I’m trying to crack a simple XOR on a PIC32MX as a warm-up exercise.
What I have:
- Test code with 32bit XOR with both values parsed from serial
- Good trigger, also the XOR operation is surrounded with nops for better isolation.
- The PIC32MX has internal regulation, I use extensive filtering on the 3v3 rail, I found overpowering the VCAP pin externally trough a shunt and measuring on the pin gives the least amount of noise.
- If I test using the key as plain-text, then flip all the bits, i can clearly see the POI and have good repeatably.
- Target is clocked from chipwisperer, ADC clock is x4
Now the problems:
- Being a 32 bit system the Hamming weight has significantly more levels.
- The SNR for a single bit is too poor.
- The built in XOR cracking fails me.
Anybody has experience with PIC32MX devices? Should I just average thousands of traces for the same input and attack bit by bit? May differential probing help in this case?
Before i move on to other algorithms i want this XOR down.