As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Difference between revisions of "Tutorial A7 Glitch Buffer Attacks"

From ChipWhisperer Wiki
Jump to: navigation, search
(Bootloader Setup: Added build description)
 
(11 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This tutorial discusses a specific type of glitch attack. It shows how a simple printing loop can be abused, causing a target to print some otherwise private information. This attack will be used to recover a plaintext without any knowledge of the encryption scheme being used.
+
{{Warningbox|This tutorial has been updated for ChipWhisperer 5 release. If you are using 4.x.x or 3.x.x see the "V4" or "V3" link in the sidebar.}}
  
= Background =
+
{{Infobox tutorial
This section introduces the attack concept by showing some real world examples of vulnerable firmware. Then, it describes the victim firmware that will be used in this tutorial.
+
|name                  = A7: Glitch Buffer Attacks
 +
|image                  =  
 +
|caption                =
 +
|software versions      =
 +
|capture hardware      = CW-Lite
 +
|Target Device          =
 +
|Target Architecture    = XMEGA/Arm
 +
|Hardware Crypto        = No
 +
|Purchase Hardware      =
 +
}}
  
== Real Firmware ==
+
<!-- To edit this, edit Template:Tutorial_boilerplate -->
Typically, one of the slowest parts of an embedded system is its communication lines. It's pretty common to see a processor running in the MHz range with a serial connection of 96k baud. To make these two different speeds work together, embedded firmware usually fills up a buffer with data and lets a serial driver print on its own time. This setup means we can expect to see code like
+
{{Tutorial boilerplate}}
<pre>
+
for(int i = 0; i < number_of_bytes_to_print; i++)
+
{
+
    print_one_byte_to_serial(buffer[i]);
+
}
+
</pre>
+
  
This is a pretty vulnerable piece of C. Imagine that we could sneak into the source code and change it to
+
* Jupyter file: '''Fault_3-Glitch_Buffer_Attacks.ipynb'''
<pre>
+
for(int i = 0; i < really_big_number; i++)
+
{
+
    print_one_byte_to_serial(buffer[i]);
+
}
+
</pre>
+
C compilers don't care that <code>buffer[]</code> has a limited size - this loop will happily print every byte it comes across, which could include other variables, registers, and even source code. Although we probably don't have a good way of changing the source code on the fly, we do have glitches: a well-timed clock or power glitch could let us skip the <code>i < number_of_bytes_to_print</code> check, which would have the same result.
+
  
How could this be applied? Imagine that we have an encrypted firmware image that we're going to transmit to a bootloader. A typical communication process might look like:
 
# We send the encrypted image ciphertexts over a serial connection
 
# The bootloader decrypts the ciphertexts and stores the result somewhere in memory
 
# The bootloader sends back a response over the serial port
 
We have a pretty straightforward attack for this type of bootloader. During the last step, we'll apply a glitch at precisely the right time, causing the bootloader to print all kinds of things to the serial connection. With some luck, we'll be able to find the decrypted plaintext somewhere in this memory dump.
 
  
== Bootloader Setup ==
+
== XMEGA Target ==
For this tutorial, a very simple bootloader using the SimpleSerial protocol has been set up. The source for this bootloader can be found in <code>chipwhisperer/hardware/victims/firmware/bootloader-glitch</code>. The following commands are used:
+
* <code>pABCD\n</code>: Send an encrypted ciphertext to the bootloader. For example, this message is made up of the two bytes <code>AB</code> and <code>CD</code>.
+
* <code>r0\n</code>: The reply from the bootloader. Acknowledges that a message was received. No other responses are used.
+
* <code>x</code>: Clear the bootloader's received buffer.
+
* <code>k</code>: See <code>x</code>.
+
  
