X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=firmware%2Fapps%2Fglitch%2Fglitch.c;h=40e81221f4d1e10bebdb7ede8c2b46e1626f4708;hb=b0672fbb55953e2530caed3e2f37ed2ac938a97c;hp=1e7330dd49707df2876f56f94957ebdd58a3f534;hpb=eddb0eb08f187dc156a6cb51878104df67d97436;p=goodfet

diff --git a/firmware/apps/glitch/glitch.c b/firmware/apps/glitch/glitch.c
index 1e7330d..40e8122 100644
--- a/firmware/apps/glitch/glitch.c
+++ b/firmware/apps/glitch/glitch.c
@@ -11,32 +11,180 @@
 #include "command.h"
 #include "glitch.h"
 
-//! Disable glitch state at init.
+//! Handles a monitor command.
+void glitch_handle_fn( uint8_t const app,
+					   uint8_t const verb,
+					   uint32_t const len);
+
+// define the glitch app's app_t
+app_t const glitch_app = {
+
+	/* app number */
+	GLITCH,
+
+	/* handle fn */
+	glitch_handle_fn,
+
+	/* name */
+	"GLITCH",
+
+	/* desc */
+	"\tThe GLITCH app adds support for doing glitch research.\n"
+	"\tSee the TI example MSP430x261x_dac12_01.c for usage of the DAC.\n"
+	"\tThis module sends odd and insufficient voltages on P6.6/DAC0\n"
+	"\tin order to bypass security restrictions of target devices.\n"
+};
+
+//! Call this before the function to be glitched.
+void glitchprime(){
+#ifdef DAC12IR
+  WDTCTL = WDTPW + WDTHOLD;             // Stop WDT
+  
+  glitchsetup();
+  _EINT();
+  return;
+#endif
+}
+
+//! Setup glitching.
 void glitchsetup(){
 #ifdef DAC12IR
   //Set GSEL high to disable glitching.
-
-  P5DIR|=0x80;
-  P6DIR|=0x40;  
   
-  P5OUT|=0x80;
-  P6OUT|=0x40;
+  //Normal voltage, use resistors instead of output.
+  //P5DIR=0x80;   //ONLY glitch pin is output.
+  P5DIR|=0x80;   //glitch pin is output.
+  P5OUT|=0x80;  //It MUST begin high.
+  //P5REN|=0x7F;  //Resistors pull high and low weakly.
   
-  glitchsetupdac();
+  P6DIR|=BIT6+BIT5;
+  P6OUT|=BIT6+BIT5;
+  
+  WDTCTL = WDTPW + WDTHOLD;             // Stop WDT
+  TACTL = TASSEL1 + TACLR;              // SMCLK, clear TAR
+  CCTL0 = CCIE;                         // CCR0 interrupt enabled
+  CCR0 = glitchcount+0x10;              // Compare Value
+  TACTL |= MC_2;                        // continuous mode.
 #endif
 }
 
-//! Setup analog chain for glitching.
-void glitchsetupdac(){
-#ifdef DAC12IR
+// Timer A0 interrupt service routine
+interrupt(TIMERA0_VECTOR) Timer_A (void){
+  //This oughtn't be necessary, but glitches repeat without it.
+  TACTL=0; //disable counter.
+  
+  
+  P5OUT^=BIT7;//Glitch
+  //asm("nop"); //delay deepens glitch.
+  P5OUT^=BIT7;//Normal
+  
+  //This oughtn't be necessary, but glitches repeat without it.
+  TACTL=0; //disable counter.
+  
+  //P5OUT^=BIT7;//Normal
+  return;
+}
+
+
+u16 glitchcount=0;
+
+//! Glitch an application.
+void glitchapp(u8 app){
+  debugstr("That app is not yet supported.");
+}
+
+
+//! Set glitching voltages.
+void glitchvoltages(u16 gnd, u16 vcc){
+  
+  //debugstr("Set glitching voltages: GND and VCC");
+  //debughex(gnd);
+  //debughex(vcc);
+  
+  /** N.B., because this is confusing as hell.  As per Page 86 of
+      SLAS541F, P6SEL is not what controls the use of the DAC0/DAC1
+      functions on P6.6 and P6.5.  Instead, CAPD or DAC12AMP>0 sets
+      the state.
+  */
+  
+  #ifdef DAC12IR
   int i;
   ADC12CTL0 = REF2_5V + REFON;                  // Internal 2.5V ref on
   // Delay here for reference to settle.
   for(i=0;i!=0xFFFF;i++) asm("nop");
   DAC12_0CTL = DAC12IR + DAC12AMP_5 + DAC12ENC; // Int ref gain 1
+  DAC12_1CTL = DAC12IR + DAC12AMP_5 + DAC12ENC; // Int ref gain 1
   // 1.0V 0x0666, 2.5V 0x0FFF
-  DAC12_0DAT = 0x0FFF;
-  //DAC12_0DAT = 0x0880;
-  //__bis_SR_register(LPM0_bits + GIE);           // Enter LPM0
-#endif 
+  DAC12_0DAT = vcc; //high;
+  DAC12_1DAT = gnd; //low;
+  #endif 
+}
+//! Set glitching rate.
+void glitchrate(u16 rate){
+  glitchcount=rate;
+}
+
+//! Handles a monitor command.
+void glitch_handle_fn( uint8_t const app,
+					   uint8_t const verb,
+					   uint32_t const len)
+{
+  switch(verb){
+  case GLITCHVOLTAGES:
+    glitchvoltages(cmddataword[0],
+		   cmddataword[1]);
+    txdata(app,verb,0);
+    break;
+  case GLITCHRATE:
+    glitchrate(cmddataword[0]);
+    txdata(app,verb,0);
+    break;
+  case GLITCHVERB:
+    //FIXME parameters don't work yet.
+    glitchprime();
+    TAR=0; //Reset clock.
+    handle(cmddata[0],cmddata[1],0);
+    TACTL |= MC0;// Stop Timer_A;
+    break;
+  case GLITCHTIME:
+    debugstr("Measuring start time.");
+    _DINT();//disable interrupts
+    TACTL=0; //clear dividers
+    TACTL|=TACLR; //clear config
+    TACTL|=
+      TASSEL_SMCLK //smclk source
+      | MC_2; //continuous mode.
+    
+    //perform the function
+    silent++;//Don't want the function to return anything.
+    TAR=0;
+    handle(cmddata[0],cmddata[1],0);
+    cmddataword[0]=TAR; //Return counter.
+    silent--;
+    debugstr("Measured start time.");
+    debughex(cmddataword[0]);
+    txdata(app,verb,2);
+    break;
+  case START:
+    //Testing mode, for looking at the glitch waveform.
+    glitchvoltages(0,0xFFF);//Minimum glitch, for noise test.
+    //glitchvoltages(0,0);//Drop VCC
+    //glitchvoltages(0xFFF,0xFFF);//Raise Ground
+    P5OUT|=BIT7;//Normal
+    P5DIR|=BIT7;
+    while(1){
+      P5OUT&=~BIT7;//Glitch
+      //asm("nop"); //Not Necessary
+      P5OUT|=BIT7;//Normal
+      asm("nop");asm("nop");asm("nop");asm("nop");asm("nop");asm("nop");
+      asm("nop");asm("nop");asm("nop");asm("nop");asm("nop");asm("nop");
+    }
+    txdata(app,verb,0);
+    break;
+  case STOP:
+  case GLITCHAPP:
+  default:
+    debugstr("Unknown glitching verb.");
+    txdata(app,NOK,0);
+  }
 }