Differences

This shows you the differences between two versions of the page.

--- project:chipwhisperer:start [2019/01/13 21:25] – cracking AES key from power trace analysis abyssal
+++ project:chipwhisperer:start [2019/01/14 20:59] – [Links] using power analysis to break stuff abyssal
@@ Line 21: / Line 21: @@
 We will look at SW version 4.0.x, since 3.5 is old and 5.0 is alpha.
+===== Bugs =====
+Note that IDE and examples are buggy. A lot. Some of the things can be found out if you know python scripting, some are much more difficult. See notes below.
+One example that is tied to Plasma5 in Ubuntu 18.04 is that it sometimes needs no double-click for the script to execute. This was very confusing at the beginning, since you can only connect once with the connect script.
 ===== Links =====
@@ Line 26: / Line 32: @@
   * [[https://wiki.newae.com/CW1173_ChipWhisperer-Lite|Chipwhisperer Lite HW description]]
   * [[https://wiki.newae.com/Tutorial_Map|Chipwhisperer tutorials]]
+  * [[https://github.com/newaetech/chipwhisperer/tree/develop/hardware/capture/chipwhisperer-lite/pcb/eagle | Eagle schematics and board layout]]
+==== Related stuff ====
+  * [[https://is.muni.cz/th/dcv4s/bc.pdf | The use of a power analysis for influencing PIN verification on cryptographic smart card]]
+  * [[https://media.ccc.de/v/35c3-9563-wallet_fail | wallet.fail - using glitching and other side channels for extraction of secrets from Trezor 1 and Ledger Nano]]
+  * [[https://wiki.newae.com/Tutorial_A9_Bypassing_LPC1114_Read_Protect | Glitching LPC1114 to remove read protect]]
 ===== Chipwhisperer password cracking based on timing/power analysis =====
@@ Line 36: / Line 48: @@
 Note: there are bugs in the tutorial!!
+  - Do not put GO COMMAND (target.go_cmd) empty or without newline. It will cause endless loop of trigger because of timeouts, since the trigger in code wasn't reached. This will cause "Timeout in OpenADC capture" error. You need to reset the board, there are couple of buttons like "Reset DCMs", "Reset ADC DCM", "Reset CLKGEN DCM" and "Reset DCM" in "Scope Settings" tab. If everything fails, reset the board by unplugging it and restart the capture IDE.
+  - Depending on compiler, the timings in the attack scripts will be very different, and not necessarily multiple of a value, even though the part you are attacking is a for loop. A mathematical workaround like cross-corelation or a low-pass filter would work for this well, but are not covered in the tutorial
+  - Even then, you have to adjust the Y axis reading, might not work for the first time. The point is to adjust the Y axis value enough to check for wrong password, but not enough for the correct password letter. Takes time to fine out the value. Also settings in gain can influence this.
 ===== Chipwhisperer AES cracking =====
@@ Line 49: / Line 65: @@
 Note: there are bugs in the tutorial!!
+  - there seems to be some source code issue or compiler issue. The precompiled file code from chipwhisperer-4.0.4/hardware/victims/firmware/simpleserial-aes/simpleserial-aes-CWLITEXMEGA.hex seems to work right, but when you use "make", it won't generate response for some reason
+  - for the purpose of tutorial, use the precompiled file
+  - IMPORTANT: you need to save the project BEFORE capturing the samples and also AFTER capturing the samples, otherwise it will end up in some random default location. This is a known bug.
+  - TODO: some magic to find out what's wrong, since it affects all simpleserial protocol examples
+==== Viewing where the AES cracking results came from ====
+Looking at the place where results got from - click "Output vs Point Plot" and then select the bytes to show in the yellow rectangle:
+{{:project:chipwhisperer:chipwhisperer-cracking-aes-03.png?1200|}}