The bootloader uses triple-ROT-13 encryption to encrypt/decrypt the messages. To help you send messages to the target, the script <code>private/encrypt.py</code> prints the SimpleSerial command for a given fixed string. For example, the ciphertext for the string <code>Don't forget to buy milk!</code> is
+
See the following for using:
<pre>
+
* ChipWhisperer-Lite Classic (XMEGA)
p516261276720736265747267206762206f686c207a76797821\n
+
* ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (including NAE-SCAPACK-L1/L2 users)
</pre>
+
* ChipWhisperer-Pro + XMEGA Target on UFO Board
  
This folder also contains a Makefile to create a hex file for use with the ChipWhisperer hardware. The build process is the same as the previous tutorials: run <code>make</code> from the command line and make sure that everything built properly. If all goes well, the Makefile should print something like
+
https://chipwhisperer.readthedocs.io/en/latest/tutorials/fault_3-openadc-cwlitexmega.html#tutorial-fault-3-openadc-cwlitexmega
<pre>
+
----------------
+
Device: atxmega128d3
+
  
Program:    1706 bytes (1.2% Full)
+
== ChipWhisperer-Lite ARM / STM32F3 Target ==
(.text + .data + .bootloader)
+
  
Data:       248 bytes (3.0% Full)
+
See the following for using:
(.data + .bss + .noinit)
+
* ChipWhisperer-Lite 32-bit (STM32F3 Target)
 +
* ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (including NAE-SCAPACK-L1/L2 users)
 +
* ChipWhisperer-Pro + STM32F3 Target on UFO Board
  
 +
https://chipwhisperer.readthedocs.io/en/latest/tutorials/fault_3-openadc-cwlitearm.html#tutorial-fault-3-openadc-cwlitearm
  
Built for platform CW-Lite XMEGA
+
== ChipWhisperer Nano Target ==
  
-------- end --------
+
This tutorial is not available for the ChipWhisperer Nano.
</pre>
+
 
+
= The Attack Plan =
+
== The Sensitive Code ==
+
== Disassembly ==
+
 
+
= Attack Script & Results =
+
 
+
= Ideas =
+
* Change hex file to use BRLT
+
* Use volatile loop variables
+
 
+
{{Template:Tutorials}}
+
[[Category:Tutorials]]
+

Latest revision as of 05:38, 29 July 2019

This tutorial has been updated for ChipWhisperer 5 release. If you are using 4.x.x or 3.x.x see the "V4" or "V3" link in the sidebar.

A7: Glitch Buffer Attacks
Target Architecture XMEGA/Arm
Hardware Crypto No
Software Release V3 / V4 / V5

This tutorial will introduce you to measuring the power consumption of a device under attack. It will demonstrate how you can view the difference between assembly instructions. In ChipWhisperer 5 Release, the software documentation is now held outside the wiki. See links below.

To see background on the tutorials see the Tutorial Introduction on ReadTheDocs, which explains what the links below mean. These wiki pages (that you are reading right now) only hold the hardware setup required, and you have to run the Tutorial via the Jupyter notebook itself. The links below take you to the expected Jupyter output from each tutorial, so you can compare your results to the expected/known-good results.

Running the tutorial uses the referenced Jupyter notebook file.

  • Jupyter file: Fault_3-Glitch_Buffer_Attacks.ipynb


XMEGA Target

See the following for using:

  • ChipWhisperer-Lite Classic (XMEGA)
  • ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (including NAE-SCAPACK-L1/L2 users)
  • ChipWhisperer-Pro + XMEGA Target on UFO Board

https://chipwhisperer.readthedocs.io/en/latest/tutorials/fault_3-openadc-cwlitexmega.html#tutorial-fault-3-openadc-cwlitexmega

ChipWhisperer-Lite ARM / STM32F3 Target

See the following for using:

  • ChipWhisperer-Lite 32-bit (STM32F3 Target)
  • ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (including NAE-SCAPACK-L1/L2 users)
  • ChipWhisperer-Pro + STM32F3 Target on UFO Board

https://chipwhisperer.readthedocs.io/en/latest/tutorials/fault_3-openadc-cwlitearm.html#tutorial-fault-3-openadc-cwlitearm

ChipWhisperer Nano Target

This tutorial is not available for the ChipWhisperer Nano.