Changes

Tutorial A5 Breaking AES-256 Bootloader

160 bytes removed, 20:01, 31 January 2017
13th Round Key
# Imports for AES256 Attack
from chipwhisperer.analyzer.attacks.models.base import ModelsBase
from chipwhisperer.analyzer.attacks.models.aes.funcs AES128_8bit import sboxAESLeakageHelper, inv_sbox, inv_shiftrows, inv_mixcolumns, inv_subbytesAES128_8bit
 class AES256AttackAES256_Model(ModelsBaseAESLeakageHelper): _name name = 'AES 128Our model def __init__(self): ModelsBase.__init__(self, 16, 256, model=None) self.numRoundKeys = 10 def leakage(self, textinpt, textoutct, guess, bnum, state): knownkey = [0xba0xea, 0x410x79, 0x9b0x79, 0x110x20, 0x070xc8, 0x7b0x71, 0x5d0x44, 0x320x7d, 0x1d0x46, 0xa00x62, 0x7f0x5f, 0x0a0x51, 0x85, 0x050xc1, 0xd80x3b, 0xcd0xcb] xored = [knownkey[i] ^ textinpt[i] for i in range(0, 16)]
block = xored
block = self.inv_shiftrows(block) block = self.inv_subbytes(block) block = self.inv_mixcolumns(block) block = self.inv_shiftrows(block)
result = block
return self.HW[inv_sbox((result[bnum] ^ guess[bnum]))]
</pre>
You can look back at the C code of the AES-256 decryption to see how this is implementing the decryption code. Note that because of the Inverse MixColumns operation, we need the entire input ciphertext -- otherwise, we would only need to operate on one byte of the ciphertext.
# Add the above function to your custom script file.
# Change the <code>setAnalysisAlgorithm</code> in the script to use your custom functions by making the following call:
#:<pre>self.attack.setAnalysisAlgorithmleakage_object = AES128_8bit(CPAProgressive, AES256Attack, NoneAES256_Model)</pre>
# As we did in the 14th round attack, reducing the point range can speed up the attack. For example, to use a smaller range of points, try changing the <code>setPointRange()</code> function call to
#:<pre>self.attack.setPointRange((8000,10990))</pre>
Approved_users
510
edits