Discussions of performing power analysis, techniques, implementations, etc. Does not need to use ChipWhisperer.
#1312 by d2d2a
Fri May 19, 2017 7:22 am
hello i have a simply question
i am using cw-lite with xmega target
xmega code give trigger signall to the cw capture at begin of encryption alghoritm being used so thats how we can attach capture on specific moment with encryption used in it
but whats if i would wants to trace this alghoritm without informing cw-capture by xmega trigger ?
i guess i will need sad trigger for this which is not available in cw-lite do i have right ?
i have also externall rigol oscilloscope so maybe instead of sad triggering i can use it ? what kind of waveform are specific for various encryptions ? i just supose about that higher voltage drops than common one could indicate beginning of some kind of encryption so if yes... i can set rigol oscilloscope for trigger on higher voltage drops
thanks for any advice :)
#1314 by gdeon
Fri May 19, 2017 10:26 am
Hi there,

You're right that the CW-Lite doesn't have a SAD trigger - there's not enough space left on the FPGA to handle it. (You could also use a UART trigger on the CW-Pro, but the Lite doesn't have this either.)

It's definitely possible to use a Rigol scope as the trigger as long as your scope has a trigger output - most of them do. The easiest way to set this up is to connect the scope's trigger output to the ChipWhisperer's IO3 line and use IO3 as the trigger signal. (If you're using our firmware, the XMEGA pin for IO3 will be floating, but IO4 is driven - it's better to use the floating pin.) Check the Rigol's output level - the Lite can only handle 3.3 V inputs, so 5 V will make Bad Things (TM) happen.

It's hard to say what the encryption power trace will look like - this totally depends on your hardware setup, so it might take some experimenting with different levels/trigger types.

Let us know how it goes!
#1316 by d2d2a
Fri May 19, 2017 11:28 am
gdeon wrote:Hi there,

You're right that the CW-Lite doesn't have a SAD trigger - there's not enough space left on the FPGA to handle it. (You could also use a UART trigger on the CW-Pro, but the Lite doesn't have this either.)

It's definitely possible to use a Rigol scope as the trigger as long as your scope has a trigger output - most of them do. The easiest way to set this up is to connect the scope's trigger output to the ChipWhisperer's IO3 line and use IO3 as the trigger signal. (If you're using our firmware, the XMEGA pin for IO3 will be floating, but IO4 is driven - it's better to use the floating pin.) Check the Rigol's output level - the Lite can only handle 3.3 V inputs, so 5 V will make Bad Things (TM) happen.

It's hard to say what the encryption power trace will look like - this totally depends on your hardware setup, so it might take some experimenting with different levels/trigger types.

Let us know how it goes!

thanks for answer
It's definitely possible to use a Rigol scope as the trigger as long as your scope has a trigger output - most of them do. The easiest way to set this up is to connect the scope's trigger output to the ChipWhisperer's IO3 line and use IO3 as the trigger signal. (If you're using our firmware, the XMEGA pin for IO3 will be floating, but IO4 is driven - it's better to use the floating pin.) Check the Rigol's output level - the Lite can only handle 3.3 V inputs, so 5 V will make Bad Things (TM) happen.

yes this part i know and i already did that my rigol has trigger out

It's hard to say what the encryption power trace will look like - this totally depends on your hardware setup, so it might take some experimenting with different levels/trigger types.
this is what i mean
so the attack on closed device without knowledge of time/specific moment of encryption start should looked like a manually searching for possibly encryption in traces ?
just for example send encrypted data to the device + trigger before send and take a look on waveform ? after by looking into the waveforms and by moving capture moment ++++ ----- i will be finally able to find and set the proper capture moment for store valid traces for me ? :) i was pretty sure this kind of analisys have something to do with sad trigger or any other trigger based waveform triggering

or the idea is to just capturing enough of traces and loading them to cwanalyser after... if it will find some alghoritm this will means we are capturing in right time if not then we should back to cwcapture and repeat just move the trigger delay ?
#1318 by gdeon
Fri May 19, 2017 11:55 am
d2d2a wrote:this is what i mean
so the attack on closed device without knowledge of time/specific moment of encryption start should looked like a manually searching for possibly encryption in traces ?
just for example send encrypted data to the device + trigger before send and take a look on waveform ? after by looking into the waveforms and by moving capture moment ++++ ----- i will be finally able to find and set the proper capture moment for store valid traces for me ? :) i was pretty sure this kind of analisys have something to do with sad trigger or any other trigger based waveform triggering

or the idea is to just capturing enough of traces and loading them to cwanalyser after... if it will find some alghoritm this will means we are capturing in right time if not then we should back to cwcapture and repeat just move the trigger delay ?

