Tutorial Bootloader AES-CBC256, can't syncronize traces


#1

Hi,
I’m trying to do the tutorial A5 of the wiki, but I can’t break the 13th round key. Infact I can’t find a nice alligned last part of traces.

First I’ve tryed to alligned traces like the tutorial with SAD between 9100 and 9300. But the attack failed.

Then I’ve saw the AES round in traces so I’ve tryed to alligned them (points 6000 to 7500)

Finally I’ve tryed to alligne all the end of traces, but with no more results

I’ve also tryed the DTW syncro but it’s doesn’t work to. I was able to break the 14th round key so I think my capture is okay.

Thank a lot for any help

cyms


#2

Hi
In my experiece peak detect works wonders (min/max).
I usually do two peak detect prepropresses. One will align the traces mostly, and the second one will fix the remaining coupe of traces.

I recomend trying peak detect around a bigger peak.


#3

Hi pke,

Thank a lot for the reply :slight_smile: , I have tried the peak detect, like that :

traces = self.project.traceManager()

resync_traces = ResyncPeakDetect(traces)
resync_traces.enabled = True
resync_traces.ref_trace = 0
resync_traces.type="min"
resync_traces.range = (8200, 8400)
resync_traces.valid_limit = 1.0

resync_traces_2 = ResyncPeakDetect(resync_traces)
resync_traces_2.enabled = True
resync_traces_2.ref_trace = 0
resync_traces_2.type="min"
resync_traces_2.range = (10000, 10400)
resync_traces_2.valid_limit = 1.0

#End of whipwhisperer tutorial script

Here I tried to alligne two peaks
But it’s still doesn’t work, first this kind of setting is supposed to work ? (I don’t use the analyzer usually).
I’m starting to think I don’t undestand what I am doing, for me the AES round in between points 6500 to 8500, so why I have to alligne the end of all traces ?
Also can I share with you my traces for you to try ? (If you have the time).

I have also a question about the end of the tutorial, it’s difficult to find detail about the algorithm to ride up the key schedule in AES CBC 256. Anyone know where I can find details about this ?

Thank a lot for any help

cyms