Hi all I am trying to do password pass by voltage glitch attack, topic 2 lab 1, i am using the jupyter note book and the following parameters:
gc.set_range("width", 46, 49.8)
gc.set_range("offset", -46, -49.8)
gc.set_range("ext_offset", 11, 31)
step = 1
scope.glitch.repeat = 100
gc.set_global_step(step)
the target is XMEGA chip,
but it just doesn’t work, there is no success on the controller display_status, and I don’t understand why?
here is the full code:
from importlib import reload
import chipwhisperer.common.results.glitch as glitch
from tqdm.notebook import tqdm
import re
import struct
gc.set_range("width", 46, 49.8)
gc.set_range("offset", -46, -49.8)
gc.set_range("ext_offset", 11, 31)
step = 1
scope.glitch.repeat = 100
gc.set_global_step(step)
reboot_flush()
for glitch_settings in gc.glitch_values():
scope.glitch.offset = glitch_settings[1]
scope.glitch.width = glitch_settings[0]
scope.glitch.ext_offset = glitch_settings[2]
if scope.adc.state:
# can detect crash here (fast) before timing out (slow)
print("Trigger still high!")
gc.add("reset", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset))
#Device is slow to boot?
reboot_flush()
scope.arm()
target.simpleserial_write('p', bytearray([0]*5))
ret = scope.capture()
val = target.simpleserial_read_witherrors('r', 1, glitch_timeout=10)#For loop check
if ret:
print('Timeout - no trigger')
gc.add("reset", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset))
#Device is slow to boot?
reboot_flush()
else:
if val['valid'] is False:
gc.add("reset", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset))
else:
if val['rv'] == 1: #for loop check
gc.add("success", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset))
print(val['payload'])
print(scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset)
print("🐙", end="")
else:
gc.add("normal", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset))
does any one has an idea?