Hello! I’m attacking the last round of AES on XMEGA CW308 using TinyAES128. My first round attack works perfectly (corr > 0.7), but last round gives very low correlations (0.10) with wrong key recovery. SETUP: - Hardware: ChipWhisperer Lite - Target: XMEGA CW308 - Firmware: TinyAES128 (simpleserial-aes) - ChipWhisperer version: 6.0
WHAT I’VE TRIED: 1. HW(InvSBox(CT XOR k)) - low correlations (0.10) 2. HD(state_before, state_after) - low correlations (0.10) 3. Different number of traces (1000-5000) - no improvement 4. Followed Tutorial_CW305-1 for hardware AES - doesn’t apply well QUESTIONS: Is last round CPA on XMEGA software AES with TinyAES128 feasible? Any tutorials or guidance would help!
The first thing I would look at is whether you are capturing the last round in the power trace. Use scope.adc.trig_count and visually identify the rounds in the power trace. This can help.
Second, not all models work against all targets / implementations.
What usually matters most is what is getting stored in a register. This notebook teaches this, but it requires a CW305 and may be difficult to follow if you are not experienced in FPGA development.
Thank you so much , that was the problem , I wasnt capturing the last round