As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Tutorial A7 Glitch Buffer Attacks

From ChipWhisperer Wiki

Revision as of 07:34, 28 June 2016 by Gdeon (Talk | contribs) (Made page)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

This tutorial discusses a specific type of glitch attack. It shows how a simple printing loop can be abused, causing a target to print some otherwise private information. This attack will be used to recover a plaintext without any knowledge of the encryption scheme being used.

Contents

1 Background
- 1.1 Real Firmware
- 1.2 Bootloader Setup
2 The Attack Plan
- 2.1 The Sensitive Code
- 2.2 Disassembly
3 Attack Script & Results
4 Ideas

Background

Real Firmware

Bootloader Setup

The Attack Plan

The Sensitive Code

Disassembly

Attack Script & Results

Ideas

Change hex file to use BRLT
Use volatile loop variables

Tutorials

See Tutorial Map for important information & suggested order of completion.

Theory

Correlation Power Analysis

Template Attacks

Extending AES-128 Attacks to AES-256

Basic Tutorials

Tutorial B1 Building a SimpleSerial Project

Tutorial B2 Viewing Instruction Power Differences

Tutorial B3-1 Timing Analysis with Power for Password Bypass

Tutorial B5 Breaking AES (Straightforward)

Tutorial B6 Breaking AES (Manual CPA Attack)

Tutorial B7 Profiling Attacks (with HW Assumption)

Tutorial B11 Breaking RSA

Advanced Tutorials

Tutorial A2 Introduction to Glitch Attacks (including Glitch Explorer)

Tutorial A3 VCC Glitch Attacks

Tutorial A5 Breaking AES-256 Bootloader

Tutorial A5-Bonus Breaking AES-256 Bootloader

Tutorial A7 Glitch Buffer Attacks

Tutorial A8 32bit AES

Hardware-Specific Tutorials

Tutorial P1 Stream Mode and Advanced Triggering (CW Pro)

Tutorial CW305-1 Building a Project

Tutorial CW305-2 Breaking AES on FPGA

Tutorial CW305-3 Clock Glitching

Tutorial CW305-4 Voltage Glitching with Crowbars

Archived Tutorials (v4/v3 only)

Tutorial B3-2 Timing Analysis with Power for Attacking TSB

Tutorial B4 Testing Two Partitions of Traces

Tutorial B5-2 Breaking DES (Straightforward)

Tutorial B8 Profiling Attacks (Manual Template Attack)

Tutorial B9 The Preprocessing Modules

Tutorial B10 Using with SASEBO-W CardOS or DPA Contest v4.2

Tutorial A1 Synchronization to Communication Lines

Tutorial A4 SAD Trigger for SCA and Glitch

Tutorial A6 Replication of Ilya Kizhvatov's XMEGA® Attack

Tutorial A9 Bypassing LPC1114 Read Protect

Retrieved from "http://wiki.newae.com/index.php?title=Tutorial_A7_Glitch_Buffer_Attacks&oldid=874"

Tutorials