458
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
Change header levels
{{TOC|limit=1}}
<h1h2>Prerequisites</h1h2>
<p>
</p>
<h1h2>Introduction</h1h2>
<p>
Unique to the [[CW1200_ChipWhisperer-Pro]]'s more advanced FPGA, the stream feature allows continuous power measurement data streaming, removing the upper limit (due to a smaller FPGA) of total samples possible. This allows to you to continuously stream data for a time period in which you can manually send data to the target to record the power response. You can later find the subsection of sample points in the streamed power trace that correspond to the encryption of data. You can now use a subsection of 128 sample points to create a custom trigger using the sum of absolute differences. This eliminates the need for the target to have code that signals the ChipWhisperer when encryption begins. The subset of points for triggering is chosen by you, so anything is possible... We will explore one possibility in this tutorial.
</p>
<h1h2>Building the Target Code</h1h2>
<p>
We will begin by modifying the <code>simpleserial-aes.c</code> code with a editor of your choice.
</ol>
<h1h2>Setting up Stream Mode</h1h2>
<ol>
</ol>
<h1h2>Capturing the Encryption Process</h1h2>
<ol>
</ol>
<h1h2>Using a Power Pattern to Activate the Sum of Absolute Differences Trigger</h1h2>
We are going to use this repeating pattern to allow the [[CW1200_ChipWhisperer-Pro]] to identify when the encryption process occurs and use this to trigger our trace capture process. We can then use these traces to break the AES-128 encryption exactly the same as in [[Tutorial B5 Breaking AES (Straightforward)]].
</ol>
<h1h2>Breaking the Encryption</h1h2>
We will now use the analyzer software to break the AES-128 encryption on the target and figure out the key. This section is analogous to [[Tutorial B5 Breaking AES (Straightforward) #Analyzing the Traces|Tutorial B5 Breaking AES (Straightforward)]] section of Tutorial B5. We can also use this setup for a profiling attack similar to [[Tutorial B7 Profiling Attacks (with HW Assumption)]].
<h1h2>Conclusion</h1h2>
In this tutorial we have learned to use two of the [[CW1200_ChipWhisperer-Pro]]'s exclusive features stream mode and SAD Trigger. The stream feature allows us the continually stream and manually send plain text to the target to observe the encryption process. Then 128 sample points that make up a unique feature of the encryption process where chosen to activate the trigger during trace capture. These two features together can be used to break the AES encryption of a device without any help from the target.
