Hi, I’m a newbie and am considering getting into ChipWhisperer. However I noticed that most of the attacking is done on target boards from ChipWhisperer. Currently I am doing a password bypass tutorial and am thinking whether this could be applicable to other devices like my phone and would it be any different from using a target board to do so?
Good question!
Power analysis is definitely possible on more complicated devices. Shunt resistors often aren’t very practical, so you’re better off using an H-Field probe. I’m not aware of any power analysis attacks on phones specifically, but there’s power analysis attacks on even x86 cores: https://platypusattack.com/platypus.pdf
You can also do voltage glitching attacks on these devices. We have a glitch example on the Raspberry Pi. I know we also have a video of the same glitching on a mobile phone as well, but I’m not sure where it is off the top of my head.
Alex
Hi Alex,
Thank you for your response!
Do you know of any setup that I may need to prepare if I were to carry out the experiment on my phone? Especially on the H-field probe!
Hope to hear form you soon!
The HField Probe is pretty noninvasive - there’s no need to insert a shunt resistor or anything like that, you can simply hold the probe over the chip you’re interested. Decoupling capacitors are also a good location to probe. One thing I hadn’t considered is that might be pretty difficult is to get a trigger out of a phone as I’m guessing you don’t really get access to any GPIO pins.
Something easier would be to use a Raspberry Pi if you’ve got one around, as the processor will be similar to one used on a phone and you’ll have easy access to a GPIO pin to trigger the ChipWhisperer with. You also don’t have to open your phone to get physical access to the pins.
Also, here’s a video demonstrating using an H-Field probe on a target: https://www.youtube.com/watch?v=zmGKZw_txJc
Alex