Cannot run Fault Attack on RSA

Embedded Security Glitching
1

Hello,
I am trying to run the Lab 2_1 from the fault201 folder. I ran the previous labs, and I think I have a decent grasp of how glitching works, but I am having issues with this particular experiment.
I am working with ChipWhisperer Lite and the STM32F3 target. The issue happens in my glitch loop. I modified the code to detect valid and invalid outputs (very basic stuff):

from tqdm import tnrange
import time
for i in tnrange(7000000, 7100000): #look for something kind of near the end
    scope.glitch.ext_offset = i
    scope.adc.timeout = 3
    target.flush()
    scope.arm()
    target.simpleserial_write("t", bytearray([]))

    ret = scope.capture()
    if ret:
        print('Timeout happened during acquisition')

    time.sleep(2)
    if SS_VER=='SS_VER_2_1':
        output = target.simpleserial_read_witherrors('r', 128, timeout=100, glitch_timeout=1)
    else: 
        output = target.simpleserial_read_witherrors('r', 48, timeout=100, glitch_timeout=1)
    if not output['valid']:
        print("crash") #we can't really do anything here - we need the full signature back
        #reboot_flush()
    else:
        if output['payload'] != goldensig: #detect if the calculation was messed up
            # call the faulty signature whatever you want
            # but we'll assume it's called sig for the rest of the lab
            sig = output['payload']
            print("fault detected!")
            break
        else:
            print("no fault detected")
            pass # normal operation, nothing special

Whenever I try to run this loop, I get a few “normal operation” cycles, then I get to the first “crash” cycle. From there the devices seems to never reboot properly. I get this error over and over.

WARNING:ChipWhisperer Scope:Timeout in OpenADC capture(), no trigger seen! Trigger forced, data is invalid. Status: 0f
WARNING:ChipWhisperer Scope:Timeout in OpenADC capture(), no trigger seen! Trigger forced, data is invalid. Status: 0e

I tried adding a reboot_flush() call after invalid output detection, but the device still gives me the same error. I even tried powering off the device, but it keep being stuck. Only way to recover normal operation is to flash the firmware again.
I suspect there is something wrong with the firmware, but I wanted a confirmation from you guys before messing it up even more.

Thanks in advance for any help.

2

Hi,

I don’t think I’ve seen a microcontroller really do this before. Generally, clock/voltage glitching tends to be pretty safe against this sort of thing because you need to go through some internal registers in order to write/erase the flash memory. Just to make sure, if you turn the glitch off, do you still see the crash?

Alex

3

I fixed the issue by adding a delay after the reboot function.
The problem is I still cannot glitch the RSA successfully, I only get crashes or normal operation.
How can you find the best glitch settings, considering how slow the RSA algorithm is?
The loop used in AES would take ages, so it is not suitable. Do you have any suggestion?

4

I’d recommend collecting width/offset settings that work in the other lab and trying those. Also, how long did you iterate through ext_offset for? The glitch isn’t too picky about location, but I’d say let it run for a good 10-20 minutes just to be sure.

Alex

5

I am facing same issue and tried out many methods mentioned in different forum’s. But still I am getting this error, any idea why?