Hi,
I’m a newbye here and I saw the Chipwhisperer capabilities on youtube and I decided to buy one for my security reasech on an ATxmega256A3U board.
In Youtube “Very old dates the most recent is 2017” there were only the GUI, but now there is no more GUI and I have to use Juptyer which will take much more time to learn and understand , I’m not very expert in Python but in C and assembler I’m fine.
I would like to know if there is any new youtube link for how to use Jupyter with ChipWhisperer and how to create the GUI, Charts, Logs an so on.
I still also don’t understand the theory of the attack using the Serial signals, what if the Firmware in the target doesn’t make use of ots serial port, how can I send a command to its serail port which is not configured in its firmware…?
Is there any Youtube link for how to retreive the firmware from a target?
Thanks for your replay,is there any how to do or example youtube link?
In the link you sent me I click on fault101 folder then I see othe file and folders what should I do, how can use them them to connect to my Board and do the attack?
Start with the courses in the sca101 folder, in numerical order.
There is no youtube video since the Jupyter notebooks explain everything you need to know.
I understand but I still don’t understand the theory of how to retreive the firmware from a target say Xmega256 that I have.
Is there any document who explains this theory,
I understand the power glitching to bypass a Password but how can you read from memry the whole Firmware using only the serial interface or clock glitching, what if the target doesn’t implement in its code the Serial Interface…
Our serial interface just makes it easy to learn the basic principles. We use a simple interface on purpose, to make it easier to learn about side-channel attacks without other “stuff” in the way.
If your target has a different interface, you’ll have to figure out a way to talk to it. The other key parts of the ChipWhisperer platform are:
Synchronous sampling, which means ChipWhisperer needs access to the target clock.
Triggering the capture. Our examples use trigger_high() in the target source to drive a GPIO. If this isn’t possible for your target then you need to figure out another way to get a useful time reference. One way is to use SAD triggering, which you can do with CW-Pro and the soon-to-be-released CW-Husky.
Now I undersand the Serial Communication choise for learning purposes, this means if my target uses SPI or I2C I must figure out how it works , format of commands sent and received, and create my own code in Jupyer to be able to do the attack?
How can I do this if I don’t have the code running inside the target and I’m trying to reverse engineering the target and I don’t have the firmware?
This why I was looking for a method to dump the target memory and retrive the firmware for disassembling with Ida Pro for example.
You said to do this I must have CW PRO or CW Husky, could you kindly cofirm that with CW Lite I have puchased cann’t achieve this subject?
You’ll have to do some sleuthing to figure out what your target is doing / how to talk to it first. Trying to e.g. glitch a target to dump its firmware without knowing anything else about it is very much like taking a shot in the dark: you have almost no chance of hitting your target. You really need to find out more about your target first, and ChipWhisperer is not the tool for this; a logic analyzer or oscilloscope is what you need, along with anything you can learn about your target (schematics, data sheets, etc…).
This was in reference to triggering a power trace capture or glitch from the power trace itself.
It doesn’t sound like this is something you need to pursue at this point.
I figured out somehow what the target is doing, the only way to access the target is through the I2C 2 wires, I logged them using a Logic analyzer and I see some data exchange.
Now the questions is:
How to configure and program my CW Lite to talk with the target in I2C instead of talking in serial ? is there any doc describes this configuration.?
This means that ChipWhisperer is able to do attack only and only on targets that use the Serial Comm. and also we must know some of the Serial Commands used in order to do the attack in order to use them to play around the Firmware, which means we must have also the source of the Target Firmware “As in the example” or at least a sort of message format used on Serial…?
Do the CW support any other communication protocols other thant the Serial? Because like this it is very limited tools…
ChipWhisperer is a tool for doing clock glitching, voltage glitching, and side-channel power analysis.
It can also communicate with targets using SimpleSerial, which allows it to be an all-in-one learning platform. This, of course, doesn’t preclude it from being used for clock glitching, voltage glitching, and side-channel power analysis of other targets which don’t talk SimpleSerial and/or for which you don’t have the source firmware.
You just need to come up with a way to communicate with the target using some other means.
If your target is a USB peripheral, we also have PhyWhisperer-USB.
