X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2FGoodFETGlitch.py;h=06bb511eb98fffcc3ef4867163a750591597930f;hp=0d49ac3e1cda7293d49239a1cdde7e5fc1a10d60;hb=053fca013042a25eecdae93dc08955d6cc106468;hpb=8eed366711c123dbd740b0bc0d5ca0e0c0d770e8

diff --git a/client/GoodFETGlitch.py b/client/GoodFETGlitch.py
index 0d49ac3..06bb511 100644
--- a/client/GoodFETGlitch.py
+++ b/client/GoodFETGlitch.py
@@ -55,7 +55,7 @@ class GoodFETGlitch(GoodFET):
         self.client=0;
     def setup(self,arch="avr"):
         self.client=getClient(arch);
-        self.client.serInit();
+        self.client.serInit(); #No timeout
 
     def glitchvoltages(self,time):
         """Returns list of voltages to train at."""
@@ -70,7 +70,7 @@ class GoodFETGlitch(GoodFET):
             min=r[0];
             max=r[1];
             if(min==None or max==None): return [];
-
+            
             spread=max-min;
             return range(min,max,1);
         #If we get here, there are no points.  Return empty set.
@@ -90,19 +90,21 @@ class GoodFETGlitch(GoodFET):
         mins={};
         
         c=self.db.cursor();
-        c.execute("select time,vcc,count from glitches;"); #Limit 10000 for testing.
+        c.execute("select time,vcc,glitchcount,count from glitches;"); #Limit 10000 for testing.
         progress=0;
         for r in c:
             progress=progress+1;
             if progress % 1000000==0: print "%09i rows crunched." % progress;
             t=r[0];
             v=r[1];
-            count=r[2];
-            if count==0:
+            glitchcount=r[2];
+            count=r[3];
+            # FIXME: Threse thresholds suck.
+            if count<2:
                 try: oldmax=maxes[t];
                 except: oldmax=-1;
                 if v>oldmax: maxes[t]=v;
-            elif count==1:
+            elif glitchcount<2:
                 try: oldmin=mins[t];
                 except: oldmin=0x10000;
                 if v<oldmin: mins[t]=v;
@@ -148,26 +150,27 @@ class GoodFETGlitch(GoodFET):
         g(script_timevcc);
     def points(self):
         c=self.db.cursor();
-        c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and count>0;");
+        c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and glitchcount>0;");
         print "time vcc gnd glitchcount count";
         for r in c:
             print "%i %i %i %i %i" % r;
-    def npoints(self):
+    def rpoints(self):
         c=self.db.cursor();
-        c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and count=0;");
+        c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and glitchcount>0;");
         print "time vcc gnd glitchcount count";
         for r in c:
             print "%i %i %i %i %i" % r;
     #GnuPlot sucks for large sets.  Switch to viewpoints soon.
     # sqlite3 glitch.db "select time,vcc,count from glitches where count=0" | vp -l -d "|" -I
     
-    def explore(self,tstart=0,tstop=-1, trials=1):
+    def explore(self,times=None, trials=10):
         """Exploration phase.  Uses thresholds to find exploitable points."""
         gnd=0;
         self.scansetup(1); #Lock the chip, place key in eeprom.
-        if tstop<0:
+        if times==None:
+            tstart=0;
             tstop=self.client.glitchstarttime();
-        times=range(tstart,tstop);
+            times=range(tstart,tstop);
         random.shuffle(times);
         #self.crunch();
         count=0.0;
@@ -178,10 +181,16 @@ class GoodFETGlitch(GoodFET):
         rows=c.fetchall();
         c.close();
         random.shuffle(rows);
+        print "Exploring %i times." % len(times);
+        mins={};
+        maxes={};
         for r in rows:
             t=r[0];
-            min=r[1];
-            max=r[2];
+            mins[t]=r[1];
+            maxes[t]=r[2];
+        for t in times:
+            min=mins[t];
+            max=maxes[t];
             voltages=range(min,max,1);
             count=count+1.0;
             print "%02.02f Exploring %04i points in t=%04i." % (count/total,len(voltages),t);
@@ -190,7 +199,7 @@ class GoodFETGlitch(GoodFET):
                 self.scanat(1,trials,vcc,gnd,t);
     def learn(self):
         """Learning phase.  Finds thresholds at which the chip screws up."""
-        trials=1;
+        trials=30;
         lock=0;  #1 locks, 0 unlocked
         vstart=0;
         vstop=1024;  #Could be as high as 0xFFF, but upper range is useless
@@ -199,15 +208,19 @@ class GoodFETGlitch(GoodFET):
         tstop=self.client.glitchstarttime();
         tstep=0x1; #Must be 1
         self.scan(lock,trials,range(vstart,vstop),range(tstart,tstop));
-        print "Learning phase complete, beginning to expore.";
+        print "Learning phase complete, beginning to crunch.";
+        self.crunch();
+        print "Crunch phase complete, beginning to explore.";
         self.explore();
         
     def scansetup(self,lock):
         client=self.client;
+        client.verbose=0;
         client.start();
         client.erase();
+        print "Scanning %s" % client.infostring();
         
-        self.secret=0x69;
+        self.secret=0x49;
         
         while(client.getsecret()!=self.secret):
             print "-- Setting secret";
@@ -215,9 +228,10 @@ class GoodFETGlitch(GoodFET):
             
             #Flash the secret to the first two bytes of CODE memory.
             client.erase();
+            print "-- Secret was %02x" % client.getsecret();
             client.setsecret(self.secret);
             sys.stdout.flush()
-
+            
         #Lock chip to unlock it later.
         if lock>0:
             client.lock();
@@ -232,7 +246,7 @@ class GoodFETGlitch(GoodFET):
         #random.shuffle(times);
         
         for vcc in voltages:
-            if lock<0 and not self.vccexplored(vcc):
+            if not self.vccexplored(vcc):
                 print "Exploring vcc=%i" % vcc;
                 sys.stdout.flush();
                 for time in times: