Use GPIO to implement custom protocols

Hello there,

I’m considering buying a ChipWhisperer to get started in the world of side channel analysis and glitching.
ChipWhisperer is a remarkable piece of hard- and software!

My main interest is the “BSL” bootstrap loader of TI’s MSP430 family microcontrollers.
There has been previous analysis work done by Travis Goodspeed[1] and Thomas Braden[2]

CW question part:

Can the GPIOs of the ChipWhisperer be freely programmed using the API?
If so, I assume one pin can still be configured as glitch trigger pin?

While browsing the source code, I’ve found “ChipWhispererExtra.py” for the GPIO setup code
and “chipwhisperer_ser.py” is more or less an example code implementing a custom protocol.

Any limitations on what the GPIO can do?

I would need to implement the “BSL protocol” via a python script
which involves toggling some pins while the MCU is under RESET.
Then automate the rest of the commands to make the
Glitch Explorer do the hard work :wink:

Cheers,
Thomas

[1] events.ccc.de/congress/2008/Fah … 3_bslc.pdf
[2] youtube.com/watch?v=4cqmFHsojQg

Hi Thomas,

Sorry for the slow response - I was away for a week.

We’ve had some luck trying similar things. It sounds like you’re on the right track - you should be able to do anything you want with the GPIOs.

To trigger the glitch module, you can use any combination of the GPIO pins’ states - this is set up in the Trigger Pins settings. If you leave one pin unused for your crazy GPIO protocols, you can program the target to use it as a trigger signal.

Is there a way to bitbang the data on the GPIO I/O ports?
Configurable baud rate would be nice, too :slight_smile:

On f.e. FTDI based serial chips, there is simple bitbanging and even an advanced MPSSE[1] mode that allows the implementation of protocols like I2C or JTAG.

Since I guess the ChipWhisperer currently does not support something like that, may be it could be done in a future FPGA bitstream revision. It would also make a nice feature for the Pro version :slight_smile:

For my application the timing is probably not so important, I could get away with toggling the I/O ports on the host side and add little sleep calls here and there. Timing doesn’t have to be perfect until the glitch trigger point gets hit.

Cheers,
Thomas

[1] ftdichip.com/Support/Documen … Basics.pdf

I don’t think there’s a way to bitbang data via the ChipWhisperer GPIOs right now. It would definitely be possible to add bitbanging to the Pro FPGA, but it might be easier to use an FTDI chip separately - maybe you could set up some kind of triggering system so these two things could play nicely together.

Without timing constraints, Python’s timing and the USB delays are probably good enough. Hopefully this works for you!

Thanks, I’ve come to the same conclusions.

Let’s see when the new pro version finally arrives. Hopefully it won’t be released on the first of April :smiley: