After carefully following the instructions on how to capture a single trace which depicts the following operations :
16 register loads (this is the new IV being copied over)
Some serial communication
The signature check
The serial line going idle
The trace looks fine as most of the operations are easily interpretable :
Then I capture 5000 traces(as I am attacking the XMEGA), the I try to locate the first XOR operation for the first byte of the IV(Initialization Vector) and then plot the difference of the two groups ( originating from the evaluation of the expression : DR & (1 << bit) ) for each bit. I get something like this:
The when trying to run the function find_potential_xors, no matter how big I make the denominator of the threshold, some bytes of the IV have zero candidates for being the “plausible XOR points”.
Furthermore the method which repeats the conceptual 1-bit attack attack also fails when running the following block:
Sampling the correct XOR location fails resulting in recovering the completely wrong IV, although I’ve tried many different combinations, I could imagine to be reasonable for the location variable.
(p.s The key and signature attack of the AES-CBC worked great for me after some tweaking)