Navigating the ecosystem, templates for targets, documentation for 312 targets


I recently received a CWHUSKY with CW313 interposer and a few targets:

  • CW312T-A35 (Artix 7, same as on a version of the CW305)
  • 312-style SAM4S (Atmel microcontroller).

I’ve gone through the SCA101/201 tutorials (DPA/CPA on the microcontroller), and some of the chipwhisperer/jupyter/demos for the CW305 that also run on the CW312T-A35 (PA_HW_CW305_1-Attacking_AES_on_an_FPGA.ipynb and CW305_AES_pipelined.ipynb).


I would like to gather power traces from my own cryptographic implementations on the FPGA target above. To do this, I need to know the following at least.

  • How to program the target.
  • How to send data and triggers to and from the PC.
  • What top-level entities should or could look like so I can produce appropriate bitstreams for the FPGA.


  • Is the CW313 “transparent”? How do the 312-style targets differ from CW308_SAM4S and CW305_A35 in practice?
  • Are there examples or templates available aside from whats in chipwhisperer/hardware/victims/cw305_artixtarget/fpga (say for the CW312T-A35) or in chipwhisperer/hardware/victims/firmware (say for the 312-style SAM4S)?


The documentation is a bit lacking and disorganized (although my ignorance is certainly contributing to this feeling). For the various capture devices and targets, it would be nice if there were (or if someone could point me to them if they exist) templates and wrappers (preferably in both VHDL and Verilog for the FPGAs) helping newbs to roll their own crypto.

I’d really like to get rolling with this hardware if I can, but at the moment I’m limited to hitting shift+enter on the tutorials.


These are the references I’m familiar with (existence if not content). Sorry I can’t post links, I’m limited to two by the forum.

  • chipwhisperer.readthedocs
  • github
  • rtfm.newae
  • NAE0010_Whitepaper_CW305_AES_SCA_Attack.pdf
  • wiki.newae
  • this forum

You’re not wrong! We are planning to make all this a lot clearer / easier to find, but I can give you a quick overview and answers to your questions:

For our tutorials and for our stock targets, yes. The CW308 has some extras that the 313 lacks, like:

  • external oscillator
  • more supply voltages
  • adjustable voltage
  • external power supply

but you don’t need these to run through our courses.

Those are the main ones. There’s also hardware/victims/cw308_ufo_target/xc7a35 for the CW312T-A35; see also the CW305-Arm-DesignStart and DesignStartTrace repos for running a soft ARM core on the CW312T-A35.

The CW305/A35 examples, along with the whitepaper that you’ve found, are intended to teach that. I’d recommend focusing on the basic AES FPGA demo to learn how the whole system works, since it’s the more simple one.

simpleserial-aes for firmware, and the basic FPGA AES demo that I linked above for FPGA, are intended to be that. The Verilog is there and is totally suitable to take as a template for how to build your own target. Compare the AES, pipelined AES, and ECC FPGA targets and you’ll find they have very similar structures. They also each have a simple testbench that you can use to run simulations. Don’t expect any VHDL, however (sorry).

You can do that… or you can take the time to understand what’s going on under the hood.
And if anything is unclear or doesn’t make sense, come back here to ask questions!

I forgot one more CW305/CW312_A35 example (again showing how we really need to collect all these in one place!): the Ibex (RISC-V) soft core: GitHub - lowRISC/ibex-demo-system: A demo system for Ibex including debug support and some peripherals