I’m working on the notebook “H-Field Probe Demo 1 (with CPA)”, and after many captures where I only found noise with no recognizable pattern, I’ve finally spotted what I believe to be the 10 AES rounds—almost similar to what I see in shunt-based captures.
I can’t increase the gain further because the peaks start clipping, and even with 800 captures, the CPA doesn’t recover a single byte of the key (not even the first 5 positions).
My question is: since there isn’t much information available about H-field probe captures, should I:
Fine-tune the setup to get a trace with a fatter signal with less spikes, or
Focus on finding a point where the spikes around each round become even clearer?
Nice, I will try with TVLA… wasn’t aware of that tip because I didn’t got the correct key yet so didn’t go further on the notebook, and that tip was on ‘next steps’ so I didnn’t saw it, thanks!!!
I’m on the rigth path thinking on search for patterns that are both stable between each other and “similar” to the capture done with shunt? that in this case would be to “see” the 10 aes rounds followed by the noise of the idle after them, isn’t?
Thanks for your previous response. I’ve reviewed the H-Probe Usage wiki page and the video multiple times. While helpful as an introduction, I’m still trying to clarify some points
I’m trying to understand the best approach for identifying exploitable patterns.
Specifically, should I be primarily looking for:
Recurring patterns formed by groups of peaks, even if the exact vertical position of these peaks varies slightly across different captures? As the ones I pointed at in the first message
Or should I focus more on identifying captures where peaks consistently appear at the exact same vertical position, even if these peaks don’t immediately form recognizable pattern like n this capture
For example, in this image I see the upper skipes forming 10 groups that occur at roughly the same distance across captures… While the individual spikes within these groupings might not fall at the exact same horizontal position in each trace, the consistent spacing of these peak groupings (which aligns with the number of AES rounds) made me think this could be a relevant point.
Thanks in advance for your help, knowing where to focus will help me to undertsand this topic better…
I’m precisely asking about the probe positioning in relation with the graph displayed, and what to search on that graph… don’t undertand why do you mention clipping, there is no clipping on any of the images, isn’t?
All this spikes close to 0.4 are not shifting between traces, they can vary on high but not move, this is consistent on the 35000 traces of the capture and among other captures, the other spikes that you can see emerging from the main noise are random ones
This time and with 1000 captures DPA is statring to show someting, but didn’t success
DPA requires more traces. Our Lab 3_3 notebook uses 2500 traces for shunt-based measurements. If your goal is to find a good probe position, I’d use something that requires fewer traces to succeed, like the CPA attack.