Yes, this is what I mean - it will take a bit of manual searching. If your device is still doing nothing except encryptions, it should be very obvious when the encryption is running - the power will be significantly higher. However, attacking a real device with an operating system or interrupts is generally much more difficult...

I think the best way to do this is to use your scope to measure the serial RX/TX lines instead of the power signal. You can tell when the encryption is happening because the sequence of events looks like this:
- CW-Lite sends data over serial TX (get Rigol to output trigger here)
- Encryption happens (no serial communication)
- Target sends data back over serial RX
This should give you a pretty consistent timing on the Rigol trigger. You'll just have to move the CW-Lite's offset until you find the encryption in the power trace.

You're also right about the analyser - you'll know that your trigger worked if the attack succeeds. Of course, that can be awfully frustrating if the attack doesn't work :)
#1323 by d2d2a
Fri May 19, 2017 3:29 pm
gdeon wrote:
d2d2a wrote:this is what i mean
so the attack on closed device without knowledge of time/specific moment of encryption start should looked like a manually searching for possibly encryption in traces ?
just for example send encrypted data to the device + trigger before send and take a look on waveform ? after by looking into the waveforms and by moving capture moment ++++ ----- i will be finally able to find and set the proper capture moment for store valid traces for me ? :) i was pretty sure this kind of analisys have something to do with sad trigger or any other trigger based waveform triggering

or the idea is to just capturing enough of traces and loading them to cwanalyser after... if it will find some alghoritm this will means we are capturing in right time if not then we should back to cwcapture and repeat just move the trigger delay ?

Yes, this is what I mean - it will take a bit of manual searching. If your device is still doing nothing except encryptions, it should be very obvious when the encryption is running - the power will be significantly higher. However, attacking a real device with an operating system or interrupts is generally much more difficult...

I think the best way to do this is to use your scope to measure the serial RX/TX lines instead of the power signal. You can tell when the encryption is happening because the sequence of events looks like this:
- CW-Lite sends data over serial TX (get Rigol to output trigger here)
- Encryption happens (no serial communication)
- Target sends data back over serial RX
This should give you a pretty consistent timing on the Rigol trigger. You'll just have to move the CW-Lite's offset until you find the encryption in the power trace.

You're also right about the analyser - you'll know that your trigger worked if the attack succeeds. Of course, that can be awfully frustrating if the attack doesn't work :)

ok ive understand so for now this kind of manuall attack is beyond my knowledge so its time back to the glitching
and yes i know exactly how to attach the trigger but as i see for power analisys technique need to know exactly with whats we are playing , there is not such automatic triggers for tracking specific encryptions in traces there are only analysers for extract some data
EDIT:
another question is how i can simply sync my externall trigger device to trigger glitch explorer ?

what i mean exactly is based on tutorial A3 VCC Glitch Attacks

so ive set glitch explorer as follow:

Option Value
Name Offset
Script Command ['Glitch Module', 'Glitch Offset (as % of period)']
Data Format Float
Range -49 : 49
Value -49
Step 0.5
Repeat 1

now when i hit capture multi button then the python app begin of sending glitch + reseting the target and after each reset it move specific glitch parametres but when i hit capture1 button it doesnt change this parametres
now the big question is how i can move this parametres:

Option Value
Name Offset
Script Command ['Glitch Module', 'Glitch Offset (as % of period)']
Data Format Float
Range -49 : 49
Value -49
Step 0.5
Repeat 1

by just giving externall trigger signall to cw-lite ?
so for example each externall trigger signall give information to glitch explorer and glitch explorer just do the rest of job:

Option Value
Name Offset
Script Command ['Glitch Module', 'Glitch Offset (as % of period)']
Data Format Float
Range -49 : 49
Value -49
Step 0.5
Repeat 1

there must be easy way to do that
#1336 by gdeon
Tue May 23, 2017 8:27 am
d2d2a wrote:now when i hit capture multi button then the python app begin of sending glitch + reseting the target and after each reset it move specific glitch parametres but when i hit capture1 button it doesnt change this parametres

...

by just giving externall trigger signall to cw-lite ?
so for example each externall trigger signall give information to glitch explorer and glitch explorer just do the rest of job

Ah, I see what you're trying to do now. Here's the sequence of events that I'm picturing after you press Capture Many:
  • ChipWhisperer sends encryption input to target device
  • Rigol scope detects the pattern you set up and outputs trigger signal
  • ChipWhisperer receives trigger signal
  • CW trigger signal causes ADC sampling to begin
  • CW trigger signal also causes glitch output
  • Glitch Explorer records output and updates glitch settings
  • Repeat until all glitch settings have been tested
Does this make sense?

