Husky inconsistent number of required traces for CPA key recovery

Hi!

I was playing a little bit with the husky and the H-probe, and just because I was not having sucess I went throug the same notebook but this time capturing in the shunt resistor.

I wanted to know what is the minimun amount of traces required for the husky to recover the AES key from the SAM4S, same way I did with the nano and the STM32 (this only required 50/75 traces).
So I did a bunch of runs 20 with the husky and the SAM4S… I was expecting to have a small amount of variance, as with nano, but got more than 175 traces of difference between runs retrieving the full key…

Here is the result of traces required among 20 runs with husky:
Traces Needed / Times
300 - 1
275 - 2
250 - 4
225 - 2
200 - 3
175 - 4
150 - 4
125 - 1

The nano with this exact same target needed consistently 275/300 traces to recover the key, no big variance in the results…

This might be related to capacitor C49: ChipWhisperer-Husky — ChipWhisperer Documentation

Thank’s @Alex_Dewar !!!

One little concern, that documentation page says “Husky models (Revision D and later)” but mine is Rev 1.1C (in the other hand the motherboard says it is a rev 03… weird ), it have no cap populated on C49, it is safe to do this fix anyway in this husky earier than rev D?

If is save I have here the right 47pf cap awaiting

OMG!!! Thanks!!! Woah!!! This is insane @Alex_Dewar !!! After soldering the C49 (47pf as recommended) the improvement is simply amazing…

image717×366 18.7 KB

image715×320 13.1 KB

This is the best improvement I’ve seen in my life, from needing between 250 to 300 traces to recover the key not needing more than 20 to 30 traces…

Maybe that was the reason too of why I wasn’t able to recover a sigle byte of the key with the H-Probe…