{{Warningbox|This tutorial is an add-on to [[Tutorial A5 Breaking AES-256 Bootloader]]has been updated for ChipWhisperer 5 release. It continues working on If you are using 4.x.x or 3.x.x see the same firmware, showing how to obtain the hidden IV and signature "V4" or "V3" link in the bootloader. '''It is not possible to do this bonus tutorial without first completing the regular tutorial''', so please finish Tutorial A5 firstsidebar.}}
''This {{Infobox tutorial is under construction! Check back in a few days.''|name = A5: Breaking AES-256 Bootloader|image = |caption = |software versions =|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro|Target Device = |Target Architecture = XMEGA/Arm|Hardware Crypto = No|Purchase Hardware = }}
= Background =<!-- To edit this, edit Template:Tutorial_boilerplate -->== AES in CBC Mode ==* Repeat of theory from tutorial== The IV ==* Suggest some ideas== The Signature ==* Timing attack* Show firmware{{Tutorial boilerplate}}
<pre>#Imports for IV Attackfrom Crypto.Cipher import AES== XMEGA Target ==
def initPreprocessing(self)See the following for using: self.preProcessingResyncSAD0 = preprocessing.ResyncSAD.ResyncSAD* ChipWhisperer-Lite Classic (self.parentXMEGA) self.preProcessingResyncSAD0.setEnabled* ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (Trueincluding NAE-SCAPACK-L1/L2 users) self.preProcessingResyncSAD0.setReference(rtraceno=0, refpoints=(6300,6800), inputwindow=(6000,7200)) self.preProcessingResyncSAD1 = preprocessing.ResyncSAD.ResyncSAD(self.parent) self.preProcessingResyncSAD1.setEnabled(True) self.preProcessingResyncSAD1.setReference(rtraceno=0, refpoints=(4800,5100), inputwindow=(4700,5200)) self.preProcessingList = [self.preProcessingResyncSAD0,self.preProcessingResyncSAD1,] return self.preProcessingList* ChipWhisperer-Pro + XMEGA Target on UFO Board
class AESIVAttack(object)https: numSubKeys = 16//chipwhisperer.readthedocs.io/en/latest/tutorials/pa_multi_1-openadc-cwlitexmega.html#tutorial-pa-multi-1-openadc-cwlitexmega
aes = AES.newSee the following for using:* ChipWhisperer-Lite 32-bit (knownkey, AES.MODE_ECBSTM32F3 Target) pt = aes.decrypt* ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (ctincluding NAE-SCAPACK-L1/L2 users) return getHW(bytearray(pt)[bnum] ^ guess)</pre>* ChipWhisperer-Pro + STM32F3 Target on UFO Board
= Appendix D AEShttps://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_multi_1-256 IV Attack Script =openadc-cwlitearm.html#tutorial-pa-multi-1-openadc-cwlitearm
'''NB: This script works for 0.10 release or later, see local copy in doc/html directory of chipwhisperer release if you need earlier versions'''== ChipWhisperer Nano Target ==