As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Changes

Jump to: navigation, search

Tutorial A5 Breaking AES-256 Bootloader

260 bytes added, 16:13, 23 July 2017
no edit summary
name = 'Our model'
def leakage(self, pt, ct, guess, bnum):
knownkey = <PUT YOUR 14TH ROUND KEY YOU RECOVERED HERE> #For example: knownkey = [0xea, 0x79, 0x79, 0x20, 0xc8, 0x71, 0x44, 0x7d, 0x46, 0x62, 0x5f, 0x51, 0x85, 0xc1, 0x3b, 0xcb]
xored = [knownkey[i] ^ pt[i] for i in range(0, 16)]
block = xored
Note you can check [[#Appendix C AES-256 13th Round Key Script]] for the complete contents of the attack script.
Finally, we need to convert this hypothetical key into the actual value of the 13th round key. We can do this by passing the key through ShiftRows and MixColumns to remove the effect of these two functions. This is easy to do in the Python console(assuming we had the recovered key <code>C6 BD 4E 50 AB CA 75 77 79 87 96 CA 1C 7F C5 82</code>, if you recovered a different key replace the <code>knownkey</code> value with yours):
<pre>
Approved_users
510
edits

Navigation menu