Hi there. Is it possible to capture the traces on the CW308 with an oscilloscope? If yes, is there some integrated function which I have to replace with my own oscilloscope function to make it possible to be compatible with the jupyter CWA scripts?
If I dont have a trigger signal, is it also possible to capture the traces, send them to the CWA for analysis? I know a trigger signal is important, but on a different real device you dont have such a signal, how can I simulate such situation on the CW308 board? Simply remove the trigger signal in the simpleserialAES?
If you can get your oscilloscope data onto your PC and get it into the correct format (CW Projects), then yes.
You’re correct in that you often won’t have something as convenient as a GPIO pin toggling just before an encryption, but you can usually get something nearly as good. This is usually pretty heavily dependent on what you’re actually interested in. For example, for a bootloader, a good trigger might be the nRST pin (if it’s doing things right after boot) or a serial pin (if it’s doing things right after you send it something).
Hey, thanks for the answer. I would like to use CEMA for this case so I wouldn’t have to make any changes to the hardware, although what do you mean to transform it into CW projects? Do they have some special format? Which oscilloscope would you suggest me to get? Is 8bit one enough?
CW Projects are just the format we use to store data: Capture Helpers — ChipWhisperer 5.7.0 documentation. If you put your data into this format, you can use it with Analyzer. Keep in mind, there’s other side channel analysis software that faster (LASCAR, SCARED), so you may want to try one of those as well.
We haven’t done testing with different oscilloscopes, so I can’t really give much advice on that. I don’t believe we’ve seen a big difference on CWHusky with 8 vs 12-bit ADC samples, so I wouldn’t worry too much about bit depth.
which ones do you use then? could you list some models and their specs? Whats most important to have in an osciloscope for side channel attacks? Im wondering which one I should get. Was thinking about 12bit one, since I guess more resolution is more details for the attack, why isnt there much difference between 8 and 12 bit?
Sorry, I can’t really help there. ChipWhisperers have always been sufficient for any power analysis/glitching we want to do.
I’m not too sure on the reasoning; this is just something we’ve observed in the past.
Connect your measure probe to TP5 or J17, ideally the latter, and a probe you can use for triggering to TP2 (GPIO4/TRIG). If you’re using one of our firmware projects, you’ll probably want to continue to use the ChipWhisperer for serial/programming/etc.
is there any in depth guide for that on how to connect the osci to the target? I wanted to redo the same CW attack on a XMEGA target, but gather the data through an osciloscope in order to learn on how to use osciloscopes for such attacks. Then transfer the osciloscope data into a CW project I guess for the analysis? The CW Project can be then used with integrated LASCAR I think? As stated in the tutorials.
The idea of using external osciloscope is that some devices run at higher Mhz, where the CW Pro only supports up to 40Mhz I guess? When the target is like 200Mhz, it cant measure correctly
By the way, since I want to use an oscilloscope for the measurement, I somehow need to operate the CW308 to run AES 1000 times, yet not record data with the CWPro. Is that possible to somehow turn off gathering data of the CWPro and just run the notebook script on the CW308 board(just operate the board)? I know which pins I need to cover with my oscilloscope, do I also need to switch the J3 pins and add some crystal on the X1?
One of my ideas was just to let the CWPro gather the traces (although the SMA cable is not connected) and just let it be gathered by my oscilloscope, then transfer the oscilloscope data into CW compatible data for further analysis and replace the data of the non recorded CWPro with data from my oscilloscope. Although I am not sure if this can work since some oscilloscopes need a delay between recording new traces?
If you let the ChipWhisperer take care of power/clock/communication, those two connection points from my earlier post is really all there is to it, transferring data from the oscilloscope onto the PC. If you want to use LASCAR, you don’t need to put it into a ChipWhisperer datatype. IIRC numpy arrays work fine for LASCAR. LASCAR’s docs/examples should be helpful here: GitHub - Ledger-Donjon/lascar: Ledger's Advanced Side-Channel Analysis Repository
The Pro’s ADC is spec’d at 105MS/s. I haven’t tested this, but I wouldn’t be surprised if a ChipWhisperer outperforms an oscilloscope for a device running at 200MHz if you play around with the ADC phase a little and measure synchronously.
That depends - how do you want to clock your target? You can continue using the ChipWhisperer to supply a clock, you can use a crystal, some other clock generation source, use the device’s internal oscillator, if it has one, etc.
Which library do you suggest me to use to communicate with the oscilloscope? I was thinking about visa drivers and communication over pyvisa library to integrate the functions into the notebook, or simply record stuff separately with my oscilloscope and then exchange the output data of the CW with that data.
Could you describe that more precisely please? I was thinking that if you have 40MHz oscilloscope (CW) you cant keep up with the clock of the device which is 200MHz and runs asynchronously. From my knowledge you should at least use the same clock speed or even higher?
The Pro’s ADC can go up to 105MS/s, not 40MS/s. Ideally you’ll have a higher sampling frequency than your target, but if you adjust the ADC phase, you can effectively change where in the clock cycle you’re measuring at.
do you know where the traces from the CW are gathered? Or how could I import the data captured with my oscilloscope (its some bin data) into the CW jupyter notebook, to then transform it into CW numpy arrays and insert the data into project for further analysis? Could you give me some function names which can do it or something? Thank you in advance