Best Oscilloscope under $300?

Hey guys,

I was wondering if someone could point me to a suitable Oscilloscope under $300 for side channel analysis? I presume it should be something like 200M/s and capable of handing input from portable devices. Anyone have good buys?

Thanks!

@supercat
Hi,
are you interested in implementing attacks on hardware (FPGAs) or software (microprocessor) cryptographic implementations?

Maybe both but mostly cryptographic implementations.

I am not very familiar with attacks on software implementations (I am mostly into attacks on hardware implementations) but one thing is for sure, the power signal of a cryptographic hardware implementation varies a lot from the power signal of microprocessor running a cryptographic algorithm, in terms of TIME.

A microprocessor takes a lot of clock cycles to run the commands of a software cryptographic algorithm, so the next most important thing (after the bandwidth of your oscilloscope) is the memory buffer inside your oscilloscope that saves the acquired traces. It is also good for your oscilloscope to have a fairly good resolution (probably better than 8-bit) because I believe that a microprocessor is a lot noisier than an FPGA.

On the other hand, a hardware cryptographic implementation running inside an FPGA takes a few clock cycles to finish, because many processes run in each clock cycle. So apart from the oscilloscope bandwidth, the most important thing in order to be able to catch a pretty useful signal for your attacks is the SAMPLING RATE of your oscilloscope (which is not independent from the oscilloscope Bandwidth). Your point in the hardware implementations is to catch the spikes that happen between each clock cycle. Those spikes are more dependent on the technology of the transistors inside the FPGA and the critical path they form in your implementation, rather than the clock your hardware implementation runs on.

So to sum-up:
Software implementations: sampling rate in order of Ms/s should be pretty enough.
Hardware implementations: sampling rate should start from 2Gs/s and above, in order to be sure that you get a fair signal for analysis.

I am using a Piscope of the 5000 series, to sample my hardware implementations but still 2Gs/s is not enough. The signal is pretty under sampled.

Thanks for the great summary! I hope this is helpful for others too.

To reduce the bandwidth you need, you could see if you can reduce the clock speed on the “victim” board.

I’m not sure if thats possible on FPGA’s but most MCU’s use external crystals for their oscillator, and you can often, disconnect the crystal and inject a slower clock signal into one of the 2 pins that the crystal was connected to.

The downside of this, is that the comms speed to the MCU will change and it will probably no longer communicate with its normal host.

e.g. USB is a problem in this case as the normal clock speed for USB is 48Mhz and is normally derived from the clock freq on the MCU (either a divider from the main clock freq e.g. 120Mhz or a PLL multplier up from e.g. 8Mhz external crystal frequency.

In the case of USB you’d need to run a the USB host at a correspondingly slow clock rate, to match your MCU rate e.g. if you run the MCU 8 times slower than normal e.g. 1Mhz external clock input rather than 8Mhz, you’d need to run your USB host at 6Mhz

Unfortunately this is not easy.

Im new on the forum, and new to whispering coming from an automotive background
I have a snap on verus with a built in picoscope - the old model is often available for a few hundred ponds in the UK and is the cheapest way to buy a 4 channel picoscope
I also have a hantek 1008 which I use on canbus its quoted at 2.4m/s 12 bit, I think the use to make a la5034 logic analyser than ran faster on 34? channels or 32 and 2 scope but it is not made anymore

JJ