset and offset_ext, the width? And does the glitch.repeat increase the success probability of the glitch?


I would put the trigger_high() in h, near the instruction you want to glitch. Use ext_offset to bridge the gap between the trigger and the target instruction.

For the rest of the glitch parameters, I would first run one of our glitch tutorials on this same target, to more easily find successful glitch parameters. Use these parameters as a starting point for attacking your own firmware.

Thanx Jean-Pierre,
Does it help if I take the address from the assembly file and put it in offset?
To be honest, i succeeded to run the tutorials, but my code is huge as compared to the code there. And I have a feeling that my offset of very far from the correct one

Why don’t you put trigger_high() immediately before the target instruction.
Then you know that the target instructions are being executed very soon after the trigger goes high.

yes it worked !
Thank you Jean-Pierre