SOLN_Lab 2_1 - Fault Attack on RSA

UsamaMuddassar · September 18, 2023, 10:13am

I am trying to run this code but getting error on following lines:

%%sh -s “$PLATFORM” “$SS_VER”
cd …/…/…/hardware/victims/firmware/simpleserial-rsa
make PLATFORM=$1 CRYPTO_TARGET=MBEDTLS CRYPTO_OPTIONS=RSA OPT=2 SS_VER=$2

error:

SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
make[1]: ‘.dep’ is up to date.
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
.
Welcome to another exciting ChipWhisperer target build!!
avr-gcc (GCC) 11.1.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiling:
simpleserial-rsa.c: In function ‘main’:
simpleserial-rsa.c:49:34: warning: passing argument 3 of ‘simpleserial_addcmd’ from incompatible pointer type [-Wincompatible-pointer-types]
49 | simpleserial_addcmd(‘t’, 0, real_dec);
| ^~~~~~~~
| |
| uint8_t (*)(uint8_t , uint8_t) {aka unsigned char ()(unsigned char , unsigned char)}
In file included from simpleserial-rsa.c:20:
…/./simpleserial/simpleserial.h:40:61: note: expected 'uint8_t ()(uint8_t, uint8_t, uint8_t, uint8_t )’ {aka 'unsigned char ()(unsigned char, unsigned char, unsigned char, unsigned char )'} but argument is of type 'uint8_t ()(uint8_t , uint8_t)’ {aka 'unsigned char ()(unsigned char , unsigned char)'}
40 | int simpleserial_addcmd(char c, unsigned int len, uint8_t (fp)(uint8_t, uint8_t, uint8_t, uint8_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
simpleserial-rsa.c:56:34: warning: passing argument 3 of ‘simpleserial_addcmd’ from incompatible pointer type [-Wincompatible-pointer-types]
56 | simpleserial_addcmd(‘p’, 16, get_pt);
| ^~~~~~
| |
| uint8_t ()(uint8_t , uint8_t) {aka unsigned char ()(unsigned char , unsigned char)}
In file included from simpleserial-rsa.c:20:
…/./simpleserial/simpleserial.h:40:61: note: expected 'uint8_t ()(uint8_t, uint8_t, uint8_t, uint8_t )’ {aka 'unsigned char ()(unsigned char, unsigned char, unsigned char, unsigned char )'} but argument is of type 'uint8_t ()(uint8_t , uint8_t)’ {aka 'unsigned char ()(unsigned char *, unsigned char)‘}
40 | int simpleserial_addcmd(char c, unsigned int len, uint8_t (fp)(uint8_t, uint8_t, uint8_t, uint8_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
simpleserial-rsa.c …Done!
.
Compiling:
In file included from simpleserial-rsa-xmega.c:28:
…/./crypto/avrcryptolib/rsa/rsa_basic.h:23:10: fatal error: bigint.h: No such file or directory
23 | #include “bigint.h”
| ^~~~~~~~~~
compilation terminated.
make[1]: *** […/./Makefile.inc:495: objdir-CWLITEXMEGA/simpleserial-rsa-xmega.o] Error 1
make: *** […/./Makefile.inc:338: all] Error 2
simpleserial-rsa-xmega.c …
CalledProcessError Traceback (most recent call last)
Cell In[25], line 1
----> 1 get_ipython().run_cell_magic(‘sh’, ‘-s “$PLATFORM” “$SS_VER”’, ‘cd …/…/…/hardware/victims/firmware/simpleserial-rsa\nmake PLATFORM=$1 CRYPTO_TARGET=MBEDTLS CRYPTO_OPTIONS=RSA OPT=2 SS_VER=$2\n’)
File C:\Users\MYPC~1\CHIPWH~1\cw\home\portable\WPy64-31080\python-3.10.8.amd64\lib\site-packages\IPython\core\interactiveshell.py:2422, in InteractiveShell.run_cell_magic(self, magic_name, line, cell)
2420 with self.builtin_trap:
2421 args = (magic_arg_s, cell)
→ 2422 result = fn(*args, **kwargs)
2423 return result
File C:\Users\MYPC~1\CHIPWH~1\cw\home\portable\WPy64-31080\python-3.10.8.amd64\lib\site-packages\IPython\core\magics\script.py:153, in ScriptMagics._make_script_magic..named_script_magic(line, cell)
151 else:
152 line = script
→ 153 return self.shebang(line, cell)
File C:\Users\MYPC~1\CHIPWH~1\cw\home\portable\WPy64-31080\python-3.10.8.amd64\lib\site-packages\IPython\core\magics\script.py:305, in ScriptMagics.shebang(self, line, cell)
300 if args.raise_error and p.returncode != 0:
301 # If we get here and p.returncode is still None, we must have
302 # killed it but not yet seen its return code. We don’t wait for it,
303 # in case it’s stuck in uninterruptible sleep. -9 = SIGKILL
304 rc = p.returncode or -9
→ 305 raise CalledProcessError(rc, cell)
CalledProcessError: Command ‘b’cd …/…/…/hardware/victims/firmware/simpleserial-rsa\nmake PLATFORM=$1 CRYPTO_TARGET=MBEDTLS CRYPTO_OPTIONS=RSA OPT=2 SS_VER=$2\n’’ returned non-zero exit status 2.

kindly help me out to resolve this issue

Alex_Dewar · September 18, 2023, 5:55pm

Hi,

You need to use AVRCRYPTOLIB, not MBEDTLS for XMEGA. Also, the RSA fault lab doesn’t support the XMEGA, you’ll need to use a different target, such as the STM32F3.

