SPI :- Serial Peripheral Interface
What is SPI?
SPI (Serial Peripheral Interface) is a synchronous serial communication protocol commonly used for connecting microcontrollers to peripheral devices such as sensors, memory modules, and other integrated circuits. It facilitates full-duplex, bidirectional communication between a master device and one or more slave devices.
How to Identify SPI?
1. Look for multiple wires including SCLK, MOSI, MISO, and SS/CS.
2. Note the presence of a clock signal (SCLK) for synchronization.
3. Confirm the master-slave configuration with one device controlling communication.
4. Verify full-duplex data transfer capability.
5. Check hardware components for SPI support.
6. Refer to device documentation for SPI protocol details.
7. Use an oscilloscope or logic analyzer to monitor signal waveforms.
SPI Recon
Objective:
To gather information on the Microchip 25LC256 EEPROM by referencing its datasheet.
Description:
This lab session involves reviewing the datasheet of the 25LC256 EEPROM IC to comprehend various parameters such as chip size, maximum clock frequency, pinouts, and other relevant specifications.
Location:
<lab-dir>/labs/device-spi-lab-1
• The datasheet is available in this directory.
• Alternatively, it can be downloaded from the internet.
Steps:
1. Review the datasheet to determine the size of the EEPROM.
2. Identify the clock frequency specified in the datasheet.
3. Examine the datasheet for pin specifications of the EEPROM.
4. Locate information about Clock polarity and phase (CPOL and CPHA) in the datasheet.
5. Identify the SPI Read/Write/Write enable commands outlined in the datasheet.
SPI Read/Write using Bus Pirate
Objective:
To perform data read and write operations on the Microchip 25LC256 EEPROM using the Bus Pirate.
Description:
This laboratory session involves reviewing the datasheet of the 24LC256 EEPROM IC to comprehend the read-write commands. Through this understanding, we will be able to perform data read and write operations on the EEPROM effectively.
Location:
<lab-dir>/labs/device-spi-lab-1
• The datasheet is available in this directory.
• Alternatively, it can be downloaded from the internet.
Steps:
1. Interface with the Bus Pirate:
(a) Mount the EEPROM chip on the breadboard.
(b) Connect the Bus Pirate with the chip using jumper cables.
(c) Connect the following Bus Pirate pins to the respective SPI chip pins on the breadboard:
- MOSI to SI
- MISO to SO
- CLK to SCK
- CS to CS
- 5.0V/VPU to Vcc, WP, HOLD
- GND to GND
2. Connect the Bus Pirate to the laptop.
3. Identify the serial port of the Bus Pirate by typing the command "ls /dev/tty" in the terminal and pressing tab.
4. Open minicom:
- Manual setup mode: Type "sudo minicom -s" in the terminal.
- Direct command line mode: Type "minicom -D <dev_file_path> -b <baudrate>" (e.g., "minicom -D /dev/ttyUSB0 -b 115200").
5. In minicom, go to Serial port setup, set the correct serial device, and set the baud rate to 115200.
6. Configure the Bus Pirate in SPI mode:
- Enter "HiZ>m" to view the Mode menu.
- Select SPI mode (option 5 in BP V4 and V3.6).
- Choose SPI options: 4,1,2,1,2,2.
- Switch the power supply ON with "SPI>W".
- Switch the Pull-up resistors ON with "SPI>P".
- Set AUX to high with "SPI>A".
- View the Pins status with "SPI>v".
7. Use the instruction set from SPI Recon:
- Type [0x06] to enable chip select.
- Type [0x02] followed by the 16-bit address and data to write.
- Type [0x03] followed by the 16-bit address and "r:2" to read 2 bytes of data.
SPI Communication Sniffing
Objective:
To perform SPI communication sniffing using a logic analyzer.
Description:
During this lab session, we will explore the utilization of the Saleae Logic Analyzer on the DIVA board to intercept communication between the microcontroller and the SPI EEPROM memory.
Location:
<lab-dir>/labs/device-spi-lab-1
• The datasheet is available in this directory.
• Alternatively, it can be downloaded from the internet.
Steps:
1. Connect the Saleae Logic Analyzer to the DIVA board:
- Connect CH1 to CS (third pin from top)
- CH2 to SCLK
- CH3 to MOSI
- CH4 to MISO
- Connect the GND of the Saleae Logic to the GND of the DIVA board.
2. Connect the Saleae Logic Analyzer and DIVA board to the laptop using a USB A to mini B cable.
3. Open the Logic Analyzer software with root privileges on Drona.
4. Start minicom for the DIVA board.
5. Set the correct serial device name and baud rate to 9600.
6. Access the Analyzer option on the right side of the Logic software, select SPI, and assign the correct channel numbers for the corresponding wires.
7. Press Start on the Saleae Logic software and return to the DIVA board’s terminal.
8. In the terminal, enter ".h" for help and ".l" to list the challenges.
9. Enter 3 (for challenge 3) and type any incorrect password when asked. Then, click on stop in the logic software.
10. Analyze the sniffed data to obtain the password. The decoded protocol will be displayed on the bottom right. Hint: The sniffed data is an MD5 hash. Note down all the 32 bytes and try online MD5 crackers to attempt cracking the MD5. Once the correct password is entered, the LED will glow blue/green.