I’m doing a research on side channel attacks and have sasebo-w board with smart card and a 6000s picoscope. I also have “chipwhisperer-0.12RC1” installed on my windows and FTDI drivers as well.
All sasebo-w modules are programmed including the FPGA and AVR. When using default sasebo-w files, everything is okay. I get the encrypted data and power traces as expected.
The bad part is that when I use chipwhisperer capture instead of default sasebo files, it cannot connect to the board! But with using example scripts(AES 128 sasebo-w with smart card) it doesn’t work beacuase i don’t have opanadc. when i change the scope to PicoScope with previous configurations, it connects to picoscope successfully and shows the waves, but it doesn’t connect to the board. The error given is
Traceback (most recent call last):
File "C:\chipwhisperer-0.12RC1\software\chipwhisperer\capture\ChipWhispererCapture.py", line 730, in doConDisTarget
File "C:\chipwhisperer-0.12RC1\software\chipwhisperer\capture\ChipWhispererCapture.py", line 192, in con
File "c:\chipwhisperer-0.12rc1\software\chipwhisperer\capture\targets\SmartCard.py", line 771, in con
File "c:\chipwhisperer-0.12rc1\software\chipwhisperer\capture\targets\SmartCard.py", line 405, in con
File "c:\chipwhisperer-0.12rc1\software\chipwhisperer\capture\targets\ChipWhispererTargets.py", line 469, in con
data = self.oa.sendMessage(CODE_READ, ADDR_STATUS)
AttributeError: 'NoneType' object has no attribute 'sendMessage'
Traceback (most recent call last):
File "C:\chipwhisperer-0.12RC1\software\chipwhisperer\capture\ChipWhispererCapture.py", line 768, in doConDis
File "C:\chipwhisperer-0.12RC1\software\chipwhisperer\capture\ChipWhispererCapture.py", line 757, in doConDisScope
AttributeError: 'PicoScopeInterface' object has no attribute 'qtadc'
But when I hit Target after it, it connects but all responses have length of zero!
I have tried this software for weeks but unfortunately I don’t know how to get a successful trace yet!
I think the driver currently in the system doesn’t work with the original SASEBO-W code. Can you send me a link to the original working version you are using? It was supposed at one point, so can double-check if that is a simple thing to get working again…
Of course! This is the link to the original version of sasebo-w codes and this is the guide for it. If you know a solution which works with the original version I would be so glad and thankful
But where is the alternative codes which work with sasebo-w and picoscope (unfortunately no openadc) ?
Which codes should be programmed to the FPGA and the IC card that works with both sasebo-w and picoscope?
And after all which settings is suitable for this purpose in Chipwhisperer capture?
Thanks a lot for all your time and efforts
I’m actually having trouble getting my SASEBO-W board working with the new computer for some reason, so taking longer than expected. But I can tell you what I planned on trying and maybe will give you a starting point.
There used to be a “serial” smartcard protocol, but I think I removed it as was somewhat outdated. I was hoping this would work with the SASEBO-W board, as the default setup in the guide you linked makes the board appear as a serial port. If I can get my SASEBO-W board working it might be a quick job to get that back in the software, and should give you the required functionality if so. I can’t promise though as I may have removed that module for another reason (i.e., wasn’t working with this board).
It may be a few days at least though before I get enough time to sort out why my board isn’t working on the new computer! Hopefully will have a better answer then…
It’s so nice of you helping us
Today I discovered when setting target of AESExplorer to SASEBOW Serial, the software can get the ATR successfully! Does that help?
I implied from your previous response that programming the FPGA with non-original sasebow files should work. If the idea of adding a simple module to chipwhisperer failed for some reason, do files from this link help?
Got it working - as I thought the code was 95% there already, as I had this working with the old software. It’s in the latest commit of GIT software. If you are using ChipWhisperer-Instant a “git pull” will be enough to give you this update.
With this working the steps are:
Select “Smart Card” as target
On the target tab, select “System Serial”
Select “SASEBO-W SmartCard OS” as protocol
Hit “Refresh Button”
Select your COM port in the drop-down
[*]Check the ATR is correct
Depending on your system, hitting “Refresh” might be enough. Otherwise you might need to check the com port is correct.
Use the monitor to check the input/output to the card, and just press “capture 1” to confirm it’s sending/receiving data.
With all that working, you can now connect your scope and it will also record power traces.
That’s so great!!! That is exactly what I wanted!
I use files from this repository. Unfortunately it was the latest version! I’m not sure if I’m doing something wrong that I don’t see the “System Serial (SASEBO-W)” option in Reader Hardware when setting target to smartcard in the program, or the repository I’m using does not have the commits you mentioned! I checked out the whole project and reinstalled it but there was no success! I also checked Commits tab of github But didn’t find anything relative…
I promise this is the last question of this thread
Oops… I forgot to have my script push updates to that repo, hold on a few mins here. The main repo is help on assembla.com/spaces/chipwhisperer , but the github one will be updated in about 10 mins automatically (restarted the script, takes a few mins to push everything through).
And don’t worry if there is more questions, I haven’t tested the code well so things might have broken
As you mentioned in video, each trace of length 20000 and sample rate of 156MS/s would be a good start for attacking AES. This makes the capture time 20000/156M=0.128 miliseconds . As I measured from my picoscope trigger channel, it takes about 4 miliseconds for AES algorithm to finish. So the capture takes about 3.2% of all the AES running time.
How is that it’s working? I guess perhaps your answer would be that our leackage model only uses first round. But I think even the first round takes more!