Hardware/FaultInjection/examples/FaultyCat/03_password_check/example_v3.0.ino at 0ca64925e48c7e449863f35d2369b9d7ffb7f123

0xRoM / Hardware
Find file
Newer
Older
Hardware / FaultInjection / examples / FaultyCat / 03_password_check / example_v3.0.ino
0xRoM on 11 Feb 2 KB initial commit
Raw Blame History
#include <SoftwareSerial.h>

#define RX    3   // *** D3, Pin 2
#define TX    4   // *** D4, Pin 3
SoftwareSerial Serial(RX, TX);

const String correctPassword = "secure123";  // Hardcoded password
String inputString = "";                     // Variable to hold user input
bool stringComplete = false;                 // Flag to indicate when a string is complete
bool loggedIn = false;

void setup() {
  Serial.begin(9600);
  Serial.println(" ");
  Serial.println("Initializing...");
  delay(200);  // Delay for initialization
  Serial.print("[-]> ");
}

void prompt(){
  // Reset for the next input without checking password
  inputString = "";
  stringComplete = false;
  if(loggedIn == false){
    Serial.print("[-]"); // not logged in 
  }else{
    Serial.print("[+]"); // logged in
  }
  Serial.print("> ");
}

void loop() {
  // If the string is complete, process the input
  if (stringComplete) {
    // Glitch-prone section: making the comparison more complex and glitch-susceptible
    volatile bool match = false;  // Using 'volatile' to increase glitch vulnerability
    
    // Introduce some artificial delays (vulnerable points for glitching)
    for (volatile int i = 0; i < 100; i++) {
      delayMicroseconds(1);  // Short delay to give more opportunity for glitches
    }
    
    // Dummy operation: XOR password with itself (reversible) before comparison
    volatile String tempPassword = correctPassword;
    for (int i = 0; i < tempPassword.length(); i++) {
      tempPassword[i] ^= 0xFF;  // XOR with 0xFF (dummy operation to increase complexity)
      tempPassword[i] ^= 0xFF;  // XOR back to restore original password
    }

    // Check if input is "ping"
    if (inputString == "ping") {
      Serial.println("pong");  // Respond with "pong" if input is "ping"
      prompt();
      return;  // Exit the loop to avoid further processing (no "Password incorrect!" after "pong")
    }
    // Now compare the user input with the hardcoded password, but with timing window
    else if (inputString == correctPassword) {
      match = true;  // Passwords match
    }

    // Add a chance for glitches to affect this critical condition
    if (match) {
      Serial.println("Password correct!");
      loggedIn = true;
    } else {
      Serial.println("Password incorrect!");
    }
    prompt();
  }

  // Listen for input from the user
  while (Serial.available()) {
    char inChar = (char)Serial.read();  // Read the incoming character
    
    // Check if it is the return character (indicating the end of input)
    if (inChar == '\r' || inChar == '\n') {
      stringComplete = true;
    } else {
      // Append the character to the input string
      inputString += inChar;
    }
  }
}