# Lab 4 README.pdf

### **Lab 4 Partners**

Mark Lee, 36183168

Seyed-Ebrahim Mir-Mohammadsadeghi, 84477686

### **Break Down**

#### 1. Directory path of SOF and solution:

rtl/output\_files/rc4.sof rtl/output\_files/Chain1.cdf

#### 2. Status

Everything in the lab is working, and according to the provided instructions. There are some caveats, however, as we will discuss below.

#### Task 1:

Write 00 to FF in a RAM block – Check

#### Task 2:

- Write a single decryption core Check
- Decrypt messages based on switches for key Check

Note: the code looks for an MIF file under "rtl/message.mif", and not "rtl/secret\_messages/..."

#### Task 3:

- Cycle from key 24'h000\_000 to 24'hFFF\_FFF or until code is cracked Check
- Display key on hex display Check
- Success/Failure LEDS Check
- Check for valid characters Check
  - The code immediately exits the loop upon an invalid character to save time
  - This is a superiour method time-wise compared to completing the decryption and comparing each index at the end.

#### Task 3 With Bonus:

• Use 4-cores simultaneously – Unfortunately not functional

#### 3. Annotated simulation screenshots as required by the lab

The screenshots are organized from top to bottom and in chronological order. These can be found lower in the document.

#### 4. Information on how to run the simulations

The simulations use imitation RAM and ROM blocks written in Verilog, since the original RAM and ROM do not compile in ModelSim. The code for these imitation blocks were provided with permission by Justin Chang. This code is not used anywhere in the actual project.

For testbenching we used one massive testbench called task3\_TB.sv.

#### 5. Any additional information

Modules were created, and each has their own respective file. These files were called upon by the main "ksa.sv" file.

- "task1 fsm.sv" for task 1, the code is recycled in later stages, but not used directly
- "task2a\_fsm\_ebi\_ver.sv" for tasks 2, 3, and 3 with bonus
- "task2b fsm crack.sv" for tasks 2, 3, and 3 with bonus
- "task2 fsm" which handles the task2a and task2b
- "decrypted msg.v" for the ROM containing the output information
- "encrypted msg.v" for the RAM containing the input information
- "task3\_fsm.sv" which handles the task2 with an fsm of its own.
- "task3 bonus fsm.sv" which handles the task2 with an fsm of its own.

There are rigorous comments in each code module that may be helpful for understanding the "what" & "why"s of the code.

Please note that comments containing "//&?&" is just a shorthand that I use to CTRL-F to areas in the professor's code that requires adjustment.

# **Annotated Screenshots**

Each FSM here is shown.

Most of these images are from the simulation of brute force on message 1, it has a small key, which makes simulating it being cracked on ModelSim far more tolerable on my computer.

task3\_fsm

This FSM's order is "ITERATE\_KEY", then "WAIT\_ITERATE", "DECRYPT\_KEY", and loop around until the process has been completed. However the first "ITERATE\_KEY" state is skipped, so that the all zeros key is not ignored as a possibility.



After "WAIT\_ITERATE" comes the "DECRYPT\_KEY" state, where all the subsequent FSMs get called. Naturally, this is the state that this FSM stays in the longest.



If the decryption fails for that particular key, we then iterate the key.



This overall process is continually repeated.



Over and over again.

| 000000   | (00000 | 1 )(   | 0000 | 002  | 00000 | 3   | 000004   | 000005      | 000006   | 000007   | 00 | 0008  | 0000 | 09   | 000008  |    | 00000b   | 00000c      | 00000d      |
|----------|--------|--------|------|------|-------|-----|----------|-------------|----------|----------|----|-------|------|------|---------|----|----------|-------------|-------------|
| 11       | (11    |        | 11   |      | 11    |     | 11       | 11          | 11       | 11       | 1  |       | 11   |      | 11      |    | 11       |             | <u>)</u> 11 |
| 00 00 00 | (0100  | 00 )(  | 020  | 0 00 | 03 00 | 00  | 04 00 00 | 05 00 00    | 06 00 00 | 07 00 00 | 08 | 00 00 | 09 0 | 0 00 | 0a 00 ( | 00 | 0b 00 00 | 0c 00 00    | 00 00 00    |
|          |        |        |      |      |       |     |          |             |          |          | L  |       |      |      |         |    |          |             |             |
| DECRYP   | (DECR) | PΤ )(I | DEC  | RYPT | DECR) | (PT | DECRYP.  | <br>DECRYP  | DECRYPT  | DECRYP   | DE | CRYPT | DEC  | RYPT | DECRY   | РТ | DECRYPT  | <br>DECRYPT | DECRYPT     |
| DECRYP   | DECR   | PT (I  | DEC  | RYPT | DECR  | PT  | DECRYP.  | <br>DECRYPT | DECRYPT  | DECRYP   | DE | CRYPT | DEC  | RYPT | DECRY   | РТ | DECRYP   | DECRYPT     | DECRYPT     |

Let's now go back to the fact that this FSM simply manages others.

This FSM is a very simple one, immediately after starting, it calls the decryption core and makes it start with the key it provides (and iterates).



Once the decryption module (task2\_fsm) completes its work, it sends a "done\_decrypt" signal, and the task3\_fsm enters its "FINISH" state, where RAM is suspended and unchanged.



