|
|
(14 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | {{Warningbox|This tutorial has been updated for ChipWhisperer 4.0.0 release. If you are using 3.x.x see the "V3" link in the sidebar.}} | + | {{Warningbox|This tutorial has been updated for ChipWhisperer 5 release. If you are using 4.x.x or 3.x.x see the "V4" or "V3" link in the sidebar.}} |
| | | |
| {{Infobox tutorial | | {{Infobox tutorial |
Line 8: |
Line 8: |
| |capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro | | |capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro |
| |Target Device = | | |Target Device = |
− | |Target Architecture = XMEGA | + | |Target Architecture = XMEGA/ARM |
| |Hardware Crypto = No | | |Hardware Crypto = No |
| |Purchase Hardware = | | |Purchase Hardware = |
| }} | | }} |
| | | |
− | This tutorial will take you through a complete attack on a software AES implementation. The specific implementation being attacked is a well-known AES implementation written in C, which is likely to be similar to other implementations used by proprietary systems.
| + | <!-- To edit this, edit Template:Tutorial_boilerplate --> |
| + | {{Tutorial boilerplate}} |
| | | |
− | = Capturing =
| + | * Jupyter file: '''PA_CPA_1-Using_CW-Analyzer_for_CPA_Attack.ipynb''' |
− | This tutorial runs on four different hardware targets. You only need to follow the steps for your given hardware.
| + | |
| | | |
− | == Capturing with ChipWhisperer-Lite/Pro with default XMEGA Target (CW303) ==
| |
| | | |
− | NOTE: You can see a Quick-Start Guide and Video for this target on the [[CW1173_ChipWhisperer-Lite]] page:
| + | == XMEGA Target == |
| | | |
− | [[File:Cwlite_demo_video.png|link=http://www.youtube.com/watch?v=MJmkYqA-LeM&hd=1]]
| + | See the following for using: |
| + | * ChipWhisperer-Lite Classic (XMEGA) |
| + | * ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (including NAE-SCAPACK-L1/L2 users) |
| + | * ChipWhisperer-Pro + XMEGA Target on UFO Board |
| | | |
− | === Hardware Setup ===
| + | https://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_cpa_1-openadc-cwlitexmega.html#tutorial-pa-cpa-1-openadc-cwlitexmega |
| | | |
− | <ol style="list-style-type: decimal;">
| + | == ChipWhisperer-Lite ARM / STM32F3 Target == |
− | <li><p>Connect the CW1173/CW1200 by USB cable to computer.</p>
| + | |
− | <blockquote><p>[[File:cw1173_microusb.jpg|image]]</p></blockquote>
| + | |
− | </li>
| + | |
− | <li> The software AES implementation that will run on the target is located in <code>chipwhisperer\hardware\victims\firmware\simpleserial-aes</code>. In a terminal window, navigate here and run the command <code>make</code> to build the firmware.
| + | |
| | | |
− | As in previous tutorials, ensure that the firmware has been built for the correct board. Here, the output of <code>make</code> should end like
| + | See the following for using: |
− | <pre>
| + | * ChipWhisperer-Lite 32-bit (STM32F3 Target) |
− | AVR Memory Usage
| + | * ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (including NAE-SCAPACK-L1/L2 users) |
− | ---------------- | + | * ChipWhisperer-Pro + STM32F3 Target on UFO Board |
− | Device: atxmega128d3
| + | |
| | | |
− | Program: 3078 bytes (2.2% Full)
| + | https://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_cpa_1-openadc-cwlitearm.html#tutorial-pa-cpa-1-openadc-cwlitearm |
− | (.text + .data + .bootloader)
| + | |
| | | |
− | Data: 352 bytes (4.3% Full)
| + | == ChipWhisperer Nano Target == |
− | (.data + .bss + .noinit)
| + | |
| | | |
| + | See the following for using: |
| + | * ChipWhisperer-Nano |
| | | |
− | Built for platform CW-Lite XMEGA
| + | https://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_cpa_1-cwnano-cwnano.html#tutorial-pa-cpa-1-cwnano-cwnano |
− | | + | |
− | -------- end --------
| + | |
− | </pre>
| + | |
− | Make sure that the platform is correct.
| + | |
− | </li>
| + | |
− | | + | |
− | <li> Upload the firmware to the target chip. The process to do this is the same as the previous tutorials:
| + | |
− | * Open the ChipWhisperer Capture software.
| + | |
− | * Connect to the ChipWhisperer. (You can do this using a script or by filling out the generic settings and connecting to the board yourself.)
| + | |
− | * Open the XMEGA Programmer (**Tools > ChipWhisperer-Lite XMEGA Programmer**).
