Simpleserial implementation on Rpi

I have been trying to attack a raspberry pi (I will do both python and c/c++) and right now I’m working on the python simpleserial implementation.
The raspberry pi is reading the sent plaintext from chipwhisperer and the value of the variables a,b in the lines 37/38 (indicating how many bytes sent) is correct.
My problem is when I’m reading the traces with the Chipwhisperer and printing them the textout=None.
For now I only have connected Rx,Tx and GND

Python code on the Raspberry pi 4 Model B:

import serial
from Crypto.Cipher import AES

ser = serial.Serial(            
	baudrate = 38400,

keyraw = b'2b7e151628aed2a6abf7158809cf4f3c'
key = [int(keyraw[i:i+2],16) for i in range(0, len(keyraw),2)]
cipher =, AES.MODE_ECB)

ack = b'z00\n'

while True:
	data = ser.readline() 
	if len(data)==34:
		command = data[0]
		pt = [int(data[i:i+2],16) for i in range(1, len(data)-1,2)]

		if chr(command) == 'p':
			ct = cipher.encrypt(bytes(pt))
			senddata = b'r' + ct + b'\n'

Chipwhisperer Lite Arm code:

Thanks in advance for any tip is greatly appreciated!

My guess is that I am missing some initialization in the simpleserial protocol, but I have no clue to what that might be.

There shouldn’t be any initialization you have to do - the packets are all self-contained. Have you tried printing the serial data you’re getting back ( I’d recommend taking a look at the simpleserial documentation that we have: Simpleserial Documentation — ChipWhisperer 5.6.1 documentation, as well as the Python documentation for the SimpleSerial class: API — ChipWhisperer 5.6.1 documentation

As said in the docs, I now send the cipher in the ASCII representation.
Printing gives:

it is printing the same cipher text sent by the Raspberry but it starts with a ‘\n’ which doesnt exist when the message is sent from the Raspberry side. Also before the ‘\n’ required at the end of the cipher and ack message there is a ‘\r’ which also does not exist when sent from the RPi

You have to replace cw.capture_trace(), since that reads from the serial buffer and removes the characters that it reads. The target will also send the key when you use capture_trace, so it’s good to avoid it in general when debugging. Since it looks like you’re still getting stuff from, it might be that you need some sort of delay between sending and receiving the data as well.

Not sure why you’re seeing the extra \r in there. Different platforms have different end characters, so maybe it has something to do with that?


I seemed to fix the problem by not doing much. The simple fact of using the trace variable in any operation seemed to correct the problem (???).

if I remove the proj.traces.append(trace) line and print the trace variable the textout param appears as None, but as soon as I use the trace variable (even just in an assignment such as: aa = trace ) It fills the textout param with the correct information (sent by the RPi)
You would be correct in assuming I stumbled into this solution, either way its working :slight_smile: