Any tutorial about glitching

Thanks :smile:

I need to clean up one magic number I used for timing, otherwise itā€™ll be wrong for BP6.

I also want to add one option (disable ā€œreadyā€ input, so you didnā€™t need to jump IO01 high if not needed).

And itā€™ll need a good review before merge for bugs and to be sure I didnā€™t do something dumb with respect to the rest of the project :man_facepalming:

Iā€™m also working on more detailed blog posts on this stuff, but I probably wonā€™t publish before I give my talk in early April.

3 Likes

I literally just cleared a similar bug in a new thread while you were posting :laughing:

3 Likes

This is good stuff. I was working on something very similar with this tekpower bench supply so i could get the firmware off. I could glitch it via shorting a swd pin to ground sometimes- found this out by accident, I actually bypassed their uart command protection for a minute when i had the terminal up and then protection came back on, i will get there but i love projects like this that end up in code usable for everyone. so useful, and awesome work. When you get ready to publish, please let everyone know what conference, if its close I will get there. Cheers and awesome stuff.

5 Likes

i am not sure about where you probing, but i found this to be super helpful when isolating things i want to look at or do analysis on. makerprobes. Lectronz

4 Likes

I have pushed my changes and created a PR for this: Adding UART glitching by mbrugman67 Ā· Pull Request #186 Ā· DangerousPrototypes/BusPirate5-firmware Ā· GitHub

It does need a good review; while it works for all of the cases and testing Iā€™ve done, I couldā€™ve easily missed something. I also want to be sure my code is compatible with the BP codebase and philosophy in general.

There are a LOT of commits here, including a few times rebasing against the Official repo, but I donā€™t see any merge conflicts at this point.

Thanks much!
Matt

2 Likes

Those are much cooler than the mess of 3d printing, gravity, and hand soldered crap Iā€™ve been using!

2 Likes

I am cleaning up the PR branchā€™s history by cherry picking each commit into my own branch. 8-9 commits is easier to review than the 51-commit original PR. (see github for progressā€¦) the goal is that every commit that hits the main branch builds cleanly.

80% through already, and the only things I found were very minor. I have not reviewed for functionality ā€¦ only for format specifiers, missing return values from functions, etc. That said, you did a great job figuring all the twists and turns needed to get a new command added + localization changes + ā€¦ NICE WORK!

The only downside to my rebaseā€™ing is that I donā€™t know (yet) how to get the git history to show you made the commit when I cherry pickā€¦ I want you to get the credit for this great PR!

When done, I can give you the commands needed to cherry-pick the commits back under your own name, or I can just force-push the changes into your branch. Let me know your preference?

1 Like

yeah so have you seen some of the work from the guy stephan on hardware io talk? i know chipwhisperer and all those have osciloscopes attached and sort of a one stop board but simple power analysis using a 45 dollar board and an older scope is pretty cool. https://www.tindie.com/stores/stephanelec/

2 Likes

Hi @mbrugman,

The good news: After rebaseā€™ing the PR, there are only 8 commits.

I also figured out how to lie to the git history, so you will get credit (and blame) for these changes. Please checkout PR #187.

See ā€¦ I wanted to make this painless for you, and I think I have! :slight_smile:

I will close PR #186 in favor of this rebased PR ā€¦ the git history is much cleaner as a result.


Steps to compare your current PR branch vs. the rebase'd PR branch

### ensure my branch is one of your known remotes
git remote add henrygab https://github.com/henrygab/buspirate-firmware

### pull the commits from my remote
git pull --all

### show which _files_ changed  between
### your PR #186 branch (07c8c93) and
### my PR #187 branch (416e68e)
git diff --name-only 07c8c93 416e68e

### checkout the full diff ... but note git diff
### has trouble with the auto-generated
### translation files...
git diff 07c8c93 416e68e

If anything was missed or awry, could you please let me know (and I can fix) or submit a new PR with that fix?

Thanks!

