Hello everyone,
I am using the ChipWhisperer Lite for fault injection, but my target requires two glitches within a single trigger cycle (e.g., to bypass two consecutive security checks).
As far as I know, the CW-Lite does not natively support multiple glitch events per trigger. Could anyone confirm whether this is correct?
If so, would it be feasible to implement this using a custom FPGA-based glitcher alongside or instead of the CW-Lite? Any guidance on existing approaches or recommended tooling would be greatly appreciated.
Or are there any ways to fix my problem? I found some past posts about this issue like using another microcontrollers.
Thank you!
I didn’t find the fpga source code about clock glitch
Correct; only Husky and Husky Plus support this.
In theory yes; in practice, the CW-lite FPGA is extremely full; implementing a functional bitfile is challenging, and adding any more functionality to it can be extremely challenging. Husky is our solution to that.
If you really want to have this capability on a CW-lite, I would recommend that you look at what functionality you could remove, to increase your chances of success. Targeting a slower clock frequency can also help.
Husky offers extremely powerful and flexible multi-clock glitching. Furthermore, if you need something more or different on Husky, it is much more amenable to updates. Building Husky bitfiles still lacks some documentation, but one of our goals this year is to make that process easier.
The main chipwhisperer repository grew too large so this got moved; here are CW-lite’s clock glitch source modules. As much as possible, Husky has retained the same hierarchy (in the Verilog world, but not in the filesystem; CW-lite’s source is spread across multiple directories, whereas in Husky everything is flat, with the exception of files that are in submodules because they are shared: chipwhisperer-husky-fpga/fpga/hdl at develop · newaetech/chipwhisperer-husky-fpga · GitHub ). Have a look there to see how we implemented this functionality for Husky
In addition to building a CW-lite bitfile, in order to support glitching you have to build several bitfiles; this process is documented here (final plug for Husky: none of that is needed for Husky; it’s a consequence of CW-lite’s Spartan6 FPGA; these tricks aren’t needed with the Artix7 family). File locations are out-of-date due to repository re-organizations. We can guide you through that when you get there. The CW-lite bitfile that is loaded when you run scope = cw.scope() is now here: software/chipwhisperer/hardware/firmware/cwlite/.
But i might disagree. Multiple glitching is possible with glitch repeat=2. Proper tuned width offset along with ext offset could be enough that can skip two instructions or multiple checks.
Yes, of course- sorry I forgot to mention that.
Husky adds the ability to space out the glitches by an arbitrary number of clock cycles.
Alright… interesting. However I haven’t used Husky so..I have a simple query. For Clock glitching, let’s say.. skipping multiple instructions and reliability what is better Cwlite 1 part or using Husky- UFO board as target (stm32f3)/f4.? Can u state the reason for the same…?
There’s no simple answer to that – Husky is an upgrade, its glitching has more flexibility and can also be tuned more finely, but I can’t tell you if your particular use case would benefit from it.
so 343-NAE-CWHUSKY-SK1 will get all my problems done right? I also find out that NAE-CWHUSKY-SK1 doesn’t have UFO-Board, so can I use my ufo board from cw-lite kit and connect it to the husky-sk1.