Skip to content

Instantly share code, notes, and snippets.

@rot256

rot256/victim.c

Created February 28, 2020 20:38
Show Gist options
  • Save rot256/9571e9853880e16de2300fce4e9cee56 to your computer and use it in GitHub Desktop.
Save rot256/9571e9853880e16de2300fce4e9cee56 to your computer and use it in GitHub Desktop.
Download ZIP
Glitching attack on Atmega328
Raw
victim.c
#include <avr/io.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <util/delay.h>
#include "aes.h"
#define UART_BAUD 9600
char HEX[] = {
'0', '1', '2', '3',
'4', '5', '6', '7',
'8', '9', 'A', 'B',
'C', 'D', 'E', 'F'
};
uint8_t secret[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0xd6, 0xaa, 0x74, 0xfd, 0xd2, 0xaf, 0x72, 0xfa, 0xda, 0xa6, 0x78, 0xf1, 0xd6, 0xab, 0x76, 0xfe,
0xb6, 0x92, 0xcf, 0x0b, 0x64, 0x3d, 0xbd, 0xf1, 0xbe, 0x9b, 0xc5, 0x00, 0x68, 0x30, 0xb3, 0xfe,
0xb6, 0xff, 0x74, 0x4e, 0xd2, 0xc2, 0xc9, 0xbf, 0x6c, 0x59, 0x0c, 0xbf, 0x04, 0x69, 0xbf, 0x41,
0x47, 0xf7, 0xf7, 0xbc, 0x95, 0x35, 0x3e, 0x03, 0xf9, 0x6c, 0x32, 0xbc, 0xfd, 0x05, 0x8d, 0xfd,
0x3c, 0xaa, 0xa3, 0xe8, 0xa9, 0x9f, 0x9d, 0xeb, 0x50, 0xf3, 0xaf, 0x57, 0xad, 0xf6, 0x22, 0xaa,
0x5e, 0x39, 0x0f, 0x7d, 0xf7, 0xa6, 0x92, 0x96, 0xa7, 0x55, 0x3d, 0xc1, 0x0a, 0xa3, 0x1f, 0x6b,
0x14, 0xf9, 0x70, 0x1a, 0xe3, 0x5f, 0xe2, 0x8c, 0x44, 0x0a, 0xdf, 0x4d, 0x4e, 0xa9, 0xc0, 0x26,
0x47, 0x43, 0x87, 0x35, 0xa4, 0x1c, 0x65, 0xb9, 0xe0, 0x16, 0xba, 0xf4, 0xae, 0xbf, 0x7a, 0xd2,
0x54, 0x99, 0x32, 0xd1, 0xf0, 0x85, 0x57, 0x68, 0x10, 0x93, 0xed, 0x9c, 0xbe, 0x2c, 0x97, 0x4e,
0x13, 0x11, 0x1d, 0x7f, 0xe3, 0x94, 0x4a, 0x17, 0xf3, 0x07, 0xa7, 0x8b, 0x4d, 0x2b, 0x30, 0xc5
};
void uart_init(void) {
UBRR0 = (F_CPU / (16UL * UART_BAUD)) - 1;
UCSR0B = _BV(TXEN0) | _BV(RXEN0);
}
void uart_putchar(char c) {
loop_until_bit_is_set(UCSR0A, UDRE0);
UDR0 = c;
}
void uart_putstr(char *s) {
while (*s) {
uart_putchar(*s);
s++;
}
}
void uart_hex(uint8_t c) {
uart_putchar(HEX[c >> 4]);
uart_putchar(HEX[c & 0xf]);
}
int main (void) {
uart_init();
aes_expanded_key_t key;
uint8_t pt[AES_BLOCKSIZE];
uart_putstr("hi\n\r");
while(1) {
PORTB |= _BV(PORTB5);
memcpy(key.bytes, secret, sizeof secret);
memset(pt, 0, sizeof pt);
encrypt(pt, &key);
PORTB |= ~_BV(PORTB5);
for (uint8_t i = 0; i < sizeof pt; i++)
uart_hex(pt[i]);
uart_putchar('\n');
uart_putchar('\r');
}
}
/* Serial Output:
hi
E4A54AE83F9C11FA165582BF28B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E7380A92A4FE4FD993115F474FB94F93
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A5A3D23FE1A3FA3BFE82BFB0B0C8D3
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
F422B2610F2BBFC273E3B5E2F000FF80
