open-tl866 icon indicating copy to clipboard operation
open-tl866 copied to clipboard
verified publisher icon JohnDMcMaster

Milestone: Glitching and trigger library

Open Kiboneu opened this issue 7 years ago • 3 comments

Use primitives in io.c (potentially expanding on it if necessary), and make some code to handle triggering. Applications can be made with the library for more specific glitch routines for specific chips and applications.

Some parameters for a preliminary voltage glitching implementation:

  • Target pin to glitch (usually Vcc)

  • Nominal voltage

  • Glitch voltage

  • Pin to listen to for triggering (a data pin, might be worth abstracting this for parallel buses.)

  • Clock pin (user can use device's or add their own clock to a free pin)

  • Trigger type

    • Trigger on Nth rising edge
    • Trigger on Nth falling edge
    • Trigger when a defined bit sequence pattern is encountered N times

  • Delay (in clock cycles from 'clock pin')

  • Duration (in clock cycles)

Need to measure and figure out how to deal with delays introduced when changing voltages of the target pin.

Working on this right now and this is still cooking, feedback would be appreciated.

Kiboneu avatar May 25 '18 18:05 Kiboneu

Have you looked at chip whisperer at all? What do they do?

JohnDMcMaster avatar May 25 '18 19:05 JohnDMcMaster

I've used CW for power analysis, but I haven't considered looking into its glitch implementation for this project.

https://github.com/newaetech/chipwhisperer/blob/develop/software/chipwhisperer/capture/scopes/cwhardware/ChipWhispererGlitch.py

The parameters the CW glitch module uses are:

  • Clock source
  • Glitch width as % of periods and "fine adjust" (duration I think)
  • Glitch offset as % of period and "fine adjust"
  • Glitch trigger : Manual, Continuous (external), Continuous, Single (external) Not sure what continuous exactly means here, but it seems that single is trigger based.
  • Arm timing (whether to arm the glitch module before or after the scope)
  • External offset (how many clock cycles after a trigger to perform the glitch)
  • Repeat (number of glitch pulses to generate per trigger)
  • output (clock_xor, clock_or, glitch_only (?), clock_only, enable_only)

Looks somewhat similar, would be good to keep them as compatible as possible so folks can port parameters between the CW and tl866. I like the idea of combining voltage / clock glitching like the CW does, so I will keep that in mind while working on this.

Kiboneu avatar May 25 '18 21:05 Kiboneu

Instead of scheduling voltage and clock changes in the main loop for glitching, the tl866a MCU has a few timers and counters which might assist greatly in implementing this with precision.

ww1.microchip.com/downloads/en/DeviceDoc/39775c.pdf

Section 12.x and onwards.

Kiboneu avatar May 29 '18 02:05 Kiboneu