How to implement the clock and voltage glitch fault attack on the CW305 FPGA board

naufusa · May 4, 2021, 4:02am

How to implement the clock and voltage glitch fault attack on the CW305 FPGA board. Please share the python script and HDL codes for the CW305 FPGA board if available.

I am using Windows 10, ChipWhisperer-Lite, the target FPGA board: CW305, and installed ChipWhisperer 5.5 directly (no VM).

jpthibault · May 4, 2021, 2:13pm

Hi,
We have a large set of glitching tutorials, but none of them are for the CW305 target at the moment.
You can learn the basics of glitching with ChipWhisperer by following our existing tutorials for other targets.

Glitching is done by the capture hardware, not the CW305, so everything you learn can be applied to your CW305 target. Just keep in mind that for clock glitching you’ll have to source the target clock from the capture hardware (not the CW305 PLL). For voltage glitching, see: https://rtfm.newae.com/Targets/CW305%20Artix%20FPGA/#fault-injection

naufusa · May 4, 2021, 11:06pm

Ok, thanks!

Can I use the cw305_top.bit file for this experiments in the CW305 target side (the bit file is available at chipwhisperer\hardware\victims\cw305_artixtarget\fpga\vivado_examples\aes128_verilog\aes128_verilog.runs\impl_100t)
How to set glitch parameters in a python script that produces the desired effect!

jpthibault · May 6, 2021, 1:25pm

You can certainly try glitching the cw305_top.bit; like I said, we don’t have any examples for glitching that target. You’re in uncharted territory, and if you do come up with a successful glitching attack, we would love your contribution!

Jean-Pierre

naufusa · May 11, 2021, 4:44pm

Hi,
Okay. I have noticed that the following glitching attack-related tutorials (CW305) on the Newae wiki website. Is ChipWhisperer 4 (GUI-based) or ChipWhisperer 5.5 will support running the following tutorials?
https://wiki.newae.com/Tutorial_CW305-3_Clock_Glitching
https://wiki.newae.com/Tutorial_CW305-4_Voltage_Glitching_with_Crowbars

jpthibault · May 11, 2021, 7:33pm

Hi,

I had forgotten about those, they were written before my time and have not been kept up to date as the ChipWhisperer software evolved. They will not work with CW5; they may work with CW4, or you may have to go all the way back to CW3 (you can find all the old releases here: https://github.com/newaetech/chipwhisperer/releases)

Having said that, the principles remain the same, and if you’re familiar with glitching in CW5 (by following our up-to-date CW5 glitching tutorials), then it should be fairly straightforward to carry these over to CW5.

Finally, these tutorials show the mechanics of glitching the CW305 target; they do not show a complete fault attack on a hardware AES target. That remains a TODO which you are welcome to contribute .

Jean-Pierre

naufusa · May 11, 2021, 8:54pm

Sure, thanks Jean-Pierre!