Question on the VCC glitching tutorial Raspberry pie


#1

Hello,

I have read the VCC glitching tutorial and have some questions that might sound very stupid.

My understanding from the VCC glitching tutorial was that the glitch should be generated synchronously with the target clock. In the Raspberry PIe example CLKGEN is set to 120 MHZ. I expected that the CLKGEN should be set to the frequency of the Raspberry Pie core. Could you please tell me where 120MHZ is coming from?

Shouldn’t we use the Raspberry’s clock as an input to the Chipwhisperer to be synchronous or clock the raspberry Pie from the Chipwhisperer?

If I want to provide the clock to the Raspberry pie from Chipwhisperer, should the CLKGEN frequency be the same as the XTAL on the board? Should I connect Target HS IO Out in place of the XTAL on the board?

Thanks,

Lechiffre


#2

Hi,

My understanding is that VCC glitching is easier with regards to timing and that (normally) the impact of a VCC glitch
affects many cpu cycles. Being able to put the glitch at a precise moment compared to the target clock will of course help getting it reliable but It also should be possible to glitch for a longer (longer than a cycle) .Way the Firmware is currently designed currently make the VCC glitch work like the clock glitches.

In other words. I think it should be possible to VCC glitch a target with a way higher frequency as Colin also did on an Android phone.

The gliching part itself also does not been to be very complicated. For example have a look at Hardware Power Glitch Attack - rhme2 Fiesta (FI 100) from Liveroverflow.


#3

Hi,

Thank you very much for your reply.
I have got my connection to my target board set up but have no luck with the glitch module.
I am running the sample program on the target and expect the counter values to vary due to the glitch.
When I set the “Glitch Trigger” to continuous the board crashes which is what I expected from it.
However when I set the Glitch Trigger to manual and the highest number of “Repeat” allowed (255), it has no effect at all.
Since continuous glitch crashed the board, I expected at least to get the same effect in manual mode with the right amount of repeat.

Could you please tell me what I am missing?

Thanks,


#4

One more question :

The capacitor in the power rail that I am connected to is 22uF 6.3V. Is it possible that grounding it through the mosfet is not enough to decrease the voltage to a point that the chip fails?

Thanks,


#5

If you look at the Glitching tutorial you see that there are quite a few steps needed to properly configure the clocks. If those are not well configured setting the glitch to continuous would work but the manual possibly not.

Why don’t you measure the voltage to see what is happening?


#6

Thanks for explaining your understanding on the VCC glitching tutorial. It’s very detailed!