It's not currently possible to sweep the glitch settings without Capture Many running. When no captures are running, CWCapture doesn't expect any data from the serial lines, so it doesn't know to send any information to the glitch explorer.
#1340 by d2d2a
Tue May 23, 2017 4:24 pm
gdeon wrote:
d2d2a wrote:now when i hit capture multi button then the python app begin of sending glitch + reseting the target and after each reset it move specific glitch parametres but when i hit capture1 button it doesnt change this parametres

...

by just giving externall trigger signall to cw-lite ?
so for example each externall trigger signall give information to glitch explorer and glitch explorer just do the rest of job

Ah, I see what you're trying to do now. Here's the sequence of events that I'm picturing after you press Capture Many:
  • ChipWhisperer sends encryption input to target device
  • Rigol scope detects the pattern you set up and outputs trigger signal
  • ChipWhisperer receives trigger signal
  • CW trigger signal causes ADC sampling to begin
  • CW trigger signal also causes glitch output
  • Glitch Explorer records output and updates glitch settings
  • Repeat until all glitch settings have been tested
Does this make sense?

It's not currently possible to sweep the glitch settings without Capture Many running. When no captures are running, CWCapture doesn't expect any data from the serial lines, so it doesn't know to send any information to the glitch explorer.

yes something like that but i my main question is:
in this tutorials we are setting a simply loop trought glitch explorer:

Option Value
Name Offset
Script Command ['Glitch Module', 'Glitch Offset (as % of period)']
Data Format Float
Range -49 : 49
Value -49
Step 0.5
Repeat 1

this loop will rise glitch offset as % of period everytime when fresh capture begin and now:
- depend on whats exactly glitch explorer rise this glitch offset ? by depend on just capture trigger ? or by depend on uart specific replays ?
if this is done by depend on capture trigger then this is exactly whats i will need in future because i can easy set my externall device to check any replays itself and check any of i2c or spi or whatever status i needs > route it to cw-lite and by depend on that trigger glitch-explorer will everytime change glitch width
cw-lite does not need to have specific triggers cause my own triggers will generate hi/lo signal at the output
its hard for me to explain some things in english language sometimes
have also new questions :)
1. i have build and solder myself differential probe 1 year ago based on newae projects and i know how it working but i have one question
this probe is usefull for some of devices on which is not possibly to deliver clean power signall ?
2. is the cw-pro version will be maybe available soon as standalone version without additionall equipment ? and if yes how much it will cost ? :)
3. if i can sync in future any of externall oscilloscope myself with cw-lite does this connection would allow me to use synchronous sampling ? or this is not possibly or depend on oscilloscope limitations ?
4. does the newae have in plan maybe in future to add some tools for fault injection like lasers or electromagnetic glitchers or similiar tools ? :)
5. is the clockrecovery board will be available for sale in future ?
6. i am searching complete working stm32 board for perform sca attacks with cw-lite , is the pinata riscure board produced by waveshare will be good choice ? it is running at 168mhz on main clk but maybe the crypto core in it is much slower than main core ? or if not maybe this board ? https://shop.mikroe.com/development-boa ... er/stm32f4
#1372 by gdeon
Thu May 25, 2017 8:53 am
d2d2a wrote:yes something like that but i my main question is:
in this tutorials we are setting a simply loop trought glitch explorer:

Option Value
Name Offset
Script Command ['Glitch Module', 'Glitch Offset (as % of period)']
Data Format Float
Range -49 : 49
Value -49
Step 0.5
Repeat 1

this loop will rise glitch offset as % of period everytime when fresh capture begin and now:
- depend on whats exactly glitch explorer rise this glitch offset ? by depend on just capture trigger ? or by depend on uart specific replays ?
if this is done by depend on capture trigger then this is exactly whats i will need in future because i can easy set my externall device to check any replays itself and check any of i2c or spi or whatever status i needs > route it to cw-lite and by depend on that trigger glitch-explorer will everytime change glitch width
cw-lite does not need to have specific triggers cause my own triggers will generate hi/lo signal at the output

Inside CWCapture, the glitch explorer steps through its parameters every time the ChipWhisperer finishes capturing a trace. This doesn't really depend on the UART data - once the ChipWhisperer is armed and it receives a trigger signal, it will record and send back some ADC data, and this is when the glitch explorer moves on to the next set of width/offset/etc. You can definitely record SPI/I2C/UART/other information with your other scopes and view this afterwards as well.

