From: travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Date: Mon, 23 Nov 2009 09:41:11 +0000 (+0000)
Subject: Glitch app is in progress, first support will be for AVR.
X-Git-Url: http://git.rot13.org/?p=goodfet;a=commitdiff_plain;h=eddb0eb08f187dc156a6cb51878104df67d97436;ds=sidebyside

Glitch app is in progress, first support will be for AVR.

git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@236 12e2690d-a6be-4b82-a7b7-67c4a43b65c8
---

diff --git a/client/GoodFETAVR.py b/client/GoodFETAVR.py
index df4acf4..2f06722 100644
--- a/client/GoodFETAVR.py
+++ b/client/GoodFETAVR.py
@@ -112,4 +112,4 @@ class GoodFETAVR(GoodFET):
         if device==None:
             device=("0x%04x" % deviceid);
         
-        return device;
+        return "%s %s" % (vendor,device);
diff --git a/client/goodfet.avr b/client/goodfet.avr
index b9eefcb..65426db 100755
--- a/client/goodfet.avr
+++ b/client/goodfet.avr
@@ -25,6 +25,14 @@ client.serInit()
 #Connect to target
 client.start();
 
+if(sys.argv[1]=="glitch"):
+    print "Identifies as %s" % client.identstr();
+    for i in range(1,20):
+        client.start();
+        print "Identifies as %s, fused 0x%02x" % (
+            client.identstr(),
+            client.lockbits());
+
 if(sys.argv[1]=="info"):
     print "Identifies as %s" % client.identstr();
 if(sys.argv[1]=="erase"):
@@ -32,6 +40,10 @@ if(sys.argv[1]=="erase"):
     client.erase();
 if(sys.argv[1]=="lockbits"):
     print "Lockbits are 0x%02x" % client.lockbits();
+#if(sys.argv[1]=="lock"):
+#if(sys.argv[1]=="unlock"):
+    
+
 
 if(sys.argv[1]=="dump"):
     f = sys.argv[2];
diff --git a/firmware/Makefile b/firmware/Makefile
index 9b73883..f4e6627 100644
--- a/firmware/Makefile
+++ b/firmware/Makefile
@@ -23,7 +23,7 @@ CCEXTRA?=
 CC=msp430-gcc -Wall -Os -g -mmcu=$(mcu) -D$(mcu) -DGCC $(GCCINC) -I include $(CCEXTRA)
 
 #Define extra modules here.
-moreapps?=apps/i2c/i2c.o apps/chipcon/chipcon.o
+moreapps?=apps/i2c/i2c.o apps/chipcon/chipcon.o apps/glitch/glitch.o
 
 apps= $(moreapps) apps/monitor/monitor.o apps/spi/spi.o   apps/jtag/jtag.o apps/jtag/jtag430.o apps/jtag/jtag430x2.o apps/avr/avr.o
 libs= lib/$(mcu).o lib/command.o apps/jtag/jtag430asm.o
diff --git a/firmware/apps/avr/avr.c b/firmware/apps/avr/avr.c
index a8d9d34..f1fe5b7 100644
--- a/firmware/apps/avr/avr.c
+++ b/firmware/apps/avr/avr.c
@@ -11,10 +11,13 @@
 #include <iomacros.h>
 
 #include "avr.h"
+#include "glitch.h"
 
 //! Setup the AVR pins.
 void avrsetup(){
   spisetup();
+  
+  glitchsetup();
 }
 
 //! Initialized an attached AVR.
diff --git a/firmware/apps/chipcon/chipcon.c b/firmware/apps/chipcon/chipcon.c
index 8ee6e80..478e877 100644
--- a/firmware/apps/chipcon/chipcon.c
+++ b/firmware/apps/chipcon/chipcon.c
@@ -278,7 +278,7 @@ void cc_wr_config(unsigned char config){
 
 //! Locks the chip.
 void cc_lockchip(){
-  register i;
+  register int i;
   
   debugstr("Locking chip.");
   cc_wr_config(1);//Select Info Flash 
@@ -555,8 +555,7 @@ for (n = 0; n < count; n++) {
 unsigned char cc_peekdatabyte(unsigned int adr){
   unsigned char
     hb=(adr&0xFF00)>>8,
-    lb=adr&0xFF,
-    toret;
+    lb=adr&0xFF;
   
