I am trying to learn about Side channel attacks and am using the Chipwhisperer probe to perform DPA,
A friend of mine gave me Atmega 1284P chip to attack. I have soldered it to a board and am running a standard AES encryption (CBC mode).
However, I am not able to get results (key). I use the settings that were in the Notduino board. Is there something that I am missing or do I need to write a custom script?
Most of the tutorials work with AES in ECB mode. This means that the input to the block cipher is the plaintext. If your device is using CBC mode, the input to AES will be the plaintext XORed with the previous ciphertext.
Are you using the standard built-in attacks from the Analyzer? You might have to modify a few things to make the CBC attack work.
Yes i am capturing the the traces, I am not sure if they are at the exact moment. I think i capture the multiple cycles on the trace. The capture looks like
I figured out the clock setting on the Cw program was different than that of the Atmega chip. I kept both the same (20 HZ) now. the traces look like this now
Sorry for the slow answer from me - things have been crazy here this week!
Your first traces looked like they had an extremely small amplitude - thereâs almost no signal to see there. Your second set of traces have a much higher amplitude, so I think thatâs fixed.
In your most recent traces, are you showing three separate captures with the same settings? I would expect the traces to look almost identical. Thereâs also a âbeatâ effect in the traces. My guess is that youâve set your ChipWhisperer clock frequency to match the ATMegaâs clock frequency, but in reality the clocks are slightly different (ie: 20 MHz vs. 19.9 MHz).
You should try to fix these clock issues to make this attack work. One way to do this is to connect the ATMega clock to the ChipWhispererâs EXTCLK input and use this signal as the ADC clock. Another way is to remove the ATMega clock source and drive it with the ChipWhispererâs clock output instead.
The attacks should work with binary input (instead of UART) because we donât really care about the data transmission - youâre just interested in watching the power consumption while the target is running the encryption. As long as you can get consistent power traces that include the first AES round, you should be able to get your attack working.
Thank you for the reply. Worked towards driving it from external clock. I was a bit confused because I was following the tutorial in which we give an input text and the encrypted output is received.
I am trying to setup the scenario for the binary, however I am not able to capture the traces. Can the Target settings be âbypassedâ or do i need to use the Rx Tx. Right now I wrote a simple encryption on the Atmega to send messages over UART and am struggling a bit to receive messages on the chipwhisperer.
What are you doing on your Atmega? Where are the plaintexts coming from?
UART is definitely the easiest thing to use (as long as you can get it working on the target). You canât totally bypass the TX/RX because you need to get the plaintexts somehow - you canât do a side channel attack unless you have these.
I think I need to explain a bit on what Iâm doing.
The aim is to get keys out of an Atmega board. The board takes a binary as an input on the serial link (no text). There are not much operations the board does - other than responding to serial instructions like âaâ , âbâ , âcâ
To know the system better, I tried to recreate the Xmega tutorial, tried to port the code to work with the atmega board (its still not in perfect working condition, but Iâm working on it), I did this to see if Iâm doing the right thing and all the connections are in place.
So right now I wanted to use this information to extract keys.
At the moment I used the external clock from atmega crystal by selecting the option under ADC clock -> Souce = EXTCLK Direct. I am getting pretty good signals, however the capture M isnt working.
OK - so the plaintext/ciphertext get sent as 16 raw bytes instead of 32 characters. You should be able to work with that. Iâm not sure whatâs wrong with your Capture Many⌠the traces should look the same as the Capture 1 samples. Lots of things could be a bit off - maybe your plaintexts arenât getting sent properly or your trigger signal isnât working.
Alright, debugging that.
Thank you.
Also, will I be able to use ATMEGA 328 Hex files for the 1248 or change the code for 1248 ? Iâm not able to run the encryption over the chip, Iâm essentially re writing the code.
Are you still trying to use SimpleSerial? It must be complaining about receiving characters that it doesnât expectâŚ
You can write your own target class to use in CWCapture. Check out chipwhisperer/software/chipwhisperer/capture/targets. The _base.py file shows which methods you need to write and the SimpleSerial.py file shows how itâs done for the SimpleSerial protocol. You could take out a bunch of the error checking and just send your plaintext/key as 16 bytes, but youâll still need to signal to the target which one is which!
I did follow your intstructions, was unable to perform the attacks.
So i look a step backward and ported the chipshisperer XMega example on the chip (running at 20 Mhz). Now the setup runs fine and I able to get the text in / out.
However, I am not able to extract the keys. I tried using the extclk input from the Atmega board, however, the setup seems to stop working if I do so i.e. the chip does not give me the output text.
The other thing that happens is that the correct key bytes do come to the top, but they go down again. I had a look at the PGE vs Trace plot, it is quite random.