Simpleserial implementation on Rpi

digg · May 3, 2022, 11:43am

Hello,
I have been trying to attack a raspberry pi (I will do both python and c/c++) and right now I’m working on the python simpleserial implementation.
The raspberry pi is reading the sent plaintext from chipwhisperer and the value of the variables a,b in the lines 37/38 (indicating how many bytes sent) is correct.
My problem is when I’m reading the traces with the Chipwhisperer and printing them the textout=None.
For now I only have connected Rx,Tx and GND

Python code on the Raspberry pi 4 Model B:

import serial
from Crypto.Cipher import AES


ser = serial.Serial(            
	port='/dev/serial0',
	baudrate = 38400,
	parity=serial.PARITY_NONE,
	stopbits=serial.STOPBITS_ONE,
	bytesize=serial.EIGHTBITS,
	timeout=1)

keyraw = b'2b7e151628aed2a6abf7158809cf4f3c'
key = [int(keyraw[i:i+2],16) for i in range(0, len(keyraw),2)]
cipher = AES.new(bytes(key), AES.MODE_ECB)

ack = b'z00\n'


while True:
	data = ser.readline() 
	if len(data)==34:
		command = data[0]
		pt = [int(data[i:i+2],16) for i in range(1, len(data)-1,2)]

		if chr(command) == 'p':
			
			ct = cipher.encrypt(bytes(pt))
			
			senddata = b'r' + ct + b'\n'
			
			a=ser.write(senddata)			
			b=ser.write(ack) 
			
	
ser.close()

Chipwhisperer Lite Arm code:

Thanks in advance for any tip is greatly appreciated!
Joao

digg · May 3, 2022, 12:59pm

My guess is that I am missing some initialization in the simpleserial protocol, but I have no clue to what that might be.

Alex_Dewar · May 3, 2022, 8:35pm

There shouldn’t be any initialization you have to do - the packets are all self-contained. Have you tried printing the serial data you’re getting back (target.read())? I’d recommend taking a look at the simpleserial documentation that we have: Simpleserial Documentation — ChipWhisperer 5.6.1 documentation, as well as the Python documentation for the SimpleSerial class: API — ChipWhisperer 5.6.1 documentation

digg · May 4, 2022, 3:30pm

As said in the docs, I now send the cipher in the ASCII representation.
Printing target.read() gives:

it is printing the same cipher text sent by the Raspberry but it starts with a ‘\n’ which doesnt exist when the message is sent from the Raspberry side. Also before the ‘\n’ required at the end of the cipher and ack message there is a ‘\r’ which also does not exist when sent from the RPi

Alex_Dewar · May 4, 2022, 7:25pm

You have to replace cw.capture_trace(), since that reads from the serial buffer and removes the characters that it reads. The target will also send the key when you use capture_trace, so it’s good to avoid it in general when debugging. Since it looks like you’re still getting stuff from target.read(), it might be that you need some sort of delay between sending and receiving the data as well.

Not sure why you’re seeing the extra \r in there. Different platforms have different end characters, so maybe it has something to do with that?

Alex

digg · May 5, 2022, 4:31pm

I seemed to fix the problem by not doing much. The simple fact of using the trace variable in any operation seemed to correct the problem (???).

if I remove the proj.traces.append(trace) line and print the trace variable the textout param appears as None, but as soon as I use the trace variable (even just in an assignment such as: aa = trace ) It fills the textout param with the correct information (sent by the RPi)
You would be correct in assuming I stumbled into this solution, either way its working