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
961EE601FC1E9C327CE9EB8A2E581E4A
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
8B73F1D50B80719A697C1A3759F33616
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
A92F091C1FF076898255619ACB83BB95
E4CCA61521D4183972383505E8A57974
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4AA4AD25A9CA3FA16FE82E1B0B005AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
34B71708FF7890AFA395124F69B0FE8B
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
E4A54AD23F9CA3FA16FE82BFB0B0C8AC
3524C767702BA144D96E65A36CC3D12108FF0047000102030405060708090A0B0C0D0E0FD6AA74FDD2AF72FADAA678F1D6AB76FEB692CF0B643DBDF1BE9BC5006830B3FEB6FF744ED2C2C9BF6C590CBF0469BF4147F7F7BC95353E03F96C32BCFD058DFD3CAAA3E8A99F9DEB50F3AF57ADF622AA5E390F7DF7A69296A7553DC10AA31F6B14F9701AE35FE28C440ADF4D4EA9C02647438735A41C65B9E016BAF4AEBF7AD2549932D1F08557681093ED9CBE2C974E13111D7FE3944A17F307A78B4D2B30C53031323334353637383941424344454601020408102040801B36637C777BF26B6FC53001672BFED7AB76CA82C97DFA5947F0ADD4A2AF9CA472C0B7FD9326363FF7CC34A5E5F171D8311504C723C31896059A071280E2EB27B27509832C1A1B6E5AA0523BD6B329E32F8453D100ED20FCB15B6ACBBE394A4C58CFD0EFAAFB434D338545F9027F503C9FA851A3408F929D38F5BCB6DA2110FFF3D2CD0C13EC5F974417C4A77E3D645D197360814FDC222A908846EEB814DE5E0BDBE0323A0A4906245CC2D3AC629195E479E7C8376D8DD54EA96C56F4EA657AAE08BA78252E1CA6B4C6E8DD741F4BBD8B8A703EB5664803F60E613557B986C11D9EE1F8981169D98E949B1E87E9CE5528DF8CA1890DBFE6426841992D0FB054BB1668690A0D00006BEF7C8DEAF5CFD7BB37DF5DBEFB9DDEFE2F3FFEFAFFACFEFDDCDEEDFB8E6FD3567F5F7D55FF4DEEFC3B1FF516B3DFFAFEA73F99BCF9FFFDBFE9FC3EEB7FF3F3FADBCE6DDFF8D774737FBB3BFAA2BDFFFBB56AFBD7E7FBDF93BE6DF9E77F3A7A66DE49FD5776D82EFEE7AFBECF2F1DE7F3BFFBFD4AFFF7E9C5D2B676DEF7E7CFE3E96B6BCE66EDABF7F69AEF5EFFC9DFC6AFBEBADBBAFF3FF9E7BA674F9FD7EB7FDDFF783DF6FBB7ABDBFBD0716F75BEE59FFBF7BF76F7EE9866D7BE6A7BFFAB0DEBFAF7DBC7E772FF7D8F7B7FEFCD6F32AF7327F4FDFD6F15D73FDD7F7EA4F0EE9FFE9F6C75277BF73FF734F7F7FEB91C349DAD7CE3BBEF9F2FA74FF5EDEBFDBFD3FBF357EDAC7F7F3E6EF3CDB7F77ECBADAF4C2546F97DD957FFDB37FF879E5417DFCFE69E547A2DDC67867AFBCDFFED2FF7BEEBBBFFDF80EF1BBFF9BBB8FF0AF294F7F4AF731FE5BF75FFF5F7F6977DF664BBB8F7CFDF6FD5F56F9CFEDFFBFD06EED25EBB4E7F971DF9FFFFFEAAF14F47D69E5F7C8DEFA136F5B73D5FFFCFCA79FDFBEF36FFFFEF552EFF7BBEDFB573B36F77EFFD0FBFCF7EF6FF2EF6E7E3DBF9FFB5EF8E7F3432FFEECAFFFFEF077BFD5FF49FDDFB1F9237CD97FF9B3BFF65FEDFF6F9D34DFD856F6FDE3A5EEB7EFC7D8D504F77CD3FBFBE7D7FC1EFBFFE73E479DBD1AAA78FA7D2DFFFC9A7DFEFDBE9F87F6EDAEFFEB11C7BEF677CF39F179DD6AFE57FEFA3B5BEFFA9ADEFBEFF23FDEEBADFF97FFBEF677FAFE3FABFEB3
*/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment