As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Tutorial CW305-3 Clock Glitching

From ChipWhisperer Wiki
Revision as of 12:54, 17 January 2017 by Gdeon (Talk | contribs) (Created page with "The goal of this tutorial is to apply clock glitching to the CW305 Artix target, causing it to produce erroneous results during the encryption process. This isn't the most int...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The goal of this tutorial is to apply clock glitching to the CW305 Artix target, causing it to produce erroneous results during the encryption process. This isn't the most interesting software to glitch - in Tutorial A2 Introduction to Glitch Attacks (including Glitch Explorer), we glitched past a password check, which is a much more rewarding target. However, the setup and process in this tutorial is applicable to a wide range of FPGA programs.

Background

- One round per clock cycle - Should be possible to apply glitches near the clock edges - Causes a "fake" execution, overwriting the state data

Glitch Setup

Hardware Setup

- Tutorial Cw305-1 - Run script - Clock switches - ChipWhisperer clock output (glitch module)

Glitch Explorer

- Fixed plaintext and key - Look for exact output match for "normal" output - Everything else is success - Ranges for glitch width/offset

Results

- Glitch explorer plot - Examples of erroneous output - Repeatability


Further Analysis

- AES intermediate script - Outline code process - Show code in appendix - Show output plots