3 Likes

This is very cool. Perhaps the store will someday offer a glitching plank?

Adding to this knowledge base, I wanted to let others know about a new low-cost glitching platform, the Picoglitcher and a lower-cost board with some DIY assembly.

Besides level shifters, it has ā€œA newly designed input stage (EXT1 and EXT2) can be used to filter out noise and other disturbances via adjustable Schmitt Triggers. The multiplexing output can be used to quickly switch between up to four different voltage levels and to supply the target board with power.ā€
There is also an extension board that will allow pulse shaping in the works. I chatted with Matthias Kesenheimer and he told me the extra board has expensive components, and it might cost 100ā‚¬. The project is documented here.

5 Likes

@henrygab thanks for cleaning up the mess!

I need to be better with handling upstream. I wanted to keep my branch tightly syncā€™d with what was happening with the main project.

Maybe before submitting as a PR, I shouldā€™ve just created a new branch and cherry picked over to that from my dev branch. Also, Iā€™ll should keep in mind that my ā€˜personalā€™ projects might actually be useful, haha. .

Live & learn, right? Thanks again for the help!

4 Likes

Hi Matt,

Here are the steps I take while working on a branch (which only I work on).

Just like you, I want to keep my branch really close to upstream/main. For my example here, my working branch will be named bugfix1.


I periodically do the following

:zap: WARNING :zap:
Use of git push --force can cause problems
because it changes the commit history of the
branch.
Here, itā€™s presumed that youā€™re the only one
using the branch, and youā€™re not expecting
to accept PRs into the branch.


# pull latest from upstream (and every other remote)
git pull --all

# ensure upstream/main didn't have breaking changes
# by updating my fork's main using --ff-only
# and push back to my github fork
git switch main
git merge --ff-only upstream/main
git push

# remind myself of all my branch names, so I can update each one
git branch -v

# ################################################################
# For each branch (I'll show `bugfix1` in this example)
# rebase the branch.   For conflicts, I prefer VSCode
# for visual conflict resolution, but as kids say, "you do you".

# short version, once you are comfortable
git switch bugfix1
git rebase main

# ... conflict resolution, if any ...
# e.g., edit conflicted files, then `git rebase --continue`, etc.

# force-push the rebase'd branch to github
# (Note above warning)
git push --force

# lather, rinse, repeat for other branches
# ################################################################



The above keeps a nice, clean commit history. Hereā€™s my prefered alias for cmd-line viewing of the history:

git log --graph --decorate --pretty=oneline --abbrev-commit --all

4 Likes

Iā€™m sorry. EmmanuelT already mentioned this device. I missed the reference.

BTW, Iā€™m reading the Colin Oā€™Flynn book and he mentions using a MAX4619 Analog switch for fast glitching. It can generate a 20 ns glitch. Alternately, for an easier implementation of a crowbar power glitch using a MOSFET, he suggests a DMN2056U for low power devices and a IRF7807 for high power devices as suitable components.

4 Likes

That book is sooo good! I had a class with him for the chip whisperer a couple of years ago at BH. Really nice guy, too :slight_smile:

4 Likes

Oh man, I totally missed the python script! I was updating all of the individual language files manually! That script is so much easier and cleaner.

I missed the whole thread about this; I think by that time I just had my head down and was plowing through. The script is such a better way to handle it all.

2 Likes

yeah that is common, i have a few they are great, if you read riverloops old blogs they build a glitcher off it, you can do it on a raspberrypi and the permaproto boardā€¦GitHub - riverloopsec/flash-bash: Flash-BASH is a Raspberry Pi based tool that uses a multiplexer to "glitch" a target device into a privileged open state.

2 Likes

Nice, straight-forward application, but I would guess the timing isnā€™t very consistent.

I havenā€™t used EAGLE since Autodesk/Dassault bought them out and screwed up the licensing. Anyone have the schematic for the hat?

Edit: I see it can be opened in Kicad, Iā€™ll take a look tomorrow.

1 Like