| + | |
− | * Find the hex file you compiled and program it onto the target.
| + | |
− | </li>
| + | |
− | </ol>
| + | |
− | | + | |
− | === Capturing the Traces ===
| + | |
− | | + | |
− | [[File:cwsetup_scriptselection.png|889x889px]]
| + | |
− | | + | |
− | # Switch to the ''Python Console'' tab.
| + | |
− | # The script selection window (2) lists available example scripts. Scroll down to "connect_cwlite_simpleserial.py" and click on it.
| + | |
− | # You will see the script contents appear in the "Script Preview" window (3). You can either hit the "Run" button or double-click the filename of the script to execute it. Do either of those now.
| + | |
− | | + | |
− | The window should change to indicate the connect succeeded:
| + | |
− | | + | |
− | [[File:cwsetup_scriptselection_cwliterun.png|889x889px]]
| + | |
− | | + | |
− | <p>
| + | |
− | <ol start="4" style="list-style-type: decimal;">
| + | |
− | <li>The console lists the exact script that is executed. Note you could have manually executed the script commands line-by-line in this console.</li>
| + | |
− | <li>The "Scope" and "Target" buttons will show as connected.</li>
| + | |
− | <li>The Status Bar will show a connection.</li>
| + | |
− | </ol>
| + | |
− | </p>
| + | |
− | Note in previous software versions, this tutorial took you through manual setup. This can still be done (using the GUI), but instead now the API has been made more powerful, so the example configuration script will be used instead.
| + | |
− | | + | |
− | To do so, simply scroll down and select the "setup_cwlite_xmega_aes.py" file:
| + | |
− | | + | |
− | [[File:cwsetup_scriptselection_xmegaconfig_cwliterun.png]]
| + | |
− | | + | |
− | <p>To complete the tutorial, follow these steps:</p>
| + | |
− | <ol start="7" style="list-style-type: decimal;">
| + | |
− | <li>Switch to the ''General Settings'' tab</li>
| + | |
− | <li>If you wish to change the number of traces, do so here. The default of 50 should be sufficient to break AES though!</li>
| + | |
− | <li>Hit the ''Capture Many'' button (M in a green triangle) to start the capture process.</li>
| + | |
− | <li>You will see each new trace plotted in the waveform display.</li>
| + | |
− | <li>You'll see the trace count in the status bar. Once it says ''Trace 50 done'' (assuming you requested 50 traces) the capture process is complete.</li>
| + | |
− | <li>Finally save this project using the ''File --> Save Project'' option, give it any name you want.</li>
| + | |
− | <li>Skip ahead to [[#Analyzing_the_Traces]].</li></ol>
| + | |
− | | + | |
− | == Capturing with ChipWhisperer-Lite/Pro with NOTDuino (CW304) ==
| + | |
− | | + | |
− | === Hardware Setup ===
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>Set jumpers on NOTDuino to default position (see silkscreen on bottom of NOTDuino for default positions).</li>
| + | |
− | <li>Connect the NOTDuino using the SMA cable on the "measure" port, and the 20-pin IDC cable:</li>
| + | |
− | <li><p>Connect the CW1173/CW1200 by USB cable to computer.</p>
| + | |
− | <p>[[File:cw1173_avr_microusb.jpg|image]]</p></li></ol>
| + | |
− | | + | |
− | === Capturing the Traces ===
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>Close & reopen the capture software (to clear out any previous connection which may be invalid).</li>
| + | |
− | <li><p>From the ''Project'' menu elect the ''Example Scripts'' and then ''ChipWhisperer-Lite: AES SimpleSerial on ATMega328P''</p>
| + | |
− | <p>[[File:runscript_cw1173avr.png|image]]</p></li>
| + | |
− | <li><p>The script will automatically connect to the capture hardware and run 2 example traces. You should see something that looks like the following screen:</p>
| + | |
− | <p>[[File:capture.png|image]]</p>
| + | |
− | <p>To complete the tutorial, follow these steps:</p>
| + | |
− | <blockquote><ol style="list-style-type: decimal;">
| + | |
− | <li>Switch to the ''General Settings'' tab</li>
| + | |
− | <li>If you wish to change the number of traces, do so here. The default of 50 should be sufficient to break AES though!</li>
| + | |
− | <li>Hit the ''Capture Many'' button (M in a green triangle) to start the capture process.</li>
| + | |
− | <li>You will see each new trace plotted in the waveform display.</li>
| + | |
− | <li>You'll see the trace count in the status bar. Once it says ''Trace 50 done'' (assuming you requested 50 traces) the capture process is complete.</li></ol>
| + | |
− | </blockquote></li>
| + | |
− | <li>Finally save this project using the ''File --> Save Project'' option, give it any name you want.</li>
| + | |
− | <li>Skip ahead to [[#Analyzing_the_Traces]].</li></ol>
| + | |
− | | + | |
