Approved_users, administrator
366
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
→Reset via Auxiliary Module
{{Warningbox|This tutorial has been updated for ChipWhisperer 4.0.0 release. If you are using 3.x.x see the "V3" link in the sidebar.}}
{{Infobox tutorial
|name = B3-1 Timing Analysis with Power for Password Bypass
|image =
|caption =
|software versions =
|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro
|Target Device =
|Target Architecture = XMEGA/Arm
|Hardware Crypto = No
|Purchase Hardware =
}}
This tutorial will introduce you to breaking devices by determining when a device is performing certain operations. It will use a simple password check, and demonstrate how to perform a basic power analysis.
Note this is not a prerequisite to the tutorial on breaking AES. You can skip this tutorial if you wish to go ahead with the AES tutorial.
== Prerequisites ==
You should have already completed [[Tutorial B2 Viewing Instruction Power Differences]] to gain a better understanding of the ChipWhisperer interface.
== Building the Target Firmware ==
The target firmware we'll be using for this tutorial is located in the directory <code>chipwhisperer\hardware\victims\firmware\basic-passwdcheck</code>. Build the firmware using <code>make</code>, once again being careful to ensure you are using the correct <code>PLATFORM{{CollapsibleSection|intro =</code> command. You should end up === Building for CWLite with something like this being printed:XMEGA Target ===|content= Building for XMEGA}}
{{CollapsibleSection
|intro = === CW308 (UFO) Hardware Setup ===
|content= CW308 HW Setup}}
{{CollapsibleSection|intro = Manual Communications with the Target === Programming Other Targets ===|content= Programming Other}}
Enter an incorrect password - notice a different message is printed, and if using the CW-Lite XMEGA target the red LED will come on. == Recording Power Traces ==
Now that we can communicate with our super-secure system, our next goal is to get a power trace while the target is running. To do this, we'll get the power measurements to trigger after we send our password to the target.
<li><code>a\n</code></li></ul>
<p>You should notice a distinct change in the password depending how many characters were correct. For example the following shows the difference between passwords of <code>h0px4</code> (which has 4 correct characters) and <code>h0paa</code> (which has 3 correct characters). For example, on an XMEGA target:</p>
<blockquote><p>[[File:3vs4.png|image]]</p></blockquote></li></ol>
== Automatic Resets ==
The last step before scripting an entire attack is to figure out how to automatically reset the target device before (or after) each capture. There are two ways to do this, and the following steps take you through two examples of how to accomplish this goal.
=== Reset via Auxiliary Module Spare IO Lines ===
TODO - see reset via programming interface for now === Reset via Auxiliary modules are small pieces of code that can perform some extra functions during the capture process. The functions inside these Python modules are run before a capture, before the power measurement is armed, before the measurement is triggered, after a single trace is completed, and after an entire capture is finished. We will use an existing auxiliary module to reset the target chip before arming the measurement so that we don't have to manually reset the device.Module ===
<ol style="list-style-type: decimal;">
<li> WeScroll down the list of scripts, and you'll find one labeled "aux_reset_cw1173.py". If you're going not using the XMEGA target, you'll need to edit the script to use the ''Reset AVR/XMEGA via CW-Litenrst'' auxiliary module. Let's get an idea pin instead of how this module works: * Navigate to the auxiliary modules folder (<codeu>chipwhisperer\software\chipwhisperer\capture\auxiliary\</code>) and open <code>ResetCW1183Read.py</code> in your choice of text editor.* Find the function definition for <code>resetDevice()</code>. It contains a line that looks like: <pre>CWCoreAPI.getInstance().getScope().scopetype.cwliteXMEGA.readSignature()</pre>* Look for the lines where this function gets called. You'll find that the function <code>traceArm()'pdic''</codeu> uses it like: <prebr>resettiming = self.findParam('resettiming').value()if resettiming == 'Pre-Arm'[[File: self.resetDevice()</pre>Effectively, this code will read the target's signature before we arm the power measurement. This means that the target will automatically be reset before capturing a power traceauxreset_test1.png|600px]]
</li>
<li> Go back to Hit the ChipWhisperer Capture software"Run" button. In If you switch to the ''Generic Settings'' "Auxilary Module" tab, switch the Auxiliary Module to ''Reset AVR/XMEGA via CW-Liteyou'll see it's been added to the list of modules at the specified location.:</libr><li> Now, in the ''Aux Settings'' tab, we can configure our automatic reset[[File:auxreset_test2. Make sure the settings are:* Pre-arm delay: roughly 1200 ms* Post-arm delay: the default (0 ms) is fine* Reset timing: Pre-arm (reset the device before we arm the scope)png|400px]]
</li>
<li>Looking at the code of the script, you can see how this script is using an external module & linking it to a specific auxilary module trigger:
<syntaxhighlight lang=python>
from chipwhisperer.capture.auxiliary.ResetCW1173Read import ResetCW1173
# GUI compatibility
try:
aux_list = self.aux_list
except NameError:
pass
# Delay between arming and resetting, in ms
delay_ms = 1000
# Reset XMEGA device
Resetter = ResetCW1173(pin='pdic', delay_ms=delay_ms)
# Reset STM32Fx device
#Resetter = ResetCW1173(pin='nrst', delay_ms=delay_ms)
# Reset AVR
#Resetter = ResetCW1173(pin='nrst', delay_ms=delay_ms)
# Reset before arming
# avoids possibility of false triggers
# need delay in target firmware to avoid race condition
aux_list.register(Resetter.resetThenDelay, "before_trace")
# Reset after arming
# scope can catch entire reset
# avoids race condition
# target reset can cause false triggers (usually not an issue)
#aux_list.register(Resetter.delayThenReset, "after_arm")
</syntaxhighlight>
{{Greenbox|Make sure to uncomment the correct reset line (shown in the example above) and comment out the other one using a #}}
<li>You can edit the values required such as reset time & location by changing the script (using an external editor). But an easier method is to insert it into our attack script itself. As a test we'll see if the default values work.</li>
<li> Press ''Capture 1''. The target will automatically reset, with the Safe-o-matic 3000 boot sequence appearing in the console. Then, 1 second later, the program will send the password to the target and record a power trace.
