Changes

Tutorial B11 Breaking RSA

436 bytes added, 00:50, 16 July 2017
Finding SPA Leakage
<br>
<li>
If you haven't yet, program the <code>simpleserial-rsa</code> as appropriate. If using the XMEGA target on the ChipWhisperer-Lite/UFO board, this would be called <code>victims/firmware/simpleserial-rsa/simpleserial-rsa-CW303.hex</code>:<br>[[File:B11_Programming.png|300px]]</li><br><li>Under the XXX Target Settings tab, leave only the "Go Command", and delete the other commands(Load Key and Output Format). The RSA demo does not support sending a key, and instead will use the plaintext as a fake-key.
<br>
[[File:B11_plaintext_setting.png|400px]]
<br>
<li>
If you are using Capture V3.5.2 or later you will have support for the length of the trigger output being high reported back to you. If you run capture-1 for example you'll see the trigger was high for XX 177381 cycles:<br>[[File:B11_trigger_active.png|400px]]
</li>
<br>
<li>
This is way too long! You won't be able to capture the entire trace in your 24000 length sample buffer. Instead we'll make the demo even shorter - in our case looking at the source code you can see there is a "flag" which is set high only AFTER the first 1 is received. <br>Thus using change (a fixed ) the plaintextto be FIXED (by default it will be random), and then (b) change the input plaintext to be all 00's (<code>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</code>):
<br>
[[File:B11_acqsetting.png|400px]]
Approved_users, bureaucrat, administrator
1,956
edits