simulavr-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Simulavr-devel] modification of AVR simulator for SCA


From: Klaus Rudolph
Subject: Re: [Simulavr-devel] modification of AVR simulator for SCA
Date: Wed, 10 Feb 2016 17:50:09 +0100

Hi,

at first: Please use latest git master content. The version 1.0.0 contains so 
many bugs that I can not answer any question to that outdated version. As you 
can see in the bug tracker all known bugs are fixed in the current head of the 
master branch. So please download latest sources from git and retest again.

Sorry for the inconvenience!

For accessing functions which read and write direct to the core registers:

If a register is not only plain ram/flash every access to it can change the 
state of internal hardware. For example if you read from UartDataRegister the 
read will eat the value and clear the flags in the status register for the 
uart. The result is, that the access from the avr program will receive only 
every second byte because the other bytes are already read by your additional 
access.

I think there was a backdoor read function in earlier versions. But I can't 
find it??

The problem with the thread I can't explain. I never looked in that code and I 
have no idea what the tread is good for while accessing registers. Maybe this 
stuff can also be removed...

Maybe someone else can give some hints especially for this "mystery" threading 
things?



Regards
 Klaus


> Gesendet: Mittwoch, 10. Februar 2016 um 11:49 Uhr
> Von: Nikita <address@hidden>
> An: address@hidden
> Betreff: [Simulavr-devel] modification of AVR simulator for SCA
>
> Hello,
> 
> My name is Nikita, I am a researcher at a university in Brussels and I
> am currently trying to modify simulavr
> to produce data for side-channel analysis (SCA) ofr security &
> cryptography research purposes.
> I am very happy with the way this simulator works and I figured out how
> to modify it in order to
> make something that I need for my research.
> However I have a small problem that I can not figure out and I hope that
> you can help me with it.
> 
> I took the latest version of your code on the official website (1.0.0).
> I am modifiyng avrdevice.cpp in the following way:
> there are several Get and Set reg methods in the class AvrDevice
> What I need is to output the value beeing read and/or written at each
> memory access, so for example:
> 
> unsigned char AvrDevice::GetCoreReg(unsigned addr) {
>     assert(addr < registerSpaceSize);
>     return *(rw[addr]);
> }
> 
> Became:
> unsigned char AvrDevice::GetCoreReg(unsigned addr) {
>     assert(addr < registerSpaceSize);
>     leakValue( *(rw[addr]) ); // funciton that actually appends the
> value into a file "trace.txt"
>     return *(rw[addr]);
> }
> 
> These modifications work ok on all these Get and Set functions except
> the ons that work with IOReg:
>  - AvrDevice::GetIOReg
>  - AvrDevice::SetIOReg
>  - AvrDevice::SetIORegBit
> 
> If I do something like that on AvrDevice::GetIOReg it changes the
> behaviour of the program when I test it:
> only each 2nd character entered by the used is actually handled by the
> program
> (I am testing it on examples/simple_ex1 that is also on the website).
> I found a hack to me it work for AvrDevice::GetIOReg by just reading the
> value once in a tmp variable and then using it
> in my leakValue funciton and in the return, like that:
> 
> unsigned char AvrDevice::GetIOReg(unsigned addr) {
>     assert(addr < ioSpaceSize);  // callers do use 0x00 base, not 0x20
>     unsigned char tmp = *(rw[addr + registerSpaceSize]);
>     leakOnRead( tmp );
>     return tmp;
> }
> 
> However as soon as I try to do something similar on AvrDevice::SetIOReg
> I get the following error during the execution:
> 
> simulavr: hwstack.cpp:282: void ThreadList::OnSPRead(int): Assertion `0
> != SP_value' failed.
> Aborted (core dumped)
> 
> This is the command that I am using:
> ./simulavr -d atmega128 -f ../examples/simple_ex1/simple_atmega128.elf
> -W 0x20,- -R 0x22,- -T exit
> 
> For the Set command what I would like to have it the previous value
> stored in
> the memory and the new one beeing written, something like that (which
> works perfectly for CoreReg):
> 
> bool AvrDevice::SetCoreReg(unsigned addr, unsigned char val) {
>     assert(addr < registerSpaceSize);
>     leakOnWrite(*(rw[addr]), val); // this is my only addition to the
> original code
>     *(rw[addr]) = val;
>     return true;
> }
> 
> And here is the gdb execution trace:
> 
> _______________________________________________________________________________________
> simulavr: hwstack.cpp:282: void ThreadList::OnSPRead(int): Assertion `0
> != SP_value' failed.
> 
> Program received signal SIGABRT, Aborted.
> 0x00007ffff720ecc9 in __GI_raise (address@hidden)
>     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> 56    ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> (gdb) bt
> #0  0x00007ffff720ecc9 in __GI_raise (address@hidden)
>     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> #1  0x00007ffff72120d8 in __GI_abort () at abort.c:89
> #2  0x00007ffff7207b86 in __assert_fail_base (
>     fmt=0x7ffff7358830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
>     address@hidden "0 != SP_value",
>     address@hidden "hwstack.cpp", address@hidden,
>     address@hidden
> <ThreadList::OnSPRead(int)::__PRETTY_FUNCTION__> "void
> ThreadList::OnSPRead(int)") at assert.c:92
> #3  0x00007ffff7207c32 in __GI___assert_fail (
>     assertion=0x47d28c "0 != SP_value", file=0x47d24a "hwstack.cpp",
> line=282,
>     function=0x47d3a0 <ThreadList::OnSPRead(int)::__PRETTY_FUNCTION__>
> "void ThreadList::OnSPRead(int)") at assert.c:101
> #4  0x000000000044a30d in ThreadList::OnSPRead (address@hidden,
>     SP_value=<optimised out>) at hwstack.cpp:282
> #5  0x000000000044a31c in HWStackSram::OnSPReadByTarget (
>     address@hidden) at hwstack.cpp:182
> #6  0x000000000044a329 in HWStackSram::GetSph (this=0x15aa3d0)
>     at hwstack.cpp:173
> #7  0x000000000044ba88 in IOReg<HWStackSram>::get (this=<optimised out>)
>     at rwmem.h:199
> #8  0x000000000042b016 in AvrDevice::SetIOReg (this=0x6a43c0,
>     addr=<optimised out>, val=<optimised out>) at avrdevice.cpp:636
> ---Type <return> to continue, or q <return> to quit---
> #9  0x00000000004328b1 in avr_op_OUT::operator() (this=0x6a5d30)
>     at decoder.cpp:1183
> #10 0x000000000042ca4e in AvrDevice::Step (this=0x6a43c0,
>     address@hidden: false,
> nextStepIn_ns=0x7fffffffd8e8)
>     at avrdevice.cpp:512
> #11 0x000000000046f59a in SystemClock::Step (
>     address@hidden <SystemClock::Instance()::obj>,
>     address@hidden: false) at systemclock.cpp:157
> #12 0x000000000046f778 in SystemClock::Endless (
>     this=0x6a2240 <SystemClock::Instance()::obj>) at systemclock.cpp:222
> #13 0x0000000000406772 in main (argc=<optimised out>, argv=<optimised out>)
>     at cmd/main.cpp:410
> (gdb) quit
> A debugging session is active.
> 
>     Inferior 1 [process 20712] will be killed.
> 
> _______________________________________________________________________________________
> 
> this is, basically, the only modificaiton that I am trying to do,
> I've looked throug the IOReg, RWMem and some other classes that are
> involved in this memory access,
> but I can not figure out what exactly is the problem there.
> 
> Is there any way of getting the old value that was in the IOReg just
> before writing into it?
> 
> I would really appreciate if you can help me with this task.
> 
> Best regards,
> 
> -- 
> Nikita
> 
> 
> 
> _______________________________________________
> Simulavr-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/simulavr-devel
> 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]