Past the tutorial point


#1

Hello,

I am wondering what happens once you past the tutorial point and would like to target some higher end targets. I have a Side Channel & Glitching starter pack(Level 2) I am wondering about what to expect here.

I created a small overview of the possibilities here and wonder how realistic this is. In this overview I assume using as much CW hardware (and software) as possible.

Can somebody please have a look and provide feedback?

Here are some of the questions I have:

  • I think that the power of the CW comes from the clock synchronization. Would it be possible to synchronize using a divider for faster targets (e.g. can I sync to a 200 Mhz clock?) when trying to VCC glitch?
  • If I wanted to try DPA or clock glitching on something like a phone running at 800 Mhz. What is the next step up?

#2

I have similar questions with respect to the maximum capability ChipWhisperer-Lite (CW1173) and ChipWhisperer-Pro (CW1200) can offer.

The on board ADC, data buffer in on-board FPGA and USB interface etc. can set the upper limit. For example, the CW-Lite schematic shows ADC as AD9215BRUZ with maximum sample rate 105 MSPS. I doubt it may be infeasible to be used for a target with hardware AES implementation of one round per cycle clocked at 50MHz+ . I didn’t look into ChipWhisperer-Pro or didn’t find its schematic.

@Colin, can you kindly tell specifications respect to capture/measure capability of the CW-Lite and CW-Pro?

@ExMachina, regarding to your table. Putting CW hardware gadgets aside, it should be possible to use proper oscilloscope + probe + LNA to mount DPA to hardware/software running at hundreds of MHz or even up GHz.
CW software can be at minimum used for post-process and analysis.