I bought a chipwhisperer pro Cw 1200 serveral years ago.
As now there are more and more USB devices to test I want to buy a PhyWhisperer-USB.
Can PhyWhisperer-USB perform anything that CW pro cannot perform?
And
The sampling rate of CW Pro might not be high enough for us, can CW pro/PhyWhisperer-USB be used with external oscilloscope?
Thank you for anyone reading this post!
PW-USB and CW-pro do completely different things, there really isn’t any overlap between the two (or any other of our products).
The primary function of PW-USB is to supply a stable time reference based on specific USB activity (chosen by you). That time reference can then be used by something else (like a CW-pro for example) as a trigger to conduct some side-channel attack; for example as a marker for glitching the USB target. So, if you’re familiar with our ChipWhisperer target firmware examples, you can think of PW-USB as the tool that provides the equivalent of trigger_high(), for arbitrary USB target devices.
The secondary function of PW-USB is to sniff USB traffic (and this can help support the primary function, i.e. you need to know what the USB traffic looks like before you target a specific USB event, command or transfer).
Once you’ve read the Github and Crowdsupply project pages, read Colin’s 2019 WOOT paper for some concrete examples of attacks that PW-USB can help with.
You can also look at our 3 example notebooks
that show how PW-USB is driven from Python and what you get from it.
Finally, on the sniffing and interpretation side, PW-USB hooks into ViewSB to parse the raw USB data. This Crowdsupply update has some screenshots of that.
I know this is a pretty general answer, but if you have more specific questions let us know!
Jean-Pierre
Hi Jean-Pierre,
Is it possible to do fuzzing on PW?
Could you use PW as protocol based trigger (e.g. UART, SPI, I2C) for CW-Lite?
Thanks
3
PW is a passive sniffer: it cannot inject or modify USB traffic, if that’s what you mean by fuzzing. If that’s what you need, other tools already do this well (facedancer, greatfet). As our crowdsupply project page states, we weren’t looking to replace those with PW.
As for triggering on other protocols, the PW hardware platform makes it possible, but it doesn’t exist yet – you’ll need to supply the software and gateware to make it happen. On the PW front panel there’s a connector with 8 general purpose digital I/O pins and one clock input, directly connected to the PW FPGA, for connecting arbitrary inputs. The idea is to allow you to transform PW-USB into PW-[whatever you want].
Jean-Pierre