0xRoM / Hardware
Transfer to URL with SHA Find file
Newer
Older
Hardware / FaultInjection / examples / FaultyCat / 03_password_check / example_v3.0.ino
0xRoM on 11 Feb 2 KB initial commit
Raw Blame History 
  1. #include <SoftwareSerial.h>
  2.  
  3. #define RX    3   // *** D3, Pin 2
  4. #define TX    4   // *** D4, Pin 3
  5. SoftwareSerial Serial(RX, TX);
  6.  
  7. const String correctPassword = "secure123";  // Hardcoded password
  8. String inputString = "";                     // Variable to hold user input
  9. bool stringComplete = false;                 // Flag to indicate when a string is complete
  10. bool loggedIn = false;
  11.  
  12. void setup() {
  13.   Serial.begin(9600);
  14.   Serial.println(" ");
  15.   Serial.println("Initializing...");
  16.   delay(200);  // Delay for initialization
  17.   Serial.print("[-]> ");
  18. }
  19.  
  20. void prompt(){
  21.   // Reset for the next input without checking password
  22.   inputString = "";
  23.   stringComplete = false;
  24.   if(loggedIn == false){
  25.     Serial.print("[-]"); // not logged in 
  26.   }else{
  27.     Serial.print("[+]"); // logged in
  28.   }
  29.   Serial.print("> ");
  30. }
  31.  
  32. void loop() {
  33.   // If the string is complete, process the input
  34.   if (stringComplete) {
  35.     // Glitch-prone section: making the comparison more complex and glitch-susceptible
  36.     volatile bool match = false;  // Using 'volatile' to increase glitch vulnerability
  37.     
  38.     // Introduce some artificial delays (vulnerable points for glitching)
  39.     for (volatile int i = 0; i < 100; i++) {
  40.       delayMicroseconds(1);  // Short delay to give more opportunity for glitches
  41.     }
  42.     
  43.     // Dummy operation: XOR password with itself (reversible) before comparison
  44.     volatile String tempPassword = correctPassword;
  45.     for (int i = 0; i < tempPassword.length(); i++) {
  46.       tempPassword[i] ^= 0xFF;  // XOR with 0xFF (dummy operation to increase complexity)
  47.       tempPassword[i] ^= 0xFF;  // XOR back to restore original password
  48.     }
  49.  
  50.     // Check if input is "ping"
  51.     if (inputString == "ping") {
  52.       Serial.println("pong");  // Respond with "pong" if input is "ping"
  53.       prompt();
  54.       return;  // Exit the loop to avoid further processing (no "Password incorrect!" after "pong")
  55.     }
  56.     // Now compare the user input with the hardcoded password, but with timing window
  57.     else if (inputString == correctPassword) {
  58.       match = true;  // Passwords match
  59.     }
  60.  
  61.     // Add a chance for glitches to affect this critical condition
  62.     if (match) {
  63.       Serial.println("Password correct!");
  64.       loggedIn = true;
  65.     } else {
  66.       Serial.println("Password incorrect!");
  67.     }
  68.     prompt();
  69.   }
  70.  
  71.   // Listen for input from the user
  72.   while (Serial.available()) {
  73.     char inChar = (char)Serial.read();  // Read the incoming character
  74.     
  75.     // Check if it is the return character (indicating the end of input)
  76.     if (inChar == '\r' || inChar == '\n') {
  77.       stringComplete = true;
  78.     } else {
  79.       // Append the character to the input string
  80.       inputString += inChar;
  81.     }
  82.   }
  83. }
Buy Me A Coffee