Changes

Tutorial A5-Bonus Breaking AES-256 Bootloader

3,769 bytes removed, 13:36, 29 July 2019

no edit summary

{{Warningbox|This tutorial ~~is an add-on to [[Tutorial A5 Breaking AES-256 Bootloader]]~~has been updated for ChipWhisperer 5 release. ~~It continues working on~~ If you are using 4.x.x or 3.x.x see the ~~same firmware, showing how to obtain the hidden IV and signature~~ "V4" or "V3" link in the ~~bootloader. '''It is not possible to do this bonus tutorial without first completing the regular tutorial''', so please finish Tutorial A5 first~~sidebar.}}

~~''This~~ {{Infobox tutorial ~~is under construction! Check back in a few days.''~~|name = A5: Breaking AES-256 Bootloader|image = |caption = |software versions =|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro|Target Device = |Target Architecture = XMEGA/Arm|Hardware Crypto = No|Purchase Hardware = }}

~~= Background =~~~~== AES in CBC Mode ==~~* Repeat of theory from tutorial~~== The IV ==~~* Suggest some ideas~~== The Signature ==~~* Timing attack* Show firmware{{Tutorial boilerplate}}

* Jupyter file: '''PA_Multi_1-Breaking_AES-256_Bootloader.ipynb'''

~~= Attacking the IV =~~

~~Steps:~~

* Investigation

** Look at bootloader code

** Move trigger

** Record 1

** Show different instructions in trace

* Making the attack feasible

** Capture a bunch (500?)

** Apply decryption

** Look at one bit

** Find means + plot

** Find differences + plot

* Automating the attack

** Finding the attack points

** Getting a single bit

** Building the IV bytes

* Full script in appendix

~~Example:~~== XMEGA Target ==

~~<pre>#Imports~~ See the following for ~~IV Attack~~using:~~from Crypto.Cipher import AES~~* ChipWhisperer-Lite Classic (XMEGA)* ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (including NAE-SCAPACK-L1/L2 users)* ChipWhisperer-Pro + XMEGA Target on UFO Board

~~def initPreprocessing(self)~~https: ~~self~~//chipwhisperer.~~preProcessingResyncSAD0 = preprocessing~~readthedocs.~~ResyncSAD~~io/en/latest/tutorials/pa_multi_1-openadc-cwlitexmega.~~ResyncSAD(self.parent)~~ ~~self.preProcessingResyncSAD0.setEnabled(True)~~ ~~self.preProcessingResyncSAD0.setReference(rtraceno=0, refpoints=(6300,6800), inputwindow=(6000,7200))~~ ~~self.preProcessingResyncSAD1 = preprocessing.ResyncSAD.ResyncSAD(self.parent)~~ ~~self.preProcessingResyncSAD1.setEnabled(True)~~ ~~self.preProcessingResyncSAD1.setReference(rtraceno=0, refpoints=(4800,5100), inputwindow=(4700,5200))~~ ~~self.preProcessingList = [self.preProcessingResyncSAD0,self.preProcessingResyncSAD1,]~~ ~~return self.preProcessingList~~html#tutorial-pa-multi-1-openadc-cwlitexmega

~~class AESIVAttack(object):~~ ~~numSubKeys~~ = 16= ChipWhisperer-Lite ARM / STM32F3 Target ==

~~@staticmethod~~See the following for using: ~~def leakage~~* ChipWhisperer-Lite 32-bit (~~textin, textout, guess, bnum, setting, state~~STM32F3 Target): ~~knownkey = [0x94, 0x28, 0x5D, 0x4D, 0x6D, 0xCF, 0xEC, 0x08, 0xD8, 0xAC, 0xDD, 0xF6, 0xBE, 0x25, 0xA4, 0x99,~~ ~~0xC4, 0xD9, 0xD0, 0x1E, 0xC3, 0x40, 0x7E, 0xD7, 0xD5, 0x28, 0xD4, 0x09, 0xE9, 0xF0, 0x88, 0xA1]~~ ~~knownkey = str~~* ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (~~bytearray(knownkey)~~including NAE-SCAPACK-L1/L2 users) ~~ct = str(bytearray(textin))~~* ChipWhisperer-Pro + STM32F3 Target on UFO Board

~~aes = AES~~https://chipwhisperer.~~new(knownkey, AES~~readthedocs.~~MODE_ECB)~~ ~~pt = aes.decrypt(ct)~~ ~~return getHW(bytearray(pt)[bnum] ^ guess)<~~io/~~pre>~~en/latest/tutorials/pa_multi_1-openadc-cwlitearm.html#tutorial-pa-multi-1-openadc-cwlitearm