− | == Capturing with PicoScope + Multi-Target (CW301) ==
| + | |
− | | + | |
− | <TODO>
| + | |
− | | + | |
− | = Analyzing the Traces =
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>Open the Analyzer software</li>
| + | |
− | <li>From the ''File --> Open Project'' option, navigate to the .cwp file you save previously. Open this file.</li>
| + | |
− | <li><p>Select the ''Project --> Manage Traces'' option to open the dialog, enable the captured traces by adding a check-mark in the box. Close the dialog with `ESC`:</p>
| + | |
− | <p>[[File:tracemanage.png|image]]</p></li>
| + | |
− | <li><p>If you wish to view the trace data, follow these steps:</p>
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>Switch to the ''Waveform Display'' tab</li>
| + | |
− | <li>Switch to the ''General'' parameter setting tab</li>
| + | |
− | <li>You can choose to plot a specific range of traces</li>
| + | |
− | <li>Hit the ''Redraw'' button when you change the trace plot range</li>
| + | |
− | <li>You can right-click on the waveform to change options, or left-click and drag to zoom</li>
| + | |
− | <li>(oops there is no 6)</li>
| + | |
− | <li>Use the toolbar to quickly reset the zoom back to original</li></ol>
| + | |
− | | + | |
− | <p>[[File:traceplotting.png|image]]</p></li>
| + | |
− | <li><p>You can view or change the attack options on the ''Attack'' parameter settings tab:</p>
| + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>The ''Hardware Model'' settings are correct for the software AES by default</li>
| + | |
− | <li>The ''Point Setup'' makes the attack faster by looking over a more narrow range of points. Often you might have to characterize your device to determine the location of specific attack points of interest.</li>
| + | |
− | <li>''Traces per Attack'' allows you to use only a subset of capture traces on each attack. Or if you have for example 1000 traces, you could average the results of attacking 50 traces over 200 attack runs.</li>
| + | |
− | <li>''Reporting Interval'' is how often data is generated. A smaller interval generates more useful output data, but greatly increases computational complexity (e.g. slows down attack). If you only care about attacking the system, the reporting interval can be set to the number of traces. In which case the attack runs completely, and you get the results. For this tutorial you can set to a smaller number (such as 5).</li></ol>
| + | |
− | | + | |
− | <p>[[File:attacksettings.png|image]]</p></li>
| + | |
− | <li><p>Finally run the attack by switching to the ''Results Table'' tab and then hitting the ''Attack'' button:</p>
| + | |
− | <p>[[File:attack.png|image]]</p></li>
| + | |
− | <li><p>If you adjusted the ''Reporting Interval'' to a smaller number such as 5, you'll see the progression of attack results as more traces are used. If not you should simply see the final results, which should have the correct key highlighted in red. In the following case the correct key ''was'' recovered:</p>
| + | |
− | <p>[[File:attack-done.png|image]]</p></li>
| + | |
− | <li><p>You can also switch to the ''Output vs Point Plot'' window to see ''where'' exactly the data was recovered:</p>
| + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>Switch to the ''Output vs Point Plot'' tab</li>
| + | |
− | <li>Turn on one of the bytes to see results.</li>
| + | |
− | <li>The ''known correct'' guess for the key is highlighted in red. The wrong guesses are plotted in green. You can see that the attacked operation appeared to occur around sample 40 for key 0. Remember you can click-drag to zoom in, then right-click and select ''View All'' to zoom back out.</li>
| + | |
− | <li>Turn on another byte to see results for it.</li>
| + | |
− | <li>This byte occured much later - sample 1240. By exploring where the maximum correlation was found for the correct key-guess of each byte, you can determine where exactly the attacked operation occured.</li></ol>
| + | |
− | | + | |
− | <p>[[File:attack-done2.png|image]]</p></li></ol>
| + | |
− | | + | |
− | = Next Steps =
| + | |
− | | + | |
− | This has only briefly outlined how to perform a CPA attack. You can move onto more advanced tutorials, especially showing you how the actual attack works when performed manually.
| + | |
− | | + | |
− | {{Template:Tutorials}}
| + | |
− | [[Category:Tutorials]]
| + | |
This tutorial will introduce you to measuring the power consumption of a device under attack. It will demonstrate how you can view the difference between assembly instructions. In ChipWhisperer 5 Release, the software documentation is now held outside the wiki. See links below.
Running the tutorial uses the referenced Jupyter notebook file.