DPA with CW Probe

Hello All,

I am trying to learn about Side channel attacks and am using the Chipwhisperer probe to perform DPA,

A friend of mine gave me Atmega 1284P chip to attack. I have soldered it to a board and am running a standard AES encryption (CBC mode).
However, I am not able to get results (key). I use the settings that were in the Notduino board. Is there something that I am missing or do I need to write a custom script?

Thanks in advance :slight_smile: .

Are you capturing the traces in the exact moment the key is leaked? You may need to adjust the trigger if it is the case.

Hi there,

Most of the tutorials work with AES in ECB mode. This means that the input to the block cipher is the plaintext. If your device is using CBC mode, the input to AES will be the plaintext XORed with the previous ciphertext.

Are you using the standard built-in attacks from the Analyzer? You might have to modify a few things to make the CBC attack work.

@azisemer @gdeon. thank you for the reply.

Yes i am capturing the the traces, I am not sure if they are at the exact moment. I think i capture the multiple cycles on the trace. The capture looks like

imgur.com/a/5M2kf

however, when i keep it in multi capture mode, it looks like this

imgur.com/a/5M2kf

Do i need to make any changes?

@gdeon. Can you point me to any documentation that i can use to make those changes?

Thanks in advance :slight_smile:

What happened to your captureM traces? Are they jitter free?

Yes, they are jitter free.

I figured out the clock setting on the Cw program was different than that of the Atmega chip. I kept both the same (20 HZ) now. the traces look like this now

imgur.com/a/EPA8J

The atmega chip, however receives data on the UART (in a binary form). Will chipwhisperer able to crack the keys in this case?

Is it the scope capture resolution? If it is the case, you shoud probably use a frequency higher than the target clock.

Will do it and share the results.

Thank you :slight_smile:

Sorry for the slow answer from me - things have been crazy here this week!

Your first traces looked like they had an extremely small amplitude - there’s almost no signal to see there. Your second set of traces have a much higher amplitude, so I think that’s fixed.

In your most recent traces, are you showing three separate captures with the same settings? I would expect the traces to look almost identical. There’s also a “beat” effect in the traces. My guess is that you’ve set your ChipWhisperer clock frequency to match the ATMega’s clock frequency, but in reality the clocks are slightly different (ie: 20 MHz vs. 19.9 MHz).

You should try to fix these clock issues to make this attack work. One way to do this is to connect the ATMega clock to the ChipWhisperer’s EXTCLK input and use this signal as the ADC clock. Another way is to remove the ATMega clock source and drive it with the ChipWhisperer’s clock output instead.

The attacks should work with binary input (instead of UART) because we don’t really care about the data transmission - you’re just interested in watching the power consumption while the target is running the encryption. As long as you can get consistent power traces that include the first AES round, you should be able to get your attack working.

Thank you for the reply. Worked towards driving it from external clock. I was a bit confused because I was following the tutorial in which we give an input text and the encrypted output is received.
I am trying to setup the scenario for the binary, however I am not able to capture the traces. Can the Target settings be “bypassed” or do i need to use the Rx Tx. Right now I wrote a simple encryption on the Atmega to send messages over UART and am struggling a bit to receive messages on the chipwhisperer.

What are you doing on your Atmega? Where are the plaintexts coming from?

UART is definitely the easiest thing to use (as long as you can get it working on the target). You can’t totally bypass the TX/RX because you need to get the plaintexts somehow - you can’t do a side channel attack unless you have these.

Thank you for the reply.

I think I need to explain a bit on what I’m doing.

The aim is to get keys out of an Atmega board. The board takes a binary as an input on the serial link (no text). There are not much operations the board does - other than responding to serial instructions like ‘a’ , ‘b’ , ‘c’

To know the system better, I tried to recreate the Xmega tutorial, tried to port the code to work with the atmega board (its still not in perfect working condition, but I’m working on it), I did this to see if I’m doing the right thing and all the connections are in place.

So right now I wanted to use this information to extract keys.

At the moment I used the external clock from atmega crystal by selecting the option under ADC clock -> Souce = EXTCLK Direct. I am getting pretty good signals, however the capture M isnt working.

OK - so the plaintext/ciphertext get sent as 16 raw bytes instead of 32 characters. You should be able to work with that. I’m not sure what’s wrong with your Capture Many… the traces should look the same as the Capture 1 samples. Lots of things could be a bit off - maybe your plaintexts aren’t getting sent properly or your trigger signal isn’t working.

Alright, debugging that.
Thank you.
Also, will I be able to use ATMEGA 328 Hex files for the 1248 or change the code for 1248 ? I’m not able to run the encryption over the chip, I’m essentially re writing the code.

Hello All,

Thank you for the support.
I’m not able to send the raw data over the serial port. Is there a file / api that I can modify / use to do the same.

Are you still trying to use SimpleSerial? It must be complaining about receiving characters that it doesn’t expect…

You can write your own target class to use in CWCapture. Check out chipwhisperer/software/chipwhisperer/capture/targets. The _base.py file shows which methods you need to write and the SimpleSerial.py file shows how it’s done for the SimpleSerial protocol. You could take out a bunch of the error checking and just send your plaintext/key as 16 bytes, but you’ll still need to signal to the target which one is which!

Hello,

I did follow your intstructions, was unable to perform the attacks.

So i look a step backward and ported the chipshisperer XMega example on the chip (running at 20 Mhz). Now the setup runs fine and I able to get the text in / out.

However, I am not able to extract the keys. I tried using the extclk input from the Atmega board, however, the setup seems to stop working if I do so i.e. the chip does not give me the output text.

The other thing that happens is that the correct key bytes do come to the top, but they go down again. I had a look at the PGE vs Trace plot, it is quite random.

Is there anything else I can do?