As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Changes

Jump to: navigation, search

Tutorial A5 Breaking AES-256 Bootloader

262 bytes added, 20:24, 10 October 2018
no edit summary
|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro
|Target Device =
|Target Architecture = XMEGA/Arm
|Hardware Crypto = No
|Purchase Hardware =
# Using the AES-256 key schedule, reverse the 13th and 14th round keys to determine the original AES-256 encryption key.
== Setting up Building the Hardware Firmware ==This tutorial uses the [[CW1173 ChipWhisperer-Lite]] hardware. This hardware does not require any special setup - it should be ready to go out-of-the-box.
{{Warningbox|Are you following this tutorial at a training event? If so ONLY use the provided hex-file with secret key already embedded, do not rebuild the firmware!}}
For this example, we'll be using the <code>bootloader-aes256</code> project.
{{CollapsibleSection
|intro = === Building for CWLite with XMEGA Target ===
|content= Building for XMEGA}}
 
{{CollapsibleSection
|intro = === Building for CWLite with Arm Target ===
|content= Building for Arm}}
 
{{CollapsibleSection
|intro = === Building for Other Targets ===
|content= Building for Other Targets}}
 
== Setting up the Hardware ==
Note that you '''don't need hardware''' to complete the tutorial. Instead, you can download [https://www.assembla.com/spaces/chipwhisperer/wiki/Example_Captures example traces from the ChipWhisperer Site]. Just look for the traces titled ''AVR: AES256 Bootloader (ChipWhisperer Tutorial #A5)''.
{{CollapsibleSection|intro === Building/Programming the Bootloader =CW1173 (Lite) Hardware Setup ===|content= CWLite HW Setup}}
{{WarningboxCollapsibleSection|Are you following this tutorial at a training event? If so ONLY use the provided hex-file with secret key already embedded, do not rebuild the firmware!intro = === CW1200 (Pro) Hardware Setup ===|content= CW1200 HW Setup}}
{{CollapsibleSection
|intro = === CW308 (UFO) Hardware Setup ===
|content= CW308 HW Setup}}
The firmware that implements == Programming the bootloader is available inside Target =={{CollapsibleSection|intro = === Programming the ChipWhisperer folder at <code>chipwhisperer\hardware\victims\firmware\bootloader-aes256</code>. If you've uploaded the firmware for any of the other tutorials, the process is identical:XMEGA Target ===|content= Programming XMEGA}}
# Open a command prompt/terminal window and navigate to this folder. Enter the command <code>make PLATFORM{{CollapsibleSection|intro =X</code>, where X is the name of your target. For instance, use <code>PLATFORM=CW303</code> on == Programming the ChipWhisperer Lite. Ensure that the program is successfully compiled. The output should end with a line like#: <pre>Built for platform CW-Lite XMEGA</pre># Open the ChipWhisperer Capture software and connect to your hardware. Open the programmer window STM32F3 (''Tools > CW-Lite XMEGA Programmer''CW303 Arm), find the <code>.hex</code> file that you just made, and ''Erase/Program/Verify FLASH''.Target ===|content= Programming Arm}}
The firmware is now loaded onto your hardware, and you can continue onto the capture process.{{CollapsibleSection|intro = === Programming Other Targets ===|content= Programming Other}}
== Capturing the Traces ==
## Use the toolbar to quickly reset the zoom back to original
##: [[File:Tutorial-A5-Plot-Traces.PNG|image]]
##: Notice that the traces are synchronized for the first 7000 samples(if you're attacking an XMEGA target), but become unsynchronized later. This fact will be important later in the tutorial.
# Set up the attack in the ''Attack'' script:
## Make a copy of the ''attack_cpa.py'' script, call it something new (such as ''attack_aesdec14.py'')
## and then also change this further down where we set the leakage model:
##: <pre>leak_model = AES128_8bit(InvSBox_output)</pre>
## If you're finding the attack very slow, narrow down the attack a bit. Normally, this requires a bit of investigation to determine which ranges of the trace are important. Here, you can use the range from 2900 for to 4200for XMEGA and from 1400 to 2600 for STM32F3 (CW303 Arm). The default settings will also work fine! , so if you're using another target, you may want to attack the full range. To do this adjust narrow the following line to look as follows:attack, edit the <code>attack.setPointRange(0, -1)</code> with the new range.
##: <pre>attack.setPointRange((2900, 4200))</pre>
# Note that we do ''not'' know the secret encryption key, so we cannot highlight the correct key automatically. If you want to fix this, the ''Results'' settings tab has a Highlighted Key setting. Change this to Override mode and enter the key <code>ea 79 79 20 c8 71 44 7d 46 62 5f 51 85 c1 3b cb</code>.
Unfortunately, we cannot use the GUI to attack the 13th round key. The system has no built-in model for round 13 of the AES-256 algorithm. Instead, we can write our own script and insert a custom model into the system. See [[#Appendix D: AES-256 13th Round Key Script]] for complete script used here.
==== Resynchronizing Traces (XMEGA only) ====
# Open the ChipWhisperer Analyzer software again and reopen the project file (if closed).
# Recall from the 14th round attack that the trace data becomes unsynchronized around sample 7000. This is due to a non-constant AES implementation: the code does not always take the same amount of time to run for every input. (It's actually possible to do a timing attack on this AES implementation! We'll stick with our CPA attack for now.)
[[File:A5_pp_resync_end.png|400px]]}}
=== ===
The next step is to program our own leakage model. The following Python code models the Hamming weight model of the 13th round S-box:
<pre>python
# Imports for AES256 Attack
from chipwhisperer.analyzer.attacks.models.AES128_8bit import AESLeakageHelper
#:<pre>leak_model = AES128_8bit(AES256_Round13_Model)</pre>
# As we did in the 14th round attack, reducing the point range can speed up the attack. For example, to use a smaller range of points, try changing the <code>setPointRange()</code> function call to
#:<pre>self.attack.setPointRange((8000,10990))</pre>on XMEGA or <pre>self.attack.setPointRange((6500,8500))</pre> for the STM32.
# Start the attack! Wait for the attack to complete, and you will determine the 13th round key:
#: [[File:Tutorial-A5-Results-Round-13.PNG|image]]
Finally, we need to convert this hypothetical key into the actual value of the 13th round key. We can do this by passing the key through ShiftRows and MixColumns to remove the effect of these two functions. This is easy to do in the Python console (assuming we had the recovered key <code>C6 BD 4E 50 AB CA 75 77 79 87 96 CA 1C 7F C5 82</code>, if you recovered a different key replace the <code>knownkey</code> value with yours):
<pre>python
>>> from chipwhisperer.analyzer.attacks.models.aes.funcs import shiftrows,mixcolumns
>>> knownkey = [0xC6, 0xBD, 0x4E, 0x50, 0xAB, 0xCA, 0x75, 0x77, 0x79, 0x87, 0x96, 0xCA, 0x1C, 0x7F, 0xC5, 0x82]
== Appendix A: Target Code ==
<pre>python
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Set the 'Target Module' as 'AES Bootloader' (you need to have that target on your system)
<pre>python
"""Setup script for CWLite/1200 with XMEGA (CW303/CW308-XMEGA/CWLite target)
specifically for Tutorial A5: the AES-256 bootloader attack
attack.setReportingInterval(10)
attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
attack.setPointRange((2900, 34004200))
self.results_table.setAnalysisSource(attack)
Approved_users, administrator
366
edits

Navigation menu