d2d2a wrote:have also new questions :)
1. i have build and solder myself differential probe 1 year ago based on newae projects and i know how it working but i have one question
this probe is usefull for some of devices on which is not possibly to deliver clean power signall ?
2. is the cw-pro version will be maybe available soon as standalone version without additionall equipment ? and if yes how much it will cost ? :)
3. if i can sync in future any of externall oscilloscope myself with cw-lite does this connection would allow me to use synchronous sampling ? or this is not possibly or depend on oscilloscope limitations ?
4. does the newae have in plan maybe in future to add some tools for fault injection like lasers or electromagnetic glitchers or similiar tools ? :)
5. is the clockrecovery board will be available for sale in future ?
6. i am searching complete working stm32 board for perform sca attacks with cw-lite , is the pinata riscure board produced by waveshare will be good choice ? it is running at 168mhz on main clk but maybe the crypto core in it is much slower than main core ? or if not maybe this board ? https://shop.mikroe.com/development-boa ... er/stm32f4

I'll try to answer as much as I can here...
1. This is the idea - if your power supply has some noise (for example, a switching supply) then the differential probe will help to cancel out a lot of this noise.
2. You can buy a standalone CW1200 now! On the CW Pro page, one of the options at the bottom is to purchase just the ChipWhisperer and the orange carry case. The price is $3,200.
3. I'm not sure about this - I doubt that most oscilloscopes can do this synchronous sampling but I could be wrong.
4. I don't know if we have any plans to make EM/laser glitching tools. Maybe we could ask Colin nicely :)
5. You can still buy the blank clock recovery PCB on the store! I don't think we ever sold this fully assembled. There's no info about this on our current wiki, but the old wiki page still has build instructions and tips.
6.[ That board looks a little bit fast - if you're willing to experiment with it then you might be able to use it. We also sell an STM32F target for the CW308 UFO board - this one comes with an STM32F0 mounted, but you can also use an F1/2/3/4 processor. (This is fun for side channel stuff because it's the only 32-bit board we have - things are a bit different compared to an 8-bit XMEGA/AVR board!)
#1374 by d2d2a
Thu May 25, 2017 9:20 am
ah well now i understand almost everything big thanks! especially by this glitch-explorer advice - and this is exactly whats i was searching for now i will be able to trigger my externall devices by my own triggers and later than trigger cw-lite and set/re-set glitch parametres easy !

1. yes so even if cw-lite can deliver clean power signal to the externall device then this device could generate its own noises so really there we will need diff-probe right ? :)
5. yes i know but there could be one problem with reprogramming PLL by myself but i will try
6. ok

btw
whats does exactly give us chipwhisperer-pro by according to its larger buffer ?
because as i understand if we mean side channel attacks we are recording some of traces , then one shot should record whole of significant trace and later we will perform next shots to records same traces for compare or match so the buffer of cw-lite will should be enough right ? or maybe sometimes we will need larger buffer because some of encryption attacks would need to perform larger traces ? or maybe this device is for attacking devices which have implemented some kind of sca countermeasures like adding random jitters to the signall ? btw perhaps any of cheap hobbiest microcontrollers like avr , arm doesnt have implemented security like that right ? just some of them have implemented hardware crypto core for doing aes/3des like stm32
and can we just run it standalone without connecting to the computer ? just by setting glitches trought tft display ?
#1379 by gdeon
Thu May 25, 2017 10:38 am
Diff-probe: right, it can definitely help if there's any other noise on your target's board.

The two big changes to the Pro's sampling buffer are:
- Larger buffer: record 4x as many samples
- Streaming mode: record as many samples as you want, as long as you're sampling slower than 10 MHz
These features can be useful for a couple of purposes! Here are a few ideas:
1. Manual encryption setup: press Capture 1 in streaming mode, send a plaintext manually, and see what's happening before/during/after encryption
2. Long encryption algorithms: asymmetric crypto usually takes much longer (for example, most elliptic curve algorithms are quite slow), so you can capture the whole process by streaming
3. Watching things you can't easily trigger: if you're working with an embedded operating system, you might want to see a power trace during a context switch. It's very difficult to do this on the Lite, but the Pro can simply capture one long trace and you can search through it afterwards.
The Pro doesn't run as a standalone box though - it still needs to be connected to a computer. The touchscreen allows you to trigger glitches manually and it shows the current settings, but you can't change the values on the screen.

Who is online

Users browsing this forum: No registered users and 1 guest