Approved_users, bureaucrat, administrator
1,956
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
→Reset via Auxiliary Module
<ol style="list-style-type: decimal;">
<li> We're going to use Scroll down the ''Reset AVR/XMEGA via CW-Lite'' auxiliary module.Let's get an idea list of how this module works: * Navigate to the auxiliary modules folder (<code>chipwhisperer\software\chipwhisperer\capture\auxiliary\</code>) scripts, and open <code>ResetCW1183Readyou'll find one labeled "aux_reset_cw1173.py</code> in your choice of text editor".* Find the function definition for <code>resetDevice()</code>. It contains This script has a line that looks like: <pre>CWCoreAPI.getInstance().getScope().scopetype.cwliteXMEGA.readSignature()</pre>* Look for the lines where this simple function gets called. You'll find that of attempting to reset the XMEGA device using the function <code>traceArm()</code> uses it likeprogrammer: <prebr>resettiming = self.findParam('resettiming').value()if resettiming == 'Pre-Arm'[[File: self.resetDevice()</pre>Effectively, this code will read the target's signature before we arm the power measurement. This means that the target will automatically be reset before capturing a power traceauxreset_test1.png|600px]]
</li>
<li> Go back to Hit the ChipWhisperer Capture software"Run" button. In If you switch to the ''Generic Settings'' "Auxilary Module" tab, switch the Auxiliary Module to ''Reset AVR/XMEGA via CW-Liteyou'll see it's been added to the list of modules at the specified location.:</libr><li> Now, in the ''Aux Settings'' tab, we can configure our automatic reset[[File:auxreset_test2. Make sure the settings are:* Pre-arm delay: roughly 1200 ms* Post-arm delay: the default (0 ms) is fine* Reset timing: Pre-arm (reset the device before we arm the scope)png|400px]]
</li>
<li>Looking at the code of the script, you can see how this script is using an external module & linking it to a specific auxilary module trigger:
<syntaxhighlight lang=python>
from chipwhisperer.capture.auxiliary.ResetCW1173Read import ResetCW1173
# GUI compatibility
try:
aux_list = self.aux_list
except NameError:
pass
# Delay between arming and resetting, in ms
delay_ms = 1000
# Reset XMEGA device
Resetter = ResetCW1173(xmega=True, delay_ms=delay_ms)
# Reset AVR
#Resetter = ResetCW1173(xmega=False, delay_ms=delay_ms)
# Reset before arming - more stable
aux_list.register(Resetter.resetThenDelay, "before_trace")
# Reset after arming - scope can catch entire reset
#aux_list.register(Resetter.delayThenReset, "after_arm")
</syntaxhighlight>
<li>You can edit the values required such as reset time & location by changing the script (using an external editor). But an easier method is to insert it into our attack script itself. As a test we'll see if the default values work.</li>
<li> Press ''Capture 1''. The target will automatically reset, with the Safe-o-matic 3000 boot sequence appearing in the console. Then, 1 second later, the program will send the password to the target and record a power trace.
</li>
Now, confirm that you can try different passwords (in ''Target Settings'') and see how the power trace changes when your password has 0, 1, 2... correct characters.
Once done, use the *Remove* button to get rid of the auxiliary module, as we are going to add it instead to our script.
= Performing the Timing Attack =
