Open main menu

Changes

Tutorial A5-Bonus Breaking AES-256 Bootloader

3,380 bytes removed, 13:36, 29 July 2019
no edit summary
{{Warningbox|This tutorial is an add-on to [[Tutorial A5 Breaking AES-256 Bootloader]]has been updated for ChipWhisperer 5 release. It continues working on If you are using 4.x.x or 3.x.x see the same firmware, showing how to obtain the hidden IV and signature "V4" or "V3" link in the bootloader. '''It is not possible to do this bonus tutorial without first completing the regular tutorial''', so please finish Tutorial A5 firstsidebar.}}
''This {{Infobox tutorial is under construction! Check back in a few days.''|name = A5: Breaking AES-256 Bootloader|image = |caption = |software versions =|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro|Target Device = |Target Architecture = XMEGA/Arm|Hardware Crypto = No|Purchase Hardware = }}
= Background =<!-- To edit this, edit Template:Tutorial_boilerplate -->== AES in CBC Mode ==* Repeat of theory from tutorial== The IV ==* Suggest some ideas== The Signature ==* Timing attack* Show firmware{{Tutorial boilerplate}}
* Jupyter file: '''PA_Multi_1-Breaking_AES-256_Bootloader.ipynb'''
= Attacking the IV =
Example:
<pre>#Imports for IV Attackfrom Crypto.Cipher import AES== XMEGA Target ==
def initPreprocessing(self)See the following for using: self.preProcessingResyncSAD0 = preprocessing.ResyncSAD.ResyncSAD* ChipWhisperer-Lite Classic (self.parentXMEGA) self.preProcessingResyncSAD0.setEnabled* ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (Trueincluding NAE-SCAPACK-L1/L2 users) self.preProcessingResyncSAD0.setReference(rtraceno=0, refpoints=(6300,6800), inputwindow=(6000,7200)) self.preProcessingResyncSAD1 = preprocessing.ResyncSAD.ResyncSAD(self.parent) self.preProcessingResyncSAD1.setEnabled(True) self.preProcessingResyncSAD1.setReference(rtraceno=0, refpoints=(4800,5100), inputwindow=(4700,5200)) self.preProcessingList = [self.preProcessingResyncSAD0,self.preProcessingResyncSAD1,] return self.preProcessingList* ChipWhisperer-Pro + XMEGA Target on UFO Board
class AESIVAttack(object)https: numSubKeys = 16//chipwhisperer.readthedocs.io/en/latest/tutorials/pa_multi_1-openadc-cwlitexmega.html#tutorial-pa-multi-1-openadc-cwlitexmega
@staticmethod def leakage(textin, textout, guess, bnum, setting, state): knownkey = [0x94, 0x28, 0x5D, 0x4D, 0x6D, 0xCF, 0xEC, 0x08, 0xD8, 0xAC, 0xDD, 0xF6, 0xBE, 0x25, 0xA4, 0x99, 0xC4, 0xD9, 0xD0, 0x1E, 0xC3, 0x40, 0x7E, 0xD7, 0xD5, 0x28, 0xD4, 0x09, 0xE9, 0xF0, 0x88, 0xA1] knownkey = str(bytearray(knownkey)) ct ChipWhisperer-Lite ARM / STM32F3 Target == str(bytearray(textin))
aes = AES.newSee the following for using:* ChipWhisperer-Lite 32-bit (knownkey, AES.MODE_ECBSTM32F3 Target) pt = aes.decrypt* ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (ctincluding NAE-SCAPACK-L1/L2 users) return getHW(bytearray(pt)[bnum] ^ guess)</pre>* ChipWhisperer-Pro + STM32F3 Target on UFO Board
= Appendix D AEShttps://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_multi_1-256 IV Attack Script =openadc-cwlitearm.html#tutorial-pa-multi-1-openadc-cwlitearm
'''NB: This script works for 0.10 release or later, see local copy in doc/html directory of chipwhisperer release if you need earlier versions'''== ChipWhisperer Nano Target ==
Full attack script, copy/paste into a file then add as active attack script: <pre>#IV Attack Scriptfrom chipwhisperer.common.autoscript import AutoScriptBase#Imports from Preprocessingimport chipwhisperer.analyzer.preprocessing as preprocessing#Imports from Capturefrom chipwhisperer.analyzer.attacks.CPA import CPAfrom chipwhisperer.analyzer.attacks.CPAProgressive import CPAProgressiveimport chipwhisperer.analyzer.attacks.models.AES128_8bit# Imports from utilList # Imports This tutorial is not available for AES256 Attackfrom chipwhispererthe ChipWhisperer Nano.analyzer.attacks.models.AES128_8bit import getHW #Imports for IV Attackfrom Crypto.Cipher import AES class AESIVAttack(object): numSubKeys = 16  @staticmethod def leakage(textin, textout, guess, bnum, setting, state): knownkey = [0x94, 0x28, 0x5D, 0x4D, 0x6D, 0xCF, 0xEC, 0x08, 0xD8, 0xAC, 0xDD, 0xF6, 0xBE, 0x25, 0xA4, 0x99, 0xC4, 0xD9, 0xD0, 0x1E, 0xC3, 0x40, 0x7E, 0xD7, 0xD5, 0x28, 0xD4, 0x09, 0xE9, 0xF0, 0x88, 0xA1] knownkey = str(bytearray(knownkey)) ct = str(bytearray(textin))  aes = AES.new(knownkey, AES.MODE_ECB) pt = aes.decrypt(ct) return getHW(bytearray(pt)[bnum] ^ guess) class userScript(AutoScriptBase): preProcessingList = [] def initProject(self): pass  def initPreprocessing(self): self.preProcessingResyncSAD0 = preprocessing.ResyncSAD.ResyncSAD(self.parent) self.preProcessingResyncSAD0.setEnabled(True) self.preProcessingResyncSAD0.setReference(rtraceno=0, refpoints=(6300,6800), inputwindow=(6000,7200)) self.preProcessingResyncSAD1 = preprocessing.ResyncSAD.ResyncSAD(self.parent) self.preProcessingResyncSAD1.setEnabled(True) self.preProcessingResyncSAD1.setReference(rtraceno=0, refpoints=(4800,5100), inputwindow=(4700,5200)) self.preProcessingList = [self.preProcessingResyncSAD0,self.preProcessingResyncSAD1,] return self.preProcessingList  def initAnalysis(self): self.attack = CPA(self.parent, console=self.console, showScriptParameter=self.showScriptParameter) self.attack.setAnalysisAlgorithm(CPAProgressive, AESIVAttack, None) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(25) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceManager(self.traceManager()) self.attack.setProject(self.project()) self.attack.setPointRange((4800,6500)) return self.attack  def initReporting(self, results): results.setAttack(self.attack) results.setTraceManager(self.traceManager()) self.results = results  def doAnalysis(self): self.attack.doAttack()</pre> = Attacking the Signature =
Adewar
Approved_users, administrator
366
edits