Some trouble with capture_trace

I try to use the cwlite to get the speck trace, I can only run for about 5 epochs safely, after which it starts to repeatedly throw these errors like crazy.
here is the code


and here is the trouble

what should I do to avoid the error and warning ?

It’s a little hard to say what’s wrong without knowing your communication and firmware looks like. Keep in mind that capture_trace() is sends/receives the following:

  1. On the first iteration, it sends the key and expects an ack from the device.
  2. It will always send the “plaintext” (labelled ciphertext in your case)
  3. It will expect a response packet (configured by target.output_len) then an ack.

On the firmware side, the acks are taken care of automatically by simpleserial_get().

I use the cwlite

SCOPETYPE = 'OPENADC'
PLATFORM = 'CW308_STM32F3'
CRYPTO_TARGET='NONE'
SS_VER = 'SS_VER_1_1'
SAVE_REF=False
passed=True
ERR_MSG=""

%%bash
cd /home/qyh/side_attack/chipwhisperer/firmware/mcu/simpleserial-speck
make PLATFORM=‘CW308_STM32F3’ CRYPTO_TARGET=‘NONE’ SS_VER=‘SS_VER_1_1’

here is the simpleserial-speck.c


#include "hal.h"
#include <stdint.h>
#include <stdlib.h>
#include <string.h> 
#include "SPECK.h"
 
#include "simpleserial.h"
 
#define KEY_LENGTH 16
//#define DEFAULT_KEY 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
#define DEFAULT_KEY 0x11,0x11,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
#define NUM_ROUNDS 5 
// static uint8_t key[KEY_LENGTH] = {DEFAULT_KEY};
static int key_index = 0;
static int num_rounds = 5;
static uint8_t key[NUM_ROUNDS * 2] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};


uint8_t get_key(uint8_t* k)
{
	for(int i = 0; i < 1 * 2; i++)
	{
		key[i] = k[i];
	}
	return 0x00;
}


uint16_t* convert_to_uint16(uint8_t *data) {
    uint64_t binary_data = 0;
	uint16_t *output;
  
    for (int i = 0; i < 64; i++) {
        binary_data = (binary_data << 1) | (data[i] & 0x01); 
    }


    for (int i = 0; i < 4; i++) {
        output[i] = (binary_data >> (48 - i * 16)) & 0xFFFF; 
    }
	return output;
}

uint8_t* uint16_to_bit_array(uint16_t num) {
	uint8_t *bit_array = (uint8_t *)malloc(16 * sizeof(uint8_t));
	for (int i = 15; i >= 0; i--) {
		bit_array[i] = (num >> (15 - i)) & 0x01;
	}
	return bit_array;
}


uint8_t* int_to_bit_array(int num) {
	uint8_t *bit_array = (uint8_t *)malloc(16 * sizeof(uint8_t));
	for (int i = 15; i >= 0; i--) {
		bit_array[i] = (num >> (15 - i)) & 0x01;
	}
	return bit_array;
}

uint16_t* bytearray_to_ints(uint8_t *byte_array, uint16_t *int_list, size_t size) {
    if (size % 2 != 0) {
        printf("Error: Byte array size must be a multiple of 2\n");
        return NULL;
    }

    for (size_t i = 0; i < size / 2; i++) {
        int_list[i] = (byte_array[2 * i] << 8) | byte_array[2 * i + 1];  // 大端字节序
    }
	return int_list;
}

uint8_t enc(uint8_t* pt) {
	uint16_t* ks = (uint16_t*)malloc(num_rounds * sizeof(uint16_t));
	ks = bytearray_to_ints(key, ks, 1 * 2);
	uint16_t* ct_pair = convert_to_uint16(pt);
	uint16_t* p_1, p_2;
	uint16_t ct_1 = {ct_pair[0], ct_pair[1]};
	uint16_t ct_2 = {ct_pair[2], ct_pair[3]};
	trigger_high();
	p_1 = dec_one_round(ct_1, ks);
	p_2 = dec_one_round(ct_2, ks);
	trigger_low();
	uint8_t *key_array = uint16_to_bit_array(ks[0]);
	uint8_t *ct_1_left = uint16_to_bit_array(p_1[0]);
	simpleserial_put('r', 16, key_array);
	return 0x00;
}


 
uint8_t reset(uint8_t* x)
{
	// Reset key here if needed
	return 0x00;
}
//void platform_init(void);
int main(void)
{
	/*uint8_t tmp[KEY_LENGTH] = {DEFAULT_KEY};*/
 
	platform_init();
	init_uart();
	trigger_setup();
 
	simpleserial_init();
	simpleserial_addcmd('k', 2, get_key);
	simpleserial_addcmd('p', 64,  enc);
	simpleserial_addcmd('x',  0,   reset);
	while(1)
	simpleserial_get();
}

You should be statically allocating memory instead of using malloc. You’ve also got a bunch of memory leaks and you’re not doing doing any sort of error checking. Your target is probably hard faulting at some point.

For example, a much better way to structure something like

uint8_t* uint16_to_bit_array(uint16_t num) {
	uint8_t *bit_array = (uint8_t *)malloc(16 * sizeof(uint8_t));
	for (int i = 15; i >= 0; i--) {
		bit_array[i] = (num >> (15 - i)) & 0x01;
	}
	return bit_array;
}


//...

uint8_t *y = uint16_to_bit_array(x);

Is

int uint16_to_bit_array(uint16_t num, uint8_t *mem) {
    if (!mem) return -1;
	for (int i = 15; i >= 0; i--) {
		mem[i] = (num >> (15 - i)) & 0x01;
	}
    return 0;
}


//...
uint8_t y[16]; 
if (uint16_to_bit_array(x, y)) handle_error();

I recommend taking a look at example firmware (e.g. STM32CubeF3/Projects/STM32F3-Discovery/Examples/UART/UART_TwoBoards_ComIT/Src/main.c at master · STMicroelectronics/STM32CubeF3 · GitHub) for embedded devices to better understand how to write C code for embedded devices.