   //MOV DPTR, adr
   cc_debug(3, 0x90, hb, lb);
diff --git a/firmware/apps/glitch/glitch.c b/firmware/apps/glitch/glitch.c
new file mode 100644
index 0000000..1e7330d
--- /dev/null
+++ b/firmware/apps/glitch/glitch.c
@@ -0,0 +1,42 @@
+/*! \file glitch.c
+  \author Travis Goodspeed
+  \brief Glitching Support for GoodFET20
+  
+  See the TI example MSP430x261x_dac12_01.c for usage of the DAC.
+  This module sends odd and insufficient voltages on P6.6/DAC0
+  in order to bypass security restrictions of target devices.
+*/
+
+#include "platform.h"
+#include "command.h"
+#include "glitch.h"
+
+//! Disable glitch state at init.
+void glitchsetup(){
+#ifdef DAC12IR
+  //Set GSEL high to disable glitching.
+
+  P5DIR|=0x80;
+  P6DIR|=0x40;  
+  
+  P5OUT|=0x80;
+  P6OUT|=0x40;
+  
+  glitchsetupdac();
+#endif
+}
+
+//! Setup analog chain for glitching.
+void glitchsetupdac(){
+#ifdef DAC12IR
+  int i;
+  ADC12CTL0 = REF2_5V + REFON;                  // Internal 2.5V ref on
+  // Delay here for reference to settle.
+  for(i=0;i!=0xFFFF;i++) asm("nop");
+  DAC12_0CTL = DAC12IR + DAC12AMP_5 + DAC12ENC; // Int ref gain 1
+  // 1.0V 0x0666, 2.5V 0x0FFF
+  DAC12_0DAT = 0x0FFF;
+  //DAC12_0DAT = 0x0880;
+  //__bis_SR_register(LPM0_bits + GIE);           // Enter LPM0
+#endif 
+}
diff --git a/firmware/goodfet.c b/firmware/goodfet.c
index 744aa9d..8dea02e 100644
--- a/firmware/goodfet.c
+++ b/firmware/goodfet.c
@@ -10,7 +10,7 @@
 #include "platform.h"
 #include "command.h"
 #include "apps.h"
-
+#include "glitch.h"
 
 
 //LED on P1.0
@@ -80,9 +80,11 @@ int main(void)
   unsigned long len;
   
   init();
+  glitchsetup();
   
   txstring(MONITOR,OK,"http://goodfet.sf.net/");
   
+  
   //Command loop.  There's no end!
   while(1){
     //Magic 3
diff --git a/firmware/include/command.h b/firmware/include/command.h
index ae9fd9e..2a751a8 100644
--- a/firmware/include/command.h
+++ b/firmware/include/command.h
@@ -14,7 +14,7 @@
 //256 bytes, plus overhead
 //For chips with very little RAM.
 #define CMDDATALEN 0x104
-#warning Very little RAM.
+//#warning Very little RAM.
 #endif
 
 #ifndef CMDDATALEN
diff --git a/firmware/include/glitch.h b/firmware/include/glitch.h
new file mode 100644
index 0000000..de3d4a8
--- /dev/null
+++ b/firmware/include/glitch.h
@@ -0,0 +1,13 @@
+/*! \file glitch.h
+  \author Travis Goodspeed
+  \brief Glitch handler functions.
+*/
+
+#include <signal.h>
+#include <io.h>
+#include <iomacros.h>
+
+//! Disable glitch state at init.
+void glitchsetup();
+//! Setup analog chain for glitching.
+void glitchsetupdac();
diff --git a/firmware/include/jtag.h b/firmware/include/jtag.h
index f08ec85..1ef3b79 100644
--- a/firmware/include/jtag.h
+++ b/firmware/include/jtag.h
@@ -138,7 +138,8 @@ extern int savedtclk;
 unsigned int jtag430x2_syncpor();
 //! Executes an MSP430X2 POR
 unsigned int jtag430x2_por();
-
+//! Power-On Reset
+void jtag430_por();
 
 //JTAG commands
 #define JTAG_IR_SHIFT 0x80