Chipwhisperer

Template project:chipwhisperer:infobox not found. [Click here to create it]

Introduction

This project covers (differential) power analysis, timing attacks and glitch/fault attacks using Chipwhisperer Lite board.

We will look at SW version 4.0.x, since 3.5 is old and 5.0 is alpha.

Bugs

Note that IDE and examples are buggy. A lot. Some of the things can be found out if you know python scripting, some are much more difficult. See notes below.

One example that is tied to Plasma5 in Ubuntu 18.04 is that it sometimes needs no double-click for the script to execute. This was very confusing at the beginning, since you can only connect once with the connect script.

Schematics and board layouts

Schematics and board layouts can be viewed under the chipwhisperer checked out directory, in various directories (victims, tools, etc). There are .sch, .brd and generated .pdf files for schematics.

Chipwhisperer password cracking based on timing/power analysis

An example screenshot of guessing the password for XMEGA target program from power traces

Tutorial link: https://wiki.newae.com/Tutorial_B3-1_Timing_Analysis_with_Power_for_Password_Bypass

Note: there are bugs in the tutorial!!

  1. Do not put GO COMMAND (target.go_cmd) empty or without newline. It will cause endless loop of trigger because of timeouts, since the trigger in code wasn't reached. This will cause “Timeout in OpenADC capture” error. You need to reset the board, there are couple of buttons like “Reset DCMs”, “Reset ADC DCM”, “Reset CLKGEN DCM” and “Reset DCM” in “Scope Settings” tab. If everything fails, reset the board by unplugging it and restart the capture IDE.
  2. Depending on compiler, the timings in the attack scripts will be very different, and not necessarily multiple of a value, even though the part you are attacking is a for loop. A mathematical workaround like cross-corelation or a low-pass filter would work for this well, but are not covered in the tutorial
  3. Even then, you have to adjust the Y axis reading, might not work for the first time. The point is to adjust the Y axis value enough to check for wrong password, but not enough for the correct password letter. Takes time to fine out the value. Also settings in gain can influence this.

Chipwhisperer AES cracking

An example screenshot of trace analysis of AES enryption to get the right AES key (note: the AES version in Chipwhisperer has reduced round count due to export restrictions, but it does not matter for the procedure):

Tutorial link: https://wiki.newae.com/Tutorial_B5_Breaking_AES_(Straightforward)

Note: there are bugs in the tutorial!!

  1. there seems to be some source code issue or compiler issue. The precompiled file code from chipwhisperer-4.0.4/hardware/victims/firmware/simpleserial-aes/simpleserial-aes-CWLITEXMEGA.hex seems to work right, but when you use “make”, it won't generate response for some reason
  2. for the purpose of tutorial, use the precompiled file
  3. IMPORTANT: you need to save the project BEFORE capturing the samples and also AFTER capturing the samples, otherwise it will end up in some random default location. This is a known bug.
  4. TODO: some magic to find out what's wrong, since it affects all simpleserial protocol examples

Viewing where the AES cracking results came from

Looking at the place where results got from - click “Output vs Point Plot” and then select the bytes to show in the yellow rectangle:

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki