projects
/
goodfet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Better glitching code, more portable than the old.
[goodfet]
/
client
/
GoodFETGlitch.py
diff --git
a/client/GoodFETGlitch.py
b/client/GoodFETGlitch.py
index
56f3075
..
ce82d0d
100644
(file)
--- a/
client/GoodFETGlitch.py
+++ b/
client/GoodFETGlitch.py
@@
-55,7
+55,7
@@
class GoodFETGlitch(GoodFET):
self.client=0;
def setup(self,arch="avr"):
self.client=getClient(arch);
self.client=0;
def setup(self,arch="avr"):
self.client=getClient(arch);
- self.client.serInit();
+ self.client.serInit();
#No timeout
def glitchvoltages(self,time):
"""Returns list of voltages to train at."""
def glitchvoltages(self,time):
"""Returns list of voltages to train at."""
@@
-70,7
+70,7
@@
class GoodFETGlitch(GoodFET):
min=r[0];
max=r[1];
if(min==None or max==None): return [];
min=r[0];
max=r[1];
if(min==None or max==None): return [];
-
+
spread=max-min;
return range(min,max,1);
#If we get here, there are no points. Return empty set.
spread=max-min;
return range(min,max,1);
#If we get here, there are no points. Return empty set.
@@
-199,26
+199,30
@@
class GoodFETGlitch(GoodFET):
tstop=self.client.glitchstarttime();
tstep=0x1; #Must be 1
self.scan(lock,trials,range(vstart,vstop),range(tstart,tstop));
tstop=self.client.glitchstarttime();
tstep=0x1; #Must be 1
self.scan(lock,trials,range(vstart,vstop),range(tstart,tstop));
- print "Learning phase complete, beginning to expore.";
+ print "Learning phase complete, beginning to crunch.";
+ self.crunch();
+ print "Crunch phase complete, beginning to explore.";
self.explore();
def scansetup(self,lock):
client=self.client;
self.explore();
def scansetup(self,lock):
client=self.client;
+ client.verbose=0;
client.start();
client.erase();
client.start();
client.erase();
+ print "Scanning %s" % client.infostring();
- self.secret=0x
6
9;
+ self.secret=0x
4
9;
- while(client.
eeprompeek(0
)!=self.secret):
+ while(client.
getsecret(
)!=self.secret):
print "-- Setting secret";
client.start();
#Flash the secret to the first two bytes of CODE memory.
client.erase();
print "-- Setting secret";
client.start();
#Flash the secret to the first two bytes of CODE memory.
client.erase();
-
client.eeprompoke(0,self.secret
);
- client.
eeprompoke(1,
self.secret);
+
print "-- Secret was %02x" % client.getsecret(
);
+ client.
setsecret(
self.secret);
sys.stdout.flush()
sys.stdout.flush()
-
+
#Lock chip to unlock it later.
if lock>0:
client.lock();
#Lock chip to unlock it later.
if lock>0:
client.lock();
@@
-233,7
+237,7
@@
class GoodFETGlitch(GoodFET):
#random.shuffle(times);
for vcc in voltages:
#random.shuffle(times);
for vcc in voltages:
- if
lock<0 and
not self.vccexplored(vcc):
+ if not self.vccexplored(vcc):
print "Exploring vcc=%i" % vcc;
sys.stdout.flush();
for time in times:
print "Exploring vcc=%i" % vcc;
sys.stdout.flush();
for time in times:
@@
-265,7
+269,7
@@
class GoodFETGlitch(GoodFET):
client.glitchstart();
#Try to read *0, which is secret if read works.
client.glitchstart();
#Try to read *0, which is secret if read works.
- a=client.
eeprompeek(0x0
);
+ a=client.
getsecret(
);
if lock>0: #locked
if(a!=0 and a!=0xFF and a!=self.secret):
gcount+=1;
if lock>0: #locked
if(a!=0 and a!=0xFF and a!=self.secret):
gcount+=1;