-
CLAUDEPIERRE Ludovic authored
ajout une led s'allume quand reception du trigger (push rst pour l'eteindre), màj des en-têtes licence et du Readme
CLAUDEPIERRE Ludovic authoredajout une led s'allume quand reception du trigger (push rst pour l'eteindre), màj des en-têtes licence et du Readme
README.md 1.90 KiB
About this repository
- This is the source code of TRAITOR (TRAnsportable glItch aTtack platfORm), a FPGA platform used for fault injection, specifically clock glitch fault injection. More details in our paper [1].
- VHDL has been created with Vivado version 2018.3. You should synthetized the code with this specific version, or with another one that has been tested : 2019.2. Both versions produce a working synthesis. Results with other versions is unknown.
- FPGA target is the Arty A7-35T [2]
- Attacked device in the paper is the STM32F100RB [3], a.k.a. STM32F1Discovery-VL
- If you use TRAITOR, please cite our paper [1].
Usage
To configure the FPGA, use any software that can communicate on serial port and use this configuration:
- Baud rate : 115200
- Bits : 8
- Stopbits : 1
- Parity : None
- Flow control : None
Here's the memory layout of the FPGA. Address 0x00 is used for a specific
parameter called amplitude (see paper). Each glitch is coded on 8 bytes: 4
bytes for the delay, 4 bytes for the width. User can encode up to 31
glitches.
| Variable | Adresse | Value | ||
|---|---|---|---|---|
| Amplitude | 0x00 |
[0xE0-0xF0] |
||
| Delay 1 | [0x01-0x04] |
User defined | ||
| Width 1 | [0x05-0x08] |
User defined | ||
| Delay 2 | [0x09-0x0C] |
User defined | ||
| Width 2 | [0x0D-0x10] |
Used defined | ||
| ... | ... | ... |
References
- [1] Ludovic Claudepierre, Pierre-Yves Péneau, Damien Hardy, Erven Rohou. TRAITOR: A Low-Cost Evaluation Platform for Multifault Injection. In International Symposium on Advanced Security on Software and Systems (ASSS), ACM 2021
- [2] https://www.xilinx.com/products/boards-and-kits/1-elhaap.html
- [3] https://www.st.com/en/microcontrollers-microprocessors/stm32f100rb.html