Initialization Vector of CBC - AES Bootloader 256

After carefully following the instructions on how to capture a single trace which depicts the following operations :

  • 16 XORs

  • 16 register loads (this is the new IV being copied over)

  • Some serial communication

  • The signature check

  • The serial line going idle

The trace looks fine as most of the operations are easily interpretable :


Then I capture 5000 traces(as I am attacking the XMEGA), the I try to locate the first XOR operation for the first byte of the IV(Initialization Vector) and then plot the difference of the two groups ( originating from the evaluation of the expression : DR[0] & (1 << bit) ) for each bit. I get something like this:
The when trying to run the function find_potential_xors, no matter how big I make the denominator of the threshold, some bytes of the IV have zero candidates for being the “plausible XOR points”.

Furthermore the method which repeats the conceptual 1-bit attack attack also fails when running the following block:


Sampling the correct XOR location fails resulting in recovering the completely wrong IV, although I’ve tried many different combinations, I could imagine to be reasonable for the location variable.

(p.s The key and signature attack of the AES-CBC worked great for me after some tweaking)

Some feedback on the Bootloader Attack & the reverse engineering:
The reverse engineering helped a lot to deeply understand what’s happening, while also recovering the correct IV. There are some things that I find genuinely obscure(i.e 1st round of decryption is the 14th round of and the 2nd round of decryption is the 13 of encryption), especially on the 3_1A where there are nuances/little details that are all over the place in the notebook(for instance it is stated that “The LSB of the CRC is sent first, followed by the MSB” while there is the other way around). The examples provided are just to name a few of equivocalities that exist .

Keep the hard work guys!

With kind regards,
Antonios Tragoudaras.