Alex

UsamaMuddassar · September 19, 2023, 4:50am

@Alex_Dewar I have changed these options and still getting error for following code:

SCOPETYPE = ‘OPENADC’
PLATFORM = ‘CWLITEARM’
SS_VER=‘SS_VER_2_1’
%run “…/…/Setup_Scripts/Setup_Generic.ipynb”
%%sh -s “$PLATFORM” “$SS_VER”
cd …/…/…/hardware/victims/firmware/simpleserial-rsa
make PLATFORM=$1 CRYPTO_TARGET=‘MBEDTLS’ CRYPTO_OPTIONS=‘RSA’ OPT=2 SS_VER=$2

Error:

SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
make[1]: ‘.dep’ is up to date.
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
.
Welcome to another exciting ChipWhisperer target build!!
arm-none-eabi-gcc (GNU Arm Embedded Toolchain 10-2020-q4-major) 10.2.1 20201103 (release)
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

.

Compiling:
simpleserial-rsa.c: In function ‘main’:
simpleserial-rsa.c:49:34: warning: passing argument 3 of ‘simpleserial_addcmd’ from incompatible pointer type [-Wincompatible-pointer-types]
49 | simpleserial_addcmd(‘t’, 0, real_dec);
| ^~~~~~~~
| |
| uint8_t (*)(uint8_t , uint8_t) {aka unsigned char ()(unsigned char , unsigned char)}
In file included from simpleserial-rsa.c:20:
…/./simpleserial/simpleserial.h:40:61: note: expected 'uint8_t ()(uint8_t, uint8_t, uint8_t, uint8_t )’ {aka 'unsigned char ()(unsigned char, unsigned char, unsigned char, unsigned char )'} but argument is of type 'uint8_t ()(uint8_t , uint8_t)’ {aka 'unsigned char ()(unsigned char , unsigned char)'}
40 | int simpleserial_addcmd(char c, unsigned int len, uint8_t (fp)(uint8_t, uint8_t, uint8_t, uint8_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
simpleserial-rsa.c:56:34: warning: passing argument 3 of ‘simpleserial_addcmd’ from incompatible pointer type [-Wincompatible-pointer-types]
56 | simpleserial_addcmd(‘p’, 16, get_pt);
| ^~~~~~
| |
| uint8_t ()(uint8_t , uint8_t) {aka unsigned char ()(unsigned char , unsigned char)}
In file included from simpleserial-rsa.c:20:
…/./simpleserial/simpleserial.h:40:61: note: expected 'uint8_t ()(uint8_t, uint8_t, uint8_t, uint8_t )’ {aka 'unsigned char ()(unsigned char, unsigned char, unsigned char, unsigned char )'} but argument is of type 'uint8_t ()(uint8_t , uint8_t)’ {aka 'unsigned char ()(unsigned char *, unsigned char)'}
40 | int simpleserial_addcmd(char c, unsigned int len, uint8_t (fp)(uint8_t, uint8_t, uint8_t, uint8_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
simpleserial-rsa.c …Done!

Compiling:
simpleserial-rsa-xmega.c …Done!
.
Compiling:
simpleserial-rsa-arm.c: In function ‘rsa_init’:
simpleserial-rsa-arm.c:337:33: warning: passing argument 3 of ‘simpleserial_addcmd’ from incompatible pointer type [-Wincompatible-pointer-types]
337 | simpleserial_addcmd(‘1’, 0, sig_chunk_1);
| ^~~~~~~~~~~
| |
| uint8_t (*)(uint8_t , uint8_t) {aka unsigned char ()(unsigned char , unsigned char)}
In file included from simpleserial-rsa-arm.c:20:
…/./simpleserial/simpleserial.h:40:61: note: expected 'uint8_t ()(uint8_t, uint8_t, uint8_t, uint8_t )’ {aka 'unsigned char ()(unsigned char, unsigned char, unsigned char, unsigned char )'} but argument is of type 'uint8_t ()(uint8_t , uint8_t)’ {aka 'unsigned char ()(unsigned char , unsigned char)'}
40 | int simpleserial_addcmd(char c, unsigned int len, uint8_t (fp)(uint8_t, uint8_t, uint8_t, uint8_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
simpleserial-rsa-arm.c:338:33: warning: passing argument 3 of ‘simpleserial_addcmd’ from incompatible pointer type [-Wincompatible-pointer-types]
338 | simpleserial_addcmd(‘2’, 0, sig_chunk_2);
| ^~~~~~~~~~~
| |
| uint8_t ()(uint8_t , uint8_t) {aka unsigned char ()(unsigned char , unsigned char)}
In file included from simpleserial-rsa-arm.c:20:
…/./simpleserial/simpleserial.h:40:61: note: expected 'uint8_t ()(uint8_t, uint8_t, uint8_t, uint8_t )’ {aka 'unsigned char ()(unsigned char, unsigned char, unsigned char, unsigned char )'} but argument is of type 'uint8_t ()(uint8_t , uint8_t)’ {aka 'unsigned char ()(unsigned char *, unsigned char)'}
40 | int simpleserial_addcmd(char c, unsigned int len, uint8_t (fp)(uint8_t, uint8_t, uint8_t, uint8_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
simpleserial-rsa-arm.c: In function ‘get_pt’:
simpleserial-rsa-arm.c:415:1: warning: control reaches end of non-void function [-Wreturn-type]
415 | }
| ^
simpleserial-rsa-arm.c …Done!

