Gesendet: Mittwoch, 10. Februar 2016 um 11:49 Uhr
Von: Nikita <address@hidden>
An: address@hidden
Betreff: [Simulavr-devel] modification of AVR simulator for SCA
Hello,
My name is Nikita, I am a researcher at a university in Brussels and I
am currently trying to modify simulavr
to produce data for side-channel analysis (SCA) ofr security &
cryptography research purposes.
I am very happy with the way this simulator works and I figured out how
to modify it in order to
make something that I need for my research.
However I have a small problem that I can not figure out and I hope that
you can help me with it.
I took the latest version of your code on the official website (1.0.0).
I am modifiyng avrdevice.cpp in the following way:
there are several Get and Set reg methods in the class AvrDevice
What I need is to output the value beeing read and/or written at each
memory access, so for example:
unsigned char AvrDevice::GetCoreReg(unsigned addr) {
assert(addr < registerSpaceSize);
return *(rw[addr]);
}
Became:
unsigned char AvrDevice::GetCoreReg(unsigned addr) {
assert(addr < registerSpaceSize);
leakValue( *(rw[addr]) ); // funciton that actually appends the
value into a file "trace.txt"
return *(rw[addr]);
}
These modifications work ok on all these Get and Set functions except
the ons that work with IOReg:
- AvrDevice::GetIOReg
- AvrDevice::SetIOReg
- AvrDevice::SetIORegBit
If I do something like that on AvrDevice::GetIOReg it changes the
behaviour of the program when I test it:
only each 2nd character entered by the used is actually handled by the
program
(I am testing it on examples/simple_ex1 that is also on the website).
I found a hack to me it work for AvrDevice::GetIOReg by just reading the
value once in a tmp variable and then using it
in my leakValue funciton and in the return, like that:
unsigned char AvrDevice::GetIOReg(unsigned addr) {
assert(addr < ioSpaceSize); // callers do use 0x00 base, not 0x20
unsigned char tmp = *(rw[addr + registerSpaceSize]);
leakOnRead( tmp );
return tmp;
}
However as soon as I try to do something similar on AvrDevice::SetIOReg
I get the following error during the execution:
simulavr: hwstack.cpp:282: void ThreadList::OnSPRead(int): Assertion `0
!= SP_value' failed.
Aborted (core dumped)
This is the command that I am using:
./simulavr -d atmega128 -f ../examples/simple_ex1/simple_atmega128.elf
-W 0x20,- -R 0x22,- -T exit
For the Set command what I would like to have it the previous value
stored in
the memory and the new one beeing written, something like that (which
works perfectly for CoreReg):
bool AvrDevice::SetCoreReg(unsigned addr, unsigned char val) {
assert(addr < registerSpaceSize);
leakOnWrite(*(rw[addr]), val); // this is my only addition to the
original code
*(rw[addr]) = val;
return true;
}
And here is the gdb execution trace:
_______________________________________________________________________________________
simulavr: hwstack.cpp:282: void ThreadList::OnSPRead(int): Assertion `0
!= SP_value' failed.
Program received signal SIGABRT, Aborted.
0x00007ffff720ecc9 in __GI_raise (address@hidden)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff720ecc9 in __GI_raise (address@hidden)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff72120d8 in __GI_abort () at abort.c:89
#2 0x00007ffff7207b86 in __assert_fail_base (
fmt=0x7ffff7358830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
address@hidden "0 != SP_value",
address@hidden "hwstack.cpp", address@hidden,
address@hidden
<ThreadList::OnSPRead(int)::__PRETTY_FUNCTION__> "void
ThreadList::OnSPRead(int)") at assert.c:92
#3 0x00007ffff7207c32 in __GI___assert_fail (
assertion=0x47d28c "0 != SP_value", file=0x47d24a "hwstack.cpp",
line=282,
function=0x47d3a0 <ThreadList::OnSPRead(int)::__PRETTY_FUNCTION__>
"void ThreadList::OnSPRead(int)") at assert.c:101
#4 0x000000000044a30d in ThreadList::OnSPRead (address@hidden,
SP_value=<optimised out>) at hwstack.cpp:282
#5 0x000000000044a31c in HWStackSram::OnSPReadByTarget (
address@hidden) at hwstack.cpp:182
#6 0x000000000044a329 in HWStackSram::GetSph (this=0x15aa3d0)
at hwstack.cpp:173
#7 0x000000000044ba88 in IOReg<HWStackSram>::get (this=<optimised out>)
at rwmem.h:199
#8 0x000000000042b016 in AvrDevice::SetIOReg (this=0x6a43c0,
addr=<optimised out>, val=<optimised out>) at avrdevice.cpp:636
---Type <return> to continue, or q <return> to quit---
#9 0x00000000004328b1 in avr_op_OUT::operator() (this=0x6a5d30)
at decoder.cpp:1183
#10 0x000000000042ca4e in AvrDevice::Step (this=0x6a43c0,
address@hidden: false,
nextStepIn_ns=0x7fffffffd8e8)
at avrdevice.cpp:512
#11 0x000000000046f59a in SystemClock::Step (
address@hidden <SystemClock::Instance()::obj>,
address@hidden: false) at systemclock.cpp:157
#12 0x000000000046f778 in SystemClock::Endless (
this=0x6a2240 <SystemClock::Instance()::obj>) at systemclock.cpp:222
#13 0x0000000000406772 in main (argc=<optimised out>, argv=<optimised out>)
at cmd/main.cpp:410
(gdb) quit
A debugging session is active.
Inferior 1 [process 20712] will be killed.
_______________________________________________________________________________________
this is, basically, the only modificaiton that I am trying to do,
I've looked throug the IOReg, RWMem and some other classes that are
involved in this memory access,
but I can not figure out what exactly is the problem there.
Is there any way of getting the old value that was in the IOReg just
before writing into it?
I would really appreciate if you can help me with this task.
Best regards,
--
Nikita
_______________________________________________
Simulavr-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/simulavr-devel