WARNING: Response too short (len=0)

Embedded Security ChipWhisperer Software
1

Hi Colin

So I wanted to follow tutorial #B1 but when I select “ChipWhisperer-Rev2: SimpleSerial Target” from Example Scripts in the project menu, the script automatically connect to the capture hardware. Instead of running 2 example traces, i get this error

Found programmed device
EZ-USB Microcontroller: Skipped firmware download (already done)
FPGA: Skipped configuration (already done)
No phase shift loaded

OpenADC Found, Connecting
WARNING: Response too short (len=0):

How to i fix this?
Thanks

2

From the monitor,there is Text In and Enc. Key but from Text Out and Expected I get ?

What might be causing this?

3

Hi Lira,

This happens when there is no “response” from the DUT. The most typical errors are (1) wrong/no firmware loaded, (2) wrong/no clock source, or(3) trigger at incorrect time.

What target are you using, can you post details of configuration? Is the “ADC Clock” an appropriate frequency?

Thanks,

-Colin

4

Hi Colin,

I am using chipwhisperer capture harware rev2 and my target is atmega 328p. I programmed the AVR with simple-serial-aes. My settings are as follows:

Scope module:chipwhisperer/OpenADC
Target module:Simple Serial
Trace Format:chipwhisperer/Native

Target settings-connection:chipwhisperer

Scope settings-connection:chipwhisperer rev2
trigger setup-mode:rising edge
ADC clock-source:EXTCLK x4 via DCM

On the trigger pins setup, I unselected Front Panel A and checked Target IO4(Trigger Line) and the clock source is Target IO-IN
Target INn Pins-Target IO1:serial RXD and Target IO2:serial TXD

Yes the frequency is correct, Its 7.37MHz

Did I perhaps miss anything?

Thanks

5

About the firmware, I went to tools and selected “Download CW Firmware”

6

Ah - try changing the IO1/IO2 pins:

Target INn Pins-
Target IO1:serial TXD
Target IO2:serial RXD

I think that is correct then… the TX/RX are swapped between XMEGA/AVR targets (historical reasons).

7

It’s giving the same errors :frowning: :angry:

8

Hmm… do you have a scope by chance?

Is it a new ATMega328P (i.e., not the one that came in the multitarget)? If so would also need to configure the fuses.

9

Hi Colin

I’m using the one that came with the multitarget. Yes I have an agilent scope

10

Hmm… can you scope the “TX” and “RX” jumpers? Just to see if data is flowing only one way… for example I suspect only one of them will have activity when you hit the “Capture 1” button, and would like to confirm this to narrow down possible error sources.

11

Hi Colin

It was a problem with the jumper settings…I am able to capture traces even thou there is still “?” on Expected. I ignored the warning

Another thing, I just wanted to find out how one can program the microcontroller with other algorithms from the crypto folder .eg.rsa and des from C:\chipwhisperer-0.12RC1\hardware\victims\firmware\crypto\avrcryptolib and and AES 256 from C:\chipwhisperer-0.12RC1\software\chipwhisperer\analyzer\attacks\models , will the results table from the analyzer software expand because of the longer key? What changes need to be made?

Any light shed will be appreciated

12

Hello,

Alright, great… the ? on expected means it’s not getting the ciphertext back. It could still indicate there was a problem as it’s not receiving the data, although if you are getting a trigger and an ok-looking waveform you can still do the attack (the response sin’t needed for the system to work).

Right now attacking other modules needs some “hacking” in the analyzer, which is done via making a custom script. An example of attacking AES-256 is available at newae.com/sidechannel/cwdocs/tut … 6boot.html.

We’re in the middle of re-writing the software, so will have some updates after that is done, as it will in the future be a lot easier to perform some specialized attacks…

-Colin

13

Hi Colin

I got an okay looking waveform and managed to do the attack. Thanks!