Hi everyone!
I’m having some issues launching captures with a cwnano. For the following I used
Lab 2_1A - Instruction Power Differences (HARDWARE)
for simplicity.
Here’s some context:
- cwnano with the latest FW (0.30.0)
- jupyter notebooks installed following the standard procedure, develop branch
- chipwhisperer package installed using
python3 -m pip install chipwhisperer=5.5.2
(the version having issues) - chipwhisperer package installed using
python3 -m pip install chipwhisperer=5.5.0
(the version working correctly)
Here’s the steps of the notebook:
SCOPETYPE = 'CWNANO'
PLATFORM = 'CWNANO'
VERSION = 'HARDWARE'
if VERSION == 'HARDWARE':
%run "Lab 2_1A - Instruction Power Differences (HARDWARE).ipynb"
elif VERSION == 'SIMULATED':
%run "Lab 2_1A - Instruction Power Differences (SIMULATED).ipynb"
Response (simplified):
INFO: Found ChipWhisperer😍
Detected known STMF32: STM32F03xx4/03xx6
Extended erase (0x44), this can take ten seconds or more
Attempting to program 4671 bytes at 0x8000000
STM32F Programming flash...
STM32F Reading flash...
Verified flash OK, 4671 bytes
wave = capture_trace()
print("✔️ OK to continue!")
Response (complete)
---------------------------------------------------------------------------
KeyError Traceback (most recent call last)
~/.local/lib/python3.8/site-packages/usb/core.py in get_interface_and_endpoint(self, device, endpoint_address)
237 try:
--> 238 return self._ep_info[endpoint_address]
239 except KeyError:
KeyError: None
During handling of the above exception, another exception occurred:
TypeError Traceback (most recent call last)
<ipython-input-3-ddeeb98120be> in <module>
----> 1 wave = capture_trace()
2 print("✔️ OK to continue!")
<ipython-input-2-812ac6508b7e> in capture_trace(_ignored)
2 ktp = cw.ktp.Basic()
3 key, text = ktp.next()
----> 4 return cw.capture_trace(scope, target, text).wave
~/.local/lib/python3.8/site-packages/chipwhisperer/__init__.py in capture_trace(scope, target, plaintext, key, ack)
336 target.simpleserial_write('p', plaintext)
337
--> 338 ret = scope.capture()
339
340 i = 0
~/.local/lib/python3.8/site-packages/chipwhisperer/capture/scopes/cwnano.py in capture(self)
694 return True
695
--> 696 self._lasttrace = self._cwusb.cmdReadMem(0, self.adc.samples)
697
698 # can just keep rerunning this until it works I think
~/.local/lib/python3.8/site-packages/chipwhisperer/hardware/naeusb/naeusb.py in cmdReadMem(self, addr, dlen)
799
--> 800 return self.usbseralizer.cmdReadMem(addr, dlen)
801
802 def cmdWriteMem(self, addr, data):
~/.local/lib/python3.8/site-packages/chipwhisperer/hardware/naeusb/naeusb.py in cmdReadMem(self, addr, dlen)
202 cmdpacket = self.make_cmd(self.CMD_READ_MEM, payload)
203
--> 204 return self.process_rx(self.txrx(tx=cmdpacket))
205
206 def cmdWriteMem(self, addr, data):
~/.local/lib/python3.8/site-packages/chipwhisperer/hardware/naeusb/naeusb.py in txrx(self, tx)
311 addr = payload[0]
312 dlen = payload[1]
--> 313 response = self.cmdReadMem(addr, dlen)
314 naeusb_logger.debug("CMD_READ_MEM: addr: {:08X}, dlen: {:08X}, response: {}".format(addr, dlen, response))
315 elif cmd == self.CMD_WRITE_MEM:
~/.local/lib/python3.8/site-packages/chipwhisperer/hardware/naeusb/naeusb.py in cmdReadMem(self, addr, dlen)
531 # Get data
532 if cmd == self.CMD_READMEM_BULK:
--> 533 data = self.usbdev().read(self.rep, dlen, timeout=self._timeout)
534 # XXX Husky debug:
535 naeusb_logger.info('YYY BULK rep=%d, dlen=%d, got len=%d' % (self.rep, dlen, len(data)))
~/.local/lib/python3.8/site-packages/usb/core.py in read(self, endpoint, size_or_buffer, timeout)
1011 }
1012
-> 1013 intf, ep = self._ctx.setup_request(self, endpoint)
1014 fn = fn_map[util.endpoint_type(ep.bmAttributes)]
1015
~/.local/lib/python3.8/site-packages/usb/core.py in wrapper(self, *args, **kwargs)
111 try:
112 self.lock.acquire()
--> 113 return f(self, *args, **kwargs)
114 finally:
115 self.lock.release()
~/.local/lib/python3.8/site-packages/usb/core.py in setup_request(self, device, endpoint)
227
228 print(f"This is your endpoint: {endpoint_address}")
--> 229 intf, ep = self.get_interface_and_endpoint(device, endpoint_address)
230 self.managed_claim_interface(device, intf)
231 return (intf, ep)
~/.local/lib/python3.8/site-packages/usb/core.py in wrapper(self, *args, **kwargs)
111 try:
112 self.lock.acquire()
--> 113 return f(self, *args, **kwargs)
114 finally:
115 self.lock.release()
~/.local/lib/python3.8/site-packages/usb/core.py in get_interface_and_endpoint(self, device, endpoint_address)
244 return intf, ep
245
--> 246 raise ValueError('Invalid endpoint address ' + hex(endpoint_address))
247
248 @synchronized
TypeError: 'NoneType' object cannot be interpreted as an integer
The problem is solved if I override the 5.5.2 version with 5.5.0 with
python3 -m pip install chipwhisperer==5.50
, reloading jupyter kernel is sufficient.