#### task2\_fsm

This is nominally labelled "fsm" but it is simply a collection of wires, regs, and muxes to handle the combination of task2a\_fsm and the task2b\_fsm. And does not have any states.

#### task2a\_fsm

The task2a fsm does not use iterator\_k, the wire is from a slightly previous version of the code, which has been removed. The code has been tweaked for extra wires such as these.



The task2a\_fsm starts by doing the first loop, and by placing the values into S\_memory. During this process, the value of "q" is irrelevant to us so it is seen as don't cares.



Once the S\_memory has been filled from 00 to FF, it continues onto the second loop. Here the values of iterator\_i and iterator\_j are incremented, and then the swap\_ij\_fsm is called.



From a more zoomed in perspective we can see that while this FSM is in the SWAP\_IJ\_LOOP\_2 state, the swap\_fsm is changing values.



After the swap\_ij\_fsm finishes, the task2a\_fsm iterates iterator\_i, waits, iterates iterator\_j, waits again, and then calls the swap\_ij\_fsm once more.



This process is repeated until loop\_2 is completed. Where we can see the finish\_FSM\_1 wire is set high.



#### task2\_swap\_ij\_fsm

As mentioned earlier this fsm is used in both task2a and task2b. Here it is held in a suspended state until it is told to start.



Here we can see that "fsm\_reset" was disabled, and "fsm\_start" was enabled. Immediately we exit the "IDLE" state and give the S\_memory time to gather the necessary information while in the "START" and "WAIT\_START" states. "IDLE" initializes values, "START" increments a counter for number of cycles to wait, and "WAIT\_START" restarts that counter, so that the next state can use the same reg for its own counter.



After the value from location s[i] is saved, we go to the location for s[j] and saved that value as well. We then place the value from s[j] into the location at s[i] in the "SWAP I" state.



Then the earlier value from s[i] is placed in the location at s[j] in the "SWAP\_J" state. After a wait state, the swap\_ij\_fsm is finished, and is ready to be reset and called again.

The below image is spliced down the middle (at the yellow bar) for easier viewing.



An FSM diagram has been included at the end of the document for the swap\_ij\_fsm.

#### task2b\_fsm

We start in the "START" state,



Here all our values are initialized to be zeros.



momentarily the finish\_FSM\_1 signal comes in, and the FSM starts iterating through loop 3.



Here the FSM goes into ITERATE I, WAIT FOR I, ITERATE J, WAIT FOR J,

| STA | RT |           | ITERATE I | WAIT FOR |           | ITERATE J | WAIT FOR | ) |
|-----|----|-----------|-----------|----------|-----------|-----------|----------|---|
| STA | RT | ITERATE I | WAIT FOR  | ī        | ITERATE J |           |          |   |
|     |    |           |           |          |           |           |          |   |

and then SWAP IJ.

| WAIT FOR | J |         | SWAP IJ |  |  |
|----------|---|---------|---------|--|--|
| 1        |   | SWAP II |         |  |  |
|          |   |         |         |  |  |

We then retrieve the information from the encrypted RAM in the "RETRIEVE K" state.



From there the value for k is used to access a location in memory in both the RAM and ROM. The moment where the encrypted memory is first called and q\_m becomes valid is apparent.

| ) \(\frac{1}{2}\) | (00 ) (f5     | (00 ) (7d )(00 )                      | (14 (00 ) (f1                           | (00 ) (87 )(00 ) )       | 29 (00 ) (56                             |
|-------------------|---------------|---------------------------------------|-----------------------------------------|--------------------------|------------------------------------------|
|                   | Xt .          | h (i                                  | ,s                                      | Д (с                     | χο (                                     |
|                   | (8f           | 7a (a9                                | (38                                     | X73 X5f                  | 87                                       |
|                   |               |                                       |                                         |                          |                                          |
| 0000001           | (00000010     | X0000011 X 000001                     | 00                                      | XX 00000110 XX 00000111  | X X 0000 1000                            |
|                   | Xo X X X      | (0)()()()()()()()()()()()()()()()()() | XX X0 XXXX                              | Xo X X X X Xo X X X      | (O (XXXX                                 |
|                   |               |                                       |                                         | $\Box$                   | $\uparrow$                               |
|                   |               |                                       |                                         |                          |                                          |
|                   |               |                                       |                                         |                          |                                          |
|                   |               |                                       |                                         | (#XX)(SWAP I) (#XX)(SWAP | IJ (XXX)(SWAP IJ (X                      |
| XXXSWAP IJ XX     | WXXSWAP IJ XX | (X)(SWAP IJ )(W)X)(SWAF               | IJ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | WXXSWAP IJ XWXXSWAP I    | I) ()()()()()()()()()()()()()()()()()()( |

Eventually the decryption is completed.



and we can see the "done\_decrypt" signal is set high.



As well as the result.



# Messages

## Messages 1-3,

Key = 249: "this course is my favourite "

Key = 3FF: "congratulations on task two

Key = 2AA: "ubc elec and comp engineering"

## Message 4, Key: 087B2D



# Message 5, Key: 04000C



## Message 6, Key: 000000



Message 7, Key: 02640F



## Message 8, Key: 3FFFF



# Reference

# SWAP\_IJ\_FSM Diagram

Reset has not been drawn on all states for the sake of visual simplicity. In the actual desing, the FSM can be reset at any moment.

