Capturing Power Traces from an Arduino Uno board using CWLite1173

SamarShukry · December 2, 2021, 2:08pm

Hello,

My name is Samar Mohamed and I am working on a project that requires capturing power traces using ChipWhisperer with external target boards. I am currently using the CWLite1173 and my target is an Arduino Uno board (Joy-it, R3DIP).

As far as I know, only two connections are needed between the capture board and the Arduino board. Pin 16 in the capture board is connected to Pin 12 in the Arduino board for the Trigger. The Vin of the Arduino board is supplied with 5 V from an external DC power supply and I inserted a resistor of 1 ohm between their grounds. The Measure cable of the capture board is connected across the R terminals.

I uploaded the below code on the Arduino board but I got completely non-sense traces.

void setup() {
pinMode(12, OUTPUT);
digitalWrite(12,HIGH);
Serial.begin(9600);
}

void loop() {
byte array1[100] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100};
byte array2[100] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100};
int i;
int q;
byte sum [50];
for (int j = 0; j < 1000000000000; j++){
for(i=0; i < sizeof(array1) ; i++){
for (q = 0; q < sizeof(array2); q++){
sum[i] += array1[i] * array2[q];
}
}
for (i=0; i < sizeof(sum) ; i++){
Serial.println(sum[i]);
}
}
}

I tried to capture 6 times, each time I power off the DC power supply, arm the capture board, switch on the DC power supply, and finally capture the trace. The captures are in the attached link and I believe that they are all wrong but I don’t know the reason.

In the Jupyter file:
import chipwhisperer as cw
scope = cw.scope()
target = cw.target(scope)
scope.default_setup()
scope.clock.clkgen_freq = 6000000
scope.clock.adc_src = “clkgen_x1”
scope.adc.samples = 5000
scope.arm()
ktp = cw.ktp.Basic()
key, text = ktp.next()
trace1 = cw.capture_trace(scope, target,text).wave
%matplotlib notebook
import matplotlib.pylab as plt
plt.figure()
plt.plot(trace1,‘b’)
plt.show()

Kindly I need help urgently.

[Captures]:

(https://drive.google.com/drive/folders/1GNlUUfESRI7Jmr0Cs8nzO5438Hc0vFpf?usp=sharing)

jpthibault · December 2, 2021, 2:18pm

How is the CW-lite communicating with the Arduino? Typically, the CW-lite has a serial communication link with the target, in order to provide the target with inputs (e.g. key and text) and tell it to “go”.

We make our own Arduino-like target, you might find it useful to review this and get a better understanding of what’s required: CW304 Notduino Target - NewAE Hardware Product Documentation

Finally if you search this forum for “Arduino” you’ll find that you’re not the first person to attempt this, and you will find many answers to questions around this

SamarShukry · December 2, 2021, 2:23pm

Thank you so much for the quick response.

I will do so for sure. I thought that I am the one who controls the “go command” of the target board by powering it on and off manually to set the trigger line high then capture.

jpthibault · December 2, 2021, 2:31pm

Well that is one way to do it, however most of what would might do with ChipWhisperer requires hundreds of traces or more… With CW-lite controlling the target, this can be done in seconds. Also, attacks usually require having the target process different inputs for each trace, with CW-lite providing those variable inputs to the target.

Jean-Pierre

SamarShukry · December 2, 2021, 2:46pm

So, after having this serial link-up between the capture and the target board, I can let the capture board program the target board with whatever code I require as a modified firmware such that the inputs are controlled by the capture board. i.e. I won’t use the Arduino IDE but instead the python executable blocks in the jupyter file. did I get that right? But if so, I should install certain compilers and programmers for the make command to match the Arduino board, right?

jpthibault · December 2, 2021, 3:05pm

You can use whichever IDE you prefer.
What you will have to change to your Arduino code, however, is to add code to handle the serial link. Previous forum topics cover this. I strongly recommend hoing over some of our Jupyter tutorials using one of our “normal” targets first, to gain an understanding of how all this is supposed to work.