I have been trying to get CWLite to successfully voltage glitch the XMEGA target for a couple of days, without any luck. I tried many glitch parameters, sweeping many hours… always no impact or target is reset.
I noticed that a previous response to this is use another target
What do you think makes XMEGA so difficult to voltage glitch?
Is the brown-out detection just more effective? Is it the CW board layout?
Granularity of glitch width, offset etc? A need for shaping the glitch waveform?
I think by default the brownout detection fuses is turned off on the xmega target? The CW target board layout should be pretty good for glitch insertion.
What does your attack code / target code / setup look like? What can you see if you measure the vcc rail?
In my (limited) experience repeating short glitches in a specified timeframe can help increase the likelihood of a successful non-reset glitch.
I tried attacking the glitch_infinite counter implementation.
I use standard CWlite with XMEGA target in one.
The tested settings for the voltage glitch attacks are listed below:
glitch repetition: tested in settings of 1, 2, 3, 10 and 100 repeating glitches
glitch width: tested from -35% to 35% in steps of 0.4%
glitch offset: tested from -35% to 35% in steps of 0.4%
ext_offset_ tested in 2-10, 10-20, 100-200, 2000-2100 clock cycles
I did more than 500k measurements without a single event that have triggered an incorrect program execution.
The results are either in the category of “no error was caused by the glitch” or in the category where “the glitch caused a reboot of the device”
Glitch widths over 18% always cause XMEGA to reset.
One example of a scope measured glitch on repeat 10.
Anyone succeeded in performing a successful Voltage glitch attack on the XMEGA?
Clock glitching works exceptionally well with a very high accuracy.
