Differences

This shows you the differences between two versions of the page.

--- project:chipwhisperer:start [2019/01/14 00:17] – Trace saving bug workaround abyssal
+++ project:chipwhisperer:start [2019/11/23 23:31] – [Glitching STM32 external board through UFO-board interface] abyssal
@@ Line 32: / Line 32: @@
   * [[https://wiki.newae.com/CW1173_ChipWhisperer-Lite|Chipwhisperer Lite HW description]]
   * [[https://wiki.newae.com/Tutorial_Map|Chipwhisperer tutorials]]
+  * [[https://github.com/newaetech/chipwhisperer/tree/develop/hardware/capture/chipwhisperer-lite/pcb/eagle | Eagle schematics and board layout]]
+  * [[https://wiki.newae.com/CW506_Advanced_Breakout_Board | Advanced breakout board with voltage translation]]
+  * [[https://wiki.newae.com/CW301_Multi-Target | Multi-target board, unfortunately discontinued and with no schematics available]]
+  * [[https://wiki.newae.com/CW308_UFO_Target | UFO board for various targets, partially replacing multi-target board, but no smartcard slot available]]
+==== Related stuff ====
+  * [[https://is.muni.cz/th/dcv4s/bc.pdf | The use of a power analysis for influencing PIN verification on cryptographic smart card]]
+  * [[https://media.ccc.de/v/35c3-9563-wallet_fail | wallet.fail - using glitching and other side channels for extraction of secrets from Trezor 1 and Ledger Nano]]
+  * [[https://wiki.newae.com/Tutorial_A9_Bypassing_LPC1114_Read_Protect | Glitching LPC1114 to remove read protect]]
+===== Schematics and board layouts =====
+Schematics and board layouts can be viewed under the chipwhisperer checked out directory, in various directories (victims, tools, etc). There are .sch, .brd and generated .pdf files for schematics.
+  * [[https://github.com/newaetech/chipwhisperer/tree/develop/hardware/capture/chipwhisperer-lite/pcb/eagle | ChipWhisperer Lite]]
+  * [[https://github.com/newaetech/chipwhisperer/tree/develop/hardware/victims/smartcard_simple | Smartcard schematics]]
+  * [[https://github.com/newaetech/chipwhisperer/tree/develop/hardware/tools/papillio_target | Pappilio FPGA target]]
 ===== Chipwhisperer password cracking based on timing/power analysis =====
@@ Line 74: / Line 92: @@
+===== Glitching STM32 external board through UFO-board interface =====
+Glitching an STM32F429 discovery evaluation board. The board required resoldering of some solder bridges (SB18, SB19, removing X3 crystal oscillator) so that we can input glitch signal without interference from the STLink integrated SWD or any other clock signal, using PH0 as input from Chipwhisperer.
+The chip has VBAT input, unfortunately it's not connected to any of the output pins, so powering the board from outside without using the STM32F0 SWD STLink is a bit challenge.
+Unfortunately the [[https://wiki.newae.com/CW308T-STM32F | board templates for STM32 for UFO boards are too small for this chip]], which is not made in the smallest TQFP-64 package.
+{{:project:chipwhisperer:chipwhisperer_ufo_stm32f429.jpg?1200|}}
+It'd might work better if SDRAM and display was desoldered as well. By comparing various STM32F4 (415, 427, 429) in STM32CubeMx it reveals that the clock circuits are very different.
+FYI: just keep all the relevants part of pinout connected (GPIO4-trigger, RX/TX). Use 7.37 MHz clock instead of 8 MHz clock provided by the crystal oscillator or MCO from STLink so that the UART doesn't break. For anyone wondering why 7.37 MHz instead of 8 MHz, is that 7.3728e6/38400 == 192 and 7.3728e6/115200 == 64 precisely which is why 7.37 MHz is used for "industrial" UART clock generators. The chip will of course let you reconfigure the clock network, but for the usage with Chipwhisperer, using 7.37 Mhz is much easier.
+====== STM32CubeMX ======
+When you look at the clock networks of various STM32, you will find that each chip has different clock network, STM32F427 cannot be easily replaced with STM32F429.