458
edits
As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
no edit summary
This tutorial will explore the ChipWhisperer Pro's custom trigger and stream features.
<h1>Introduction</h1>
<p>
Unique to the [[CW1200_ChipWhisperer-Pro]]'s more advanced FPGA, the stream feature allows continuous power measurement data streaming, removing the upper limit (due to a smaller FPGA) of total samples possible. This allows to you to continuously stream data for a time period in which you can manually send data to the target to record the power response. You can later find the subsection of sample points in the streamed power trace that correspond to the encryption of data. You can now use a subsection of 128 sample points to create a custom trigger using the sum of absolute differences. This eliminates the need for the target to have a code that signals the ChipWhisperer when encryption begins. The subset of points for triggering is chosen by you, so anything is possible... We will explore one possibility in this tutorial.
</p>
</li>
<li>
Modify this code by commenting out the <code>trigger_high();</code> and <code>trigger_low();</code> to remove the signal produced by the target to tell the ChipWhisperer it is starting has started the encryption process. Your c code should look like this:
<syntaxhighlight lang="c">
/**********************************
</li>
<li>
Open your command line in the <code>simpleserial-aes-stream</code> directory and run the <code>make</code> command for the correct target. For example: for the XMEGA run <code>make PLATFORM=CW303</code>. This will create a <code>.hex</code> file in the same directory. This step requires avr-gcc to be set-up and added to your system path. If you have not done this go back to [[Installing ChipWhisperer]] page under the <b>Required Tools</b> dropdown.
</li>
</ol>
Run the <code>Project > Example Scripts > ChipWhisperer-Lite: AES SimpleSerial on XMEGA</code> script. We will modify some of the settings.
</li>
The modifications to the settings will allow us the use stream mode while manually sending a plain text for encryption. We will then look at the stream data and identify where when the block encryption takes place and what it looks like.
<li>
Under the <b>Scope Settings</b> find the <b>ADC Clock</b> section. Here change the <b>Source</b> setting to <code>CLKGEN x1 via DCM</code>. The <b>ADC Sample Rate</b> field should auto-populate to <b>7.3846 MS/s</b> or a number approximately equal. If the sampling rate is above 10 MS/s the streaming mode will not work as the buffer in the FPGA will overflow.
</li>
<li>
Under the <b>Scope Settings</b> find the <b>Trigger Setup</b> section. Enable <b>Stream Mode</b>. The <b>Mode</b> field needs to be set to <code>low</code> so the sample capture starts right away because the target does not set the trigger line stays at low now that we have removed to code to set it high anymore during at the beginning of the encryptionprocess.
<br>
[[File:Trigger Setup_1.PNG]]
</li>
<li>
Under the same section change the <b>Total Samples</b> field to <code>11000000</code>. This will give use a window of approximately 1.5 seconds to send a plain text and capture measurements of the power measurements during encryption.
</li>
Note: The <b>Timeout (secs)</b> field needs to be set greater than the time it needs to stream the samples and a little additional time to allow for hardware communication. For example: 11 million samples take about 1.5 seconds at the sampling rate of 7.3MS/s so this field should be set to <code>2</code> seconds. You can set it higher if needed.
</li>
<li>
Repeat the previous step but before you send a plaintext the plain text press capture [[File:Capture One Button.PNG]] and then within one second 1.5 seconds send the plain text to the target for encryption. Hint: It is easier to do when you already have the plain text ready to send in the terminal and all you have to do is press send. The captured wave form should look like the following:
<br>
[[File:Stream Capture.PNG|1000px]]
Note: When pressing capture [[File:Capture One Button.PNG]], the ChipWhisperer automatically sends a plain text to the target. The plain text and response will show up in the terminal window but we are going to ignore this and focus on our manually sent plain text.
</li>
Looking at the wave form capture captured trace you can see notice that towards the end there is a series of power spikes in the sample data.
<br>
[[File:Identifying the Encryption.PNG|800px]]
<h1>Using a Power Pattern to Activate the Sum of Absolute Differences Trigger</h1>
We are going to use this repeating pattern to allow the [[CW1200_ChipWhisperer-Pro]] to identify when the encryption process occurs and use this to trigger our trace capture process. We can then use these traces to break the AES-128 encryption exactly the same as in [[Tutorial B5 Breaking AES (Straightforward)]].
<br>
[[File:Trigger Choice.PNG|800px]]
</li>
<li>
When you are satisfied with the position of your trigger points press <b>Set SAD Reference from Current Trace</b> to set and the currently selected points to will be used for the sum of absolute differences comparison carried out to activate the trigger.
</li>
</ol>
Note: The Sum of Absolute Differences is carried out during the measurement process and when the total sum of absolute differences of all 128 sample points is below the threshold, the trigger is set to high to start the capture of a trace. This was allows us to use a specific pattern can be chosen to initiate the capture process without any other data from the target. The SAD equation is as follows:
<br>
<math>
<ol start="3">
<li>
Once you have chosen the points that initialize the trigger you can drag the selection box around and take note of the <b>SAD Reference vs. Cursor</b> value and how it changes. Notice the that when the selection cursor is not in the correct spot the SAD should be is around 10000 or more. Choose a <b>SAD Threshold</b> that will trigger only when the selected pattern is observed. For example: 5000 for this example works should work fine(If not adjust as needed).
</li>
<li>
[[File:Final Capture Setup.PNG]]
</li>
We now have everything setup: The SAD Reference points will set cause the trigger to be set high as soon as the SAD is below the SAD Threshold of 5000. The ChipWhisperer will record a total of 20000 samples with 500 before the reference points and 2500 19500 during and after. We can test everything is properly setup by pressing the capture one button. You should see the same repeating pattern you saw before that represents the 10 rounds of encryption process.
<li>
Since we will be attacking the first round of the encryption process we do not need the other nine rounds. So set the <b>Total Samples</b> back to 3000. This will capture the first round and a bit of the second.
<h1>Conclusion</h1>
In this tutorial we have learned to use two of the [[CW1200_ChipWhisperer-Pro]]'s exclusive features stream mode and SAD Trigger. The stream feature allows us the continually stream and manually send plain text to the target to observe the encryption process. Then 128 sample points that make up a unique feature of the encryption process where chosen to activate the trigger during our following tracestrace capture. These two features together can be used to break the AES encryption of a device without any help from the target.
{{Template:Tutorials}}
[[Category:Tutorials]]