Scope function for CWNANO Correlation power analysis

Hi,

When i enter the scope function for “Lab 4_2 - CPA on Firmware Implementation of AES (HARDWARE)” as shown below.

from tqdm.notebook import trange
import numpy as np
import time

ktp = cw.ktp.Basic()
trace_array = []
textin_array = []

key, text = ktp.next()

target.set_key(key)

N = 50
for i in trange(N, desc=‘Capturing traces’):
scope.arm()

target.simpleserial_write('p', text)

ret = scope.capture()
if ret:
    print("Target timed out!")
    continue

response = target.simpleserial_read('r', 16)

trace_array.append(scope.get_last_trace())
textin_array.append(text)

key, text = ktp.next()

trace_array = np.array(trace_array)

I get the error shown below.

KeyError Traceback (most recent call last)
~/.pyenv/versions/3.7.7/envs/cw/lib/python3.7/site-packages/pyusb-1.1.1-py3.7.egg/usb/core.py in get_interface_and_endpoint(self, device, endpoint_address)
235 try:
–> 236 return self._ep_info[endpoint_address]
237 except KeyError:

KeyError: None

During handling of the above exception, another exception occurred:

TypeError Traceback (most recent call last)
in
17 target.simpleserial_write(‘p’, text)
18
—> 19 ret = scope.capture()
20 if ret:
21 print(“Target timed out!”)

~/work/projects/chipwhisperer/software/chipwhisperer/capture/scopes/cwnano.py in capture(self)
694 return True
695
–> 696 self._lasttrace = self._cwusb.cmdReadMem(0, self.adc.samples)
697
698 # can just keep rerunning this until it works I think

~/work/projects/chipwhisperer/software/chipwhisperer/hardware/naeusb/naeusb.py in cmdReadMem(self, addr, dlen)
798 “”"
799
–> 800 return self.usbseralizer.cmdReadMem(addr, dlen)
801
802 def cmdWriteMem(self, addr, data):

~/work/projects/chipwhisperer/software/chipwhisperer/hardware/naeusb/naeusb.py in cmdReadMem(self, addr, dlen)
202 cmdpacket = self.make_cmd(self.CMD_READ_MEM, payload)
203
–> 204 return self.process_rx(self.txrx(tx=cmdpacket))
205
206 def cmdWriteMem(self, addr, data):

~/work/projects/chipwhisperer/software/chipwhisperer/hardware/naeusb/naeusb.py in txrx(self, tx)
311 addr = payload[0]
312 dlen = payload[1]
–> 313 response = self.cmdReadMem(addr, dlen)
314 naeusb_logger.debug(“CMD_READ_MEM: addr: {:08X}, dlen: {:08X}, response: {}”.format(addr, dlen, response))
315 elif cmd == self.CMD_WRITE_MEM:

~/work/projects/chipwhisperer/software/chipwhisperer/hardware/naeusb/naeusb.py in cmdReadMem(self, addr, dlen)
531 # Get data
532 if cmd == self.CMD_READMEM_BULK:
–> 533 data = self.usbdev().read(self.rep, dlen, timeout=self._timeout)
534 # XXX Husky debug:
535 naeusb_logger.info(‘YYY BULK rep=%d, dlen=%d, got len=%d’ % (self.rep, dlen, len(data)))

~/.pyenv/versions/3.7.7/envs/cw/lib/python3.7/site-packages/pyusb-1.1.1-py3.7.egg/usb/core.py in read(self, endpoint, size_or_buffer, timeout)
1009 }
1010
-> 1011 intf, ep = self._ctx.setup_request(self, endpoint)
1012 fn = fn_map[util.endpoint_type(ep.bmAttributes)]
1013

~/.pyenv/versions/3.7.7/envs/cw/lib/python3.7/site-packages/pyusb-1.1.1-py3.7.egg/usb/core.py in wrapper(self, *args, **kwargs)
111 try:
112 self.lock.acquire()
–> 113 return f(self, *args, **kwargs)
114 finally:
115 self.lock.release()

~/.pyenv/versions/3.7.7/envs/cw/lib/python3.7/site-packages/pyusb-1.1.1-py3.7.egg/usb/core.py in setup_request(self, device, endpoint)
226 endpoint_address = endpoint
227
–> 228 intf, ep = self.get_interface_and_endpoint(device, endpoint_address)
229 self.managed_claim_interface(device, intf)
230 return (intf, ep)

~/.pyenv/versions/3.7.7/envs/cw/lib/python3.7/site-packages/pyusb-1.1.1-py3.7.egg/usb/core.py in wrapper(self, *args, **kwargs)
111 try:
112 self.lock.acquire()
–> 113 return f(self, *args, **kwargs)
114 finally:
115 self.lock.release()

~/.pyenv/versions/3.7.7/envs/cw/lib/python3.7/site-packages/pyusb-1.1.1-py3.7.egg/usb/core.py in get_interface_and_endpoint(self, device, endpoint_address)
242 return intf, ep
243
–> 244 raise ValueError('Invalid endpoint address ’ + hex(endpoint_address))
245
246 @synchronized

TypeError: ‘NoneType’ object cannot be interpreted as an integer

Can you please help me with this. Thank you.

Regards,
Sandeep

Hi,

Can you try the solution here: Firmware for CWNano for tutorial Part 2, Topic 1, Lab B: Power Analysis for Password Bypass

Alex

Yes actually i am the one who raised it as well. I tried adding

scope._cwusb.usbtx.rep = 0x81
scope._cwusb.usbtx.wep = 0x02

but even just the scope code below is not working

You need to add that code before that block (specifically before scope.capture())

got it thank you.

I want to know two things -

  1. The key is guessed as Best Key Guess: 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c where is this defined.

  2. When i look for hex file for target i also see a .c file can i know what that file is.

Thank you Alex for your help.

This comes from the key variable in that capture block (from key, text = ktp.next()). That’s just a 16 byte long bytearray().

That’s one of the source files that is compiled into the hex file you upload onto the target.

Alex

Does text key, text = ktp.next() randomly generates 16 bytes key ? Can i know from where plaintext is beeing sent for encryption ?

ktp.next() can generate a random key, but by default it’s in fixed key, random plaintext mode, with the fixed key being 2b7e…

The plaintext gets sent from the ChipWhisperer capture end to the target over UART.