= Next Steps =
If you want to go further with this tutorial, [[Tutorial A5-Bonus: Breaking AES-256 Bootloader]] continues working with the same firmware to find the remaining secrets in the bootloader (the IV and the signature).
= Analysis of Power Traces for IV =
TODO
Example:
<pre>#Imports for IV Attack
from Crypto.Cipher import AES
def initPreprocessing(self):
self.preProcessingResyncSAD0 = preprocessing.ResyncSAD.ResyncSAD(self.parent)
self.preProcessingResyncSAD0.setEnabled(True)
self.preProcessingResyncSAD0.setReference(rtraceno=0, refpoints=(6300,6800), inputwindow=(6000,7200))
self.preProcessingResyncSAD1 = preprocessing.ResyncSAD.ResyncSAD(self.parent)
self.preProcessingResyncSAD1.setEnabled(True)
self.preProcessingResyncSAD1.setReference(rtraceno=0, refpoints=(4800,5100), inputwindow=(4700,5200))
self.preProcessingList = [self.preProcessingResyncSAD0,self.preProcessingResyncSAD1,]
return self.preProcessingList
class AESIVAttack(object):
numSubKeys = 16
@staticmethod
def leakage(textin, textout, guess, bnum, setting, state):
knownkey = [0x94, 0x28, 0x5D, 0x4D, 0x6D, 0xCF, 0xEC, 0x08, 0xD8, 0xAC, 0xDD, 0xF6, 0xBE, 0x25, 0xA4, 0x99,
0xC4, 0xD9, 0xD0, 0x1E, 0xC3, 0x40, 0x7E, 0xD7, 0xD5, 0x28, 0xD4, 0x09, 0xE9, 0xF0, 0x88, 0xA1]
knownkey = str(bytearray(knownkey))
ct = str(bytearray(textin))
aes = AES.new(knownkey, AES.MODE_ECB)
pt = aes.decrypt(ct)
return getHW(bytearray(pt)[bnum] ^ guess)</pre>
= Timing Attacks for Signature =
