I am trying to learn about Side channel attacks and am using the Chipwhisperer probe to perform DPA,
A friend of mine gave me Atmega 1284P chip to attack. I have soldered it to a board and am running a standard AES encryption (CBC mode).
However, I am not able to get results (key). I use the settings that were in the Notduino board. Is there something that I am missing or do I need to write a custom script?
Most of the tutorials work with AES in ECB mode. This means that the input to the block cipher is the plaintext. If your device is using CBC mode, the input to AES will be the plaintext XORed with the previous ciphertext.
Are you using the standard built-in attacks from the Analyzer? You might have to modify a few things to make the CBC attack work.
Sorry for the slow answer from me - things have been crazy here this week!
Your first traces looked like they had an extremely small amplitude - there’s almost no signal to see there. Your second set of traces have a much higher amplitude, so I think that’s fixed.
In your most recent traces, are you showing three separate captures with the same settings? I would expect the traces to look almost identical. There’s also a “beat” effect in the traces. My guess is that you’ve set your ChipWhisperer clock frequency to match the ATMega’s clock frequency, but in reality the clocks are slightly different (ie: 20 MHz vs. 19.9 MHz).
You should try to fix these clock issues to make this attack work. One way to do this is to connect the ATMega clock to the ChipWhisperer’s EXTCLK input and use this signal as the ADC clock. Another way is to remove the ATMega clock source and drive it with the ChipWhisperer’s clock output instead.
The attacks should work with binary input (instead of UART) because we don’t really care about the data transmission - you’re just interested in watching the power consumption while the target is running the encryption. As long as you can get consistent power traces that include the first AES round, you should be able to get your attack working.
Thank you for the reply. Worked towards driving it from external clock. I was a bit confused because I was following the tutorial in which we give an input text and the encrypted output is received.
I am trying to setup the scenario for the binary, however I am not able to capture the traces. Can the Target settings be “bypassed” or do i need to use the Rx Tx. Right now I wrote a simple encryption on the Atmega to send messages over UART and am struggling a bit to receive messages on the chipwhisperer.
What are you doing on your Atmega? Where are the plaintexts coming from?
UART is definitely the easiest thing to use (as long as you can get it working on the target). You can’t totally bypass the TX/RX because you need to get the plaintexts somehow - you can’t do a side channel attack unless you have these.
I think I need to explain a bit on what I’m doing.
The aim is to get keys out of an Atmega board. The board takes a binary as an input on the serial link (no text). There are not much operations the board does - other than responding to serial instructions like ‘a’ , ‘b’ , ‘c’
To know the system better, I tried to recreate the Xmega tutorial, tried to port the code to work with the atmega board (its still not in perfect working condition, but I’m working on it), I did this to see if I’m doing the right thing and all the connections are in place.
So right now I wanted to use this information to extract keys.
At the moment I used the external clock from atmega crystal by selecting the option under ADC clock -> Souce = EXTCLK Direct. I am getting pretty good signals, however the capture M isnt working.
OK - so the plaintext/ciphertext get sent as 16 raw bytes instead of 32 characters. You should be able to work with that. I’m not sure what’s wrong with your Capture Many… the traces should look the same as the Capture 1 samples. Lots of things could be a bit off - maybe your plaintexts aren’t getting sent properly or your trigger signal isn’t working.
Alright, debugging that.
Also, will I be able to use ATMEGA 328 Hex files for the 1248 or change the code for 1248 ? I’m not able to run the encryption over the chip, I’m essentially re writing the code.
Are you still trying to use SimpleSerial? It must be complaining about receiving characters that it doesn’t expect…
You can write your own target class to use in CWCapture. Check out chipwhisperer/software/chipwhisperer/capture/targets. The _base.py file shows which methods you need to write and the SimpleSerial.py file shows how it’s done for the SimpleSerial protocol. You could take out a bunch of the error checking and just send your plaintext/key as 16 bytes, but you’ll still need to signal to the target which one is which!