As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Changes

Jump to: navigation, search

Tutorial B11 Breaking RSA

2,200 bytes added, 21:49, 15 July 2017
no edit summary
[[File:B11_acqsetting.png|400px]]
== Acquiring Example Data ==
 
Assuming you have a working example, the next step is the easiest. We will record a single project with the following data:
 
# 2x traces with secret key of <code>00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00</code>
# 2x traces with secret key of <code>00 00 00 00 00 00 00 00 00 00 00 00 00 00 81 40</code>
# 2x traces with secret key of <code>00 00 00 00 00 00 00 00 00 00 00 00 00 00 AB E2>/code>
# 2x traces with secret key of <code>00 00 00 00 00 00 00 00 00 00 00 00 00 00 AB E3>/code>
 
We record 2x traces for each sequence to provide us with a 'reference' trace and another 'test' trace (in case we want to confirm a template match is working without using the exact same trace).
 
The third trace with the <code>AB E2</code> key will be the most interesting, as we will use that to demonstrate a working attack.
== Automating Attack ==
cwapi = CWCoreAPI()
cwapi.openProject(r'c:\usersexamplelocation\colin\chipwhisperer_projects\tmp\rsa_test_16byte_80rsa_test.cwp')
tm = cwapi.project().traceManager()
#plot(trace_ref)
 
#The target trace we will attack
target_trace_number = 3
start = 3600
for i in range(0, 22999):
diff = tm.getTrace(1target_trace_number)[i:(i+len(rsa_one))] - rsa_one
diffs.append(np.sum(abs(diff)))
You can try to extend the above code by (1) counting the number of matches of the template, and (2) attempting to template the processing of the '1' bit instead, and directly determining where a '1' processing is occurring. This may require to to experiment with the location of the reference template.
 
The following shows a complete attack script which should recover the 'AB E2' key (but will fail with the AB E3 key):
 
<syntaxhighlight lang='python'>
from chipwhisperer.common.api.CWCoreAPI import CWCoreAPI
from matplotlib.pylab import *
import numpy as np
 
cwapi = CWCoreAPI()
cwapi.openProject(r'c:\users\colin\chipwhisperer_projects\tmp\rsa_test_16byte_80.cwp')
 
tm = cwapi.project().traceManager()
ntraces = tm.numTraces()
 
#Reference trace
trace_ref = tm.getTrace(0)
 
#plot(trace_ref)
 
#The target trace we will attack
#If following tutorial:
#0/1 = 80 00
#2/3 = 81 40
#4/5 = AB E2
#6/7 = AB E3 (this won't work as we don't detect the last 1)
target_trace_number = 4
 
start = 3600
rsa_one = trace_ref[start:(start+500)]
diffs = []
 
for i in range(0, 22999):
diff = tm.getTrace(target_trace_number)[i:(i+len(rsa_one))] - rsa_one
diffs.append(np.sum(abs(diff)))
#plot(diffs)
recovered_key = 0x0000
bitnum = 17
 
last_t = -1
for t,d in enumerate(diffs):
if d < 10:
bitnum -= 1
if last_t > 0:
delta = t-last_t
print delta
if delta > 1300:
recovered_key |= 1<<bitnum
 
last_t = t
print("Key = %04x"%recovered_key)
 
</syntaxhighlight>
== Extending the Tutorial ==
Approved_users, bureaucrat, administrator
1,956
edits

Navigation menu