X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2FGoodFETGlitch.py;h=383609b87ec4be494e2a58a38a3fdbeadd0a6ce3;hp=0e0a1aa6f71fd9eccb85e45d10233ae28dcc4c0d;hb=3ce12eeaf2628956df8b10ebf0e2824a229cdc93;hpb=1898be2b9e4666be17c4be54560ae8afa7623c7c

diff --git a/client/GoodFETGlitch.py b/client/GoodFETGlitch.py
index 0e0a1aa..383609b 100644
--- a/client/GoodFETGlitch.py
+++ b/client/GoodFETGlitch.py
@@ -5,7 +5,7 @@
 #
 # This code is being rewritten and refactored.  You've been warned!
 
-import sys, time, string, cStringIO, struct, glob, serial, os, random;
+import sys, time, string, cStringIO, struct, glob, os, random;
 import sqlite3;
 
 from GoodFET import *;
@@ -90,19 +90,21 @@ class GoodFETGlitch(GoodFET):
         mins={};
         
         c=self.db.cursor();
-        c.execute("select time,vcc,count from glitches;"); #Limit 10000 for testing.
+        c.execute("select time,vcc,glitchcount,count from glitches;"); #Limit 10000 for testing.
         progress=0;
         for r in c:
             progress=progress+1;
             if progress % 1000000==0: print "%09i rows crunched." % progress;
             t=r[0];
             v=r[1];
-            count=r[2];
-            if count==0:
+            glitchcount=r[2];
+            count=r[3];
+            # FIXME: Threse thresholds suck.
+            if count<2:
                 try: oldmax=maxes[t];
                 except: oldmax=-1;
                 if v>oldmax: maxes[t]=v;
-            elif count==1:
+            elif glitchcount<2:
                 try: oldmin=mins[t];
                 except: oldmin=0x10000;
                 if v<oldmin: mins[t]=v;
@@ -148,11 +150,11 @@ class GoodFETGlitch(GoodFET):
         g(script_timevcc);
     def points(self):
         c=self.db.cursor();
-        c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and count>0;");
+        c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and glitchcount>0;");
         print "time vcc gnd glitchcount count";
         for r in c:
             print "%i %i %i %i %i" % r;
-    def npoints(self):
+    def rpoints(self):
         c=self.db.cursor();
         c.execute("select time,vcc,gnd,glitchcount,count from glitches where lock=0 and glitchcount>0;");
         print "time vcc gnd glitchcount count";
@@ -161,13 +163,14 @@ class GoodFETGlitch(GoodFET):
     #GnuPlot sucks for large sets.  Switch to viewpoints soon.
     # sqlite3 glitch.db "select time,vcc,count from glitches where count=0" | vp -l -d "|" -I
     
-    def explore(self,tstart=0,tstop=-1, trials=1):
+    def explore(self,times=None, trials=10):
         """Exploration phase.  Uses thresholds to find exploitable points."""
         gnd=0;
         self.scansetup(1); #Lock the chip, place key in eeprom.
-        if tstop<0:
+        if times==None:
+            tstart=0;
             tstop=self.client.glitchstarttime();
-        times=range(tstart,tstop);
+            times=range(tstart,tstop);
         random.shuffle(times);
         #self.crunch();
         count=0.0;
@@ -178,10 +181,16 @@ class GoodFETGlitch(GoodFET):
         rows=c.fetchall();
         c.close();
         random.shuffle(rows);
+        print "Exploring %i times." % len(times);
+        mins={};
+        maxes={};
         for r in rows:
             t=r[0];
-            min=r[1];
-            max=r[2];
+            mins[t]=r[1];
+            maxes[t]=r[2];
+        for t in times:
+            min=mins[t];
+            max=maxes[t];
             voltages=range(min,max,1);
             count=count+1.0;
             print "%02.02f Exploring %04i points in t=%04i." % (count/total,len(voltages),t);
@@ -193,16 +202,16 @@ class GoodFETGlitch(GoodFET):
         trials=30;
         lock=0;  #1 locks, 0 unlocked
         vstart=0;
-        vstop=200;  #Could be as high as 0xFFF, but upper range is useless
+        vstop=1024;  #Could be as high as 0xFFF, but upper range is useless
         vstep=1;
         tstart=0;
         tstop=self.client.glitchstarttime();
         tstep=0x1; #Must be 1
         self.scan(lock,trials,range(vstart,vstop),range(tstart,tstop));
-        print "Learning phase complete, beginning to crunch.";
+        print "Learning phase complete, begin to crunch.";
         self.crunch();
-        print "Crunch phase complete, beginning to explore.";
-        self.explore();
+        #print "Crunch phase complete, beginning to explore.";
+        #self.explore();
         
     def scansetup(self,lock):
         client=self.client;
@@ -211,18 +220,24 @@ class GoodFETGlitch(GoodFET):
         client.erase();
         print "Scanning %s" % client.infostring();
         
-        self.secret=0x49;
+        #Kind of arbitrary.
+        #16 bit minimum.
+        self.secret=0xdead;
+        
+        
+        print "-- Setting secret";
+        client.start();
+        
+        #Flash the secret, to try and recover it later.
+        client.erase();
+        print "-- Secret was %02x" % client.getsecret();
+        client.setsecret(self.secret);
+        print "-- Secret set to %02x" % client.getsecret();
+        sys.stdout.flush()
+        if(client.getsecret()!=self.secret):
+            print "Secret failed to set.  Exiting for safety.";
+            sys.exit();
         
-        while(client.getsecret()!=self.secret):
-            print "-- Setting secret";
-            client.start();
-            
-            #Flash the secret to the first two bytes of CODE memory.
-            client.erase();
-            print "-- Secret was %02x" % client.getsecret();
-            client.setsecret(self.secret);
-            sys.stdout.flush()
-            
         #Lock chip to unlock it later.
         if lock>0:
             client.lock();