= ~~Appendix D AES-256 IV Attack Script~~ = ChipWhisperer Nano Target ==

~~'''NB:~~ This ~~script works~~ tutorial is not available for 0the ChipWhisperer Nano.~~10 release or later, see local copy in doc/html directory of chipwhisperer release if you need earlier versions'''~~ ~~Full attack script, copy/paste into a file then add as active attack script:~~ ~~<pre>#IV Attack Scriptfrom chipwhisperer.common.autoscript import AutoScriptBase#Imports from Preprocessingimport chipwhisperer.analyzer.preprocessing as preprocessing#Imports from Capturefrom chipwhisperer.analyzer.attacks.CPA import CPAfrom chipwhisperer.analyzer.attacks.CPAProgressive import CPAProgressiveimport chipwhisperer.analyzer.attacks.models.AES128_8bit# Imports from utilList~~ ~~# Imports for AES256 Attackfrom chipwhisperer.analyzer.attacks.models.AES128_8bit import getHW~~ ~~#Imports for IV Attackfrom Crypto.Cipher import AES~~ ~~class AESIVAttack(object):~~ ~~numSubKeys = 16~~ ~~@staticmethod~~ ~~def leakage(textin, textout, guess, bnum, setting, state):~~ ~~knownkey = [0x94, 0x28, 0x5D, 0x4D, 0x6D, 0xCF, 0xEC, 0x08, 0xD8, 0xAC, 0xDD, 0xF6, 0xBE, 0x25, 0xA4, 0x99,~~ ~~0xC4, 0xD9, 0xD0, 0x1E, 0xC3, 0x40, 0x7E, 0xD7, 0xD5, 0x28, 0xD4, 0x09, 0xE9, 0xF0, 0x88, 0xA1]~~ ~~knownkey = str(bytearray(knownkey))~~ ~~ct = str(bytearray(textin))~~ ~~aes = AES.new(knownkey, AES.MODE_ECB)~~ ~~pt = aes.decrypt(ct)~~ ~~return getHW(bytearray(pt)[bnum] ^ guess)~~ ~~class userScript(AutoScriptBase):~~ ~~preProcessingList = []~~ ~~def initProject(self):~~ ~~pass~~ ~~def initPreprocessing(self):~~ ~~self.preProcessingResyncSAD0 = preprocessing.ResyncSAD.ResyncSAD(self.parent)~~ ~~self.preProcessingResyncSAD0.setEnabled(True)~~ ~~self.preProcessingResyncSAD0.setReference(rtraceno=0, refpoints=(6300,6800), inputwindow=(6000,7200))~~ ~~self.preProcessingResyncSAD1 = preprocessing.ResyncSAD.ResyncSAD(self.parent)~~ ~~self.preProcessingResyncSAD1.setEnabled(True)~~ ~~self.preProcessingResyncSAD1.setReference(rtraceno=0, refpoints=(4800,5100), inputwindow=(4700,5200))~~ ~~self.preProcessingList = [self.preProcessingResyncSAD0,self.preProcessingResyncSAD1,]~~ ~~return self.preProcessingList~~ ~~def initAnalysis(self):~~ ~~self.attack = CPA(self.parent, console=self.console, showScriptParameter=self.showScriptParameter)~~ ~~self.attack.setAnalysisAlgorithm(CPAProgressive, AESIVAttack, None)~~ ~~self.attack.setTraceStart(0)~~ ~~self.attack.setTracesPerAttack(100)~~ ~~self.attack.setIterations(1)~~ ~~self.attack.setReportingInterval(25)~~ ~~self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])~~ ~~self.attack.setTraceManager(self.traceManager())~~ ~~self.attack.setProject(self.project())~~ ~~self.attack.setPointRange((4800,6500))~~ ~~return self.attack~~ ~~def initReporting(self, results):~~ ~~results.setAttack(self.attack)~~ ~~results.setTraceManager(self.traceManager())~~ ~~self.results = results~~ ~~def doAnalysis(self):~~ ~~self.attack.doAttack()</pre>~~ ~~= Attacking the Signature =~~

← Older edit

Adewar

Approved_users, administrator

366

edits

Changes

Tutorial A5-Bonus Breaking AES-256 Bootloader

ChipWhisperer Wiki