Compiling:
…/./simpleserial/simpleserial.c …Done!
.
Compiling:
…/./hal/stm32f3/stm32f3_hal.c …Done!
.
Compiling:
…/./hal/stm32f3/stm32f3_hal_lowlevel.c …Done!
.
Compiling:
…/./hal/stm32f3/stm32f3_sysmem.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/rsa.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/bignum.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/md.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/md5.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/md_wrap.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/sha1.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/sha256.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/sha512.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/ripemd160.c …Done!
.
Compiling:
…/./crypto/mbedtls//library/oid.c …Done!
.
Assembling: …/./hal/stm32f3/stm32f3_startup.S
arm-none-eabi-gcc -c -mcpu=cortex-m4 -I. -x assembler-with-cpp -mthumb -mfloat-abi=soft -fmessage-length=0 -ffunction-sections -DF_CPU=7372800 -Wa,-gstabs,-adhlns=objdir-CWLITEARM/stm32f3_startup.lst -I…/./simpleserial/ -I…/./simpleserial/ -I…/./hal -I…/./hal/stm32f3 -I…/./hal/stm32f3/CMSIS -I…/./hal/stm32f3/CMSIS/core -I…/./hal/stm32f3/CMSIS/device -I…/./hal/stm32f4/Legacy -I…/./crypto/ -I…/./crypto/mbedtls//include …/./hal/stm32f3/stm32f3_startup.S -o objdir-CWLITEARM/stm32f3_startup.o
.
LINKING:
simpleserial-rsa-CWLITEARM.elf …Done!
.
Creating load file for Flash: simpleserial-rsa-CWLITEARM.hex
arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-rsa-CWLITEARM.elf simpleserial-rsa-CWLITEARM.hex
.
Creating load file for Flash: simpleserial-rsa-CWLITEARM.bin
arm-none-eabi-objcopy -O binary -R .eeprom -R .fuse -R .lock -R .signature simpleserial-rsa-CWLITEARM.elf simpleserial-rsa-CWLITEARM.bin
.
Creating load file for EEPROM: simpleserial-rsa-CWLITEARM.eep
arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom=“alloc,load”
–change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-rsa-CWLITEARM.elf simpleserial-rsa-CWLITEARM.eep || exit 0
.
Creating Extended Listing: simpleserial-rsa-CWLITEARM.lss
arm-none-eabi-objdump -h -S -z simpleserial-rsa-CWLITEARM.elf > simpleserial-rsa-CWLITEARM.lss
.
Creating Symbol Table: simpleserial-rsa-CWLITEARM.sym
arm-none-eabi-nm -n simpleserial-rsa-CWLITEARM.elf > simpleserial-rsa-CWLITEARM.sym
SS_VER set to SS_VER_2_1
SS_VER set to SS_VER_2_1
Size after:
text data bss dec hex filename
22720 116 18284 41120 a0a0 simpleserial-rsa-CWLITEARM.elf

Default target does full rebuild each time.

Specify buildtarget == allquick == to avoid full rebuild
±-------------------------------------------------------
±-------------------------------------------------------

Built for platform CW-Lite Arm (STM32F3) with:

CRYPTO_TARGET = MBEDTLS

CRYPTO_OPTIONS = RSA
±-------------------------------------------------------

UsamaMuddassar · September 19, 2023, 4:53am

And later on this code:

from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
e = 0x10001
n = 0x9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79
m = b"Hello World!"
hash_object = SHA256.new(data=m)
pub_key = RSA.construct((n, e))
signer = PKCS1_v1_5.new(pub_key)
sig_check = signer.verify(hash_object, sig)
print(sig_check)
assert sig_check, “Failed to verify signature on device. Got: {}”.format(newout)

Error:

False ---------------------------------------------------------------------------
NameError Traceback (most recent call last)
Cell In[11], line 16
13 sig_check = signer.verify(hash_object, sig)
14 print(sig_check)
—> 16 assert sig_check, “Failed to verify signature on device. Got: {}”.format(newout)
NameError: name ‘newout’ is not defined

Alex_Dewar · September 19, 2023, 1:37pm

Try changing newout to sig

UsamaMuddassar · September 20, 2023, 5:16am

@Alex_Dewar I have replaced newout with sig and getting following errors: