2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
8 import sys, time, string, cStringIO, struct, glob, serial, os, random;
11 from GoodFET import *;
13 class GoodFETGlitch(GoodFET):
15 def __init__(self, *args, **kargs):
16 print "Initializing GoodFET Glitcher."
17 #Database connection and tables.
18 self.db=sqlite3.connect("glitch.db");
19 self.db.execute("create table if not exists glitches(time,vcc,gnd,trials,glitchcount,count,lock)");
21 def setup(self,arch="avr"):
22 self.client=getClient(arch);
26 lock=0; #1 locks, 0 unlocked
28 vstop=0xFFF; #Smaller range sometimes helps.
31 tstop=-1; #<0 defaults to full range
33 self.scan(lock,trials,vstart,vstop,tstart,tstop);
34 def scan(self,lock,trials=1,vstart=0,vstop=0xfff,tstart=0,tstop=-1):
39 tstop=client.glitchstarttime(); #Really long; only use for initial investigation.
40 print "-- Start takes %04i cycles." % tstop;
46 while(client.eeprompeek(0)!=self.secret):
47 print "-- Setting secret";
50 #Flash the secret to the first two bytes of CODE memory.
52 client.eeprompoke(0,self.secret);
53 client.eeprompoke(1,self.secret);
56 #Lock chip to unlock it later.
59 voltages=range(vstart,vstop,1);
60 times=range(tstart,tstop,1);
62 gnd=0; #TODO, glitch GND.
64 random.shuffle(voltages);
65 random.shuffle(times);
67 count=0; #Commit counter.
70 self.scanat(trials,vcc,gnd,time)
77 def scanat(self,trials,vcc,gnd,time):
80 client.glitchRate(time);
81 client.glitchVoltages(gnd, vcc); #drop voltage target
84 print "-- (%i,%i)" % (time,vcc);
86 for i in range(0,trials):
89 #Try to read *0, which is secret if read works.
90 a=client.eeprompeek(0x0);
91 if self.lock>0: #locked
92 if(a!=0 and a!=0xFF and a!=self.secret):
95 print "-- %04x: %02x HELL YEAH! " % (time, a);
102 print "values (%i,%i,%i,%i,%i);" % (
103 time,vcc,gnd,gcount,scount);
104 self.db.execute("insert into glitches(time,vcc,gnd,trials,glitchcount,count,lock)"
105 "values (%i,%i,%i,%i,%i,%i,%i);" % (
106 time,vcc,gnd,trials,gcount,scount,self.lock));