I tried printing the endpoint address, I obtain the integer 129, which matches to
bEndpointAddress 0x81
reported below.
Here’s the output of lsusb -v
related to the cwnano I’m using (3 cwnanos are present attached to the server, I’m addressing the one in use using its SN)
Bus 002 Device 083: ID 2b3e:ace0 NewAE Technology Inc.
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.10
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x2b3e NewAE Technology Inc.
idProduct 0xace0
bcdDevice 1.00
iManufacturer 1 NewAE Technology Inc.
iProduct 2 ChipWhisperer Nano
iSerial 3 533331003257394c3130313036313036
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0062
bNumInterfaces 3
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 400mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Interface Association:
bLength 8
bDescriptorType 11
bFirstInterface 1
bInterfaceCount 2
bFunctionClass 2 Communications
bFunctionSubClass 2 Abstract (modem)
bFunctionProtocol 1 AT-commands (v.25ter)
iFunction 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 1 AT-commands (v.25ter)
iInterface 0
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x02
line coding and serial state
CDC Union:
bMasterInterface 1
bSlaveInterface 2
CDC Call Management:
bmCapabilities 0x03
call management
use DataInterface
bDataInterface 2
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 16
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 2
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x85 EP 5 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x06 EP 6 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Binary Object Store Descriptor:
bLength 5
bDescriptorType 15
wTotalLength 0x0021
bNumDeviceCaps 1
Platform Device Capability:
bLength 28
bDescriptorType 16
bDevCapabilityType 5
bReserved 0
PlatformCapabilityUUID {d8dd60df-4589-4cc7-9cd2-659d9e648a9f}
CapabilityData[0] 0x00
CapabilityData[1] 0x00
CapabilityData[2] 0x03
CapabilityData[3] 0x06
CapabilityData[4] 0xae
CapabilityData[5] 0x00
CapabilityData[6] 0x01
CapabilityData[7] 0x00
cant get debug descriptor: Resource temporarily unavailable
Device Status: 0x0000
(Bus Powered)
I’m reporting also the hub hierarchy in case could be related to the issue (lsusb -t
):
/: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/8p, 480M
|__ Port 1: Dev 37, If 0, Class=Hub, Driver=hub/4p, 480M
|__ Port 1: Dev 82, If 0, Class=Vendor Specific Class, Driver=, 12M
|__ Port 2: Dev 83, If 1, Class=Communications, Driver=cdc_acm, 12M
|__ Port 2: Dev 83, If 2, Class=CDC Data, Driver=cdc_acm, 12M
|__ Port 2: Dev 83, If 0, Class=Vendor Specific Class, Driver=usbfs, 12M
where
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 8087:8002 Intel Corp. 8 channel internal hub
Bus 002 Device 037: ID 0bda:5411 Realtek Semiconductor Corp. RTS5411 Hub
Bus 002 Device 083: ID 2b3e:ace0 NewAE Technology Inc.
<-- The one I’m connecting to
Bus 002 Device 082: ID 2b3e:ace0 NewAE Technology Inc.
I hope this helps, it seems like pyusb or libusb not forwarding the correct endpoint address. I thought this could be related to user permissions but I’m in the dialout group, the udev rules are set correctl and
ll /dev/bus/usb/002/083
shows
crw-rw-r-- 1 root dialout 189, 210 Jun 16 10:32 /dev/bus/usb/002/083
Finally:
apt list libusb-dev
libusb-dev/groovy,now 2:0.1.12-32 amd64 [installed]
Let me know if I should report this as an issue on github!
PS: I just noticed that with version 5.5.2 connecting the cw with the standard code you provide does NOT print the baud rate of the board, something that happens with 5.5.0
W/ 5.5.0:
...
STM32F Reading flash...
Verified flash OK, 4671 bytes
Serial baud rate = 38400
w/ 5.5.2:
...
STM32F Reading flash...
Verified flash OK, 4671 bytes