</li>
Now, confirm that you can try different passwords (in ''Target Settings'') and see how the power trace changes when your password has 0, 1, 2... correct characters.
Once done, use the *Remove* button to get rid of the auxiliary module, as we are going to add it instead to our script. == Performing the Timing Attack ==
So far, we've set up our ChipWhisperer to automatically reset the target, send it a password attempt of our choice, and record a power trace while the target processes the password. Now, we'll write a Python script to automatically try different passwords and use these power traces to discover the password stored on the target.
If you're comfortable with python scripting, you may want to use a standalone script utilizing ChipWhisperer's python module. See [[Making Scripts]] for examples on recording and interacting with traces. === Scripting the Setup ===
Our first step will be to write a script that automatically sets up the ChipWhisperer Capture software with all of the settings we've tested above. We'll do this by modifying an existing script with our own settings.
<ol style="list-style-type: decimal;">
<li>Make a copy of an existing ChipWhisperer script. The example scripts are located at <code>chipwhisperer\software\chipwhisperer\capture\scripts</code>; for example, the default one for the XMEGA device is called <code>cwlite-simpleserialxmegasetup_cwlite_xmega.py</code>. Make a copy of this script and put in the same directory (or copy it somewhere memorable.</li><li><p>Rename the script something else - for example, <code>cwlite-passwordcrack.py</code> - and open it for editing. You'll notice that a large chunk of the code is used to set the parameters:</p><pre>#Example of using a list to set parameters. Slightly easier to copy/paste in this formatlstexample = [['CW Extra', 'CW Extra Settings', 'Trigger Pins', 'Target IO4 (Trigger Line)', True], ['CW Extra', 'CW Extra Settings', 'Target IOn Pins', 'Target IO1', 'Serial RXD'], ['CW Extra', 'CW Extra Settings', 'Target IOn Pins', 'Target IO2', 'Serial TXD'], ['OpenADC', 'Clock Setup', 'CLKGEN Settings', 'Desired Frequency', 7370000.0], ['CW Extra', 'CW Extra Settings', 'Target HS IO-Out', 'CLKGEN'], ['OpenADC', 'Clock Setup', 'ADC Clock', 'Source', 'CLKGEN x4 via DCM'], ['OpenADC', 'Trigger Setup', 'Total Samples', 3000], ['OpenADC', 'Trigger Setup', 'Offset', 1500], ['OpenADC', 'Gain Setting', 'Setting', 45], ['OpenADC', 'Trigger Setup', 'Mode', 'rising edge'], #Final step: make DCMs relock in case they are lost ['OpenADC', 'Clock Setup', 'ADC Clock', 'Reset ADC DCM', None], ]</pre><p>Those parameters come from the ''Scripting Parameters'' tab. Switch over to it and notice this tab logs all of the parameter changes, showing you how to change the parameters through the API:</p><blockquote><p>[[File:Scriptcommands.png|image]]</p></blockquote><p>Note that commands run via the script are also printed, so you can see where the values being set are coming from too. </p>
</li>
<li><p>Rename the script something else - for example, <code>cwlite-passwordcrack.py</code> - and open it for editing. You'll notice that a large chunk of the code is used to set configuration information:</p>
<pre>
scope.gain.gain = 45
scope.adc.samples = 25000
scope.adc.offset = 0
scope.adc.basic_mode = "rising_edge"
scope.clock.clkgen_freq = 7370000
scope.clock.adc_src = "clkgen_x4"
scope.trigger.triggers = "tio4"
scope.io.tio1 = "serial_rx"
scope.io.tio2 = "serial_tx"
scope.io.hs2 = "clkgen"
</pre>
<p>Those parameters come from the API. You can print for example the scope parameters by running "self.scope" to see various elements:</p><pre>
>>> self.scope
cwlite Device
gain =
mode = low
gain = 45
db = 22.50390625
adc =
state = False
basic_mode = rising_edge
timeout = 2
offset = 0
presamples = 0
samples = 25000
decimate = 1
trig_count = 3084728877
clock =
adc_src = clkgen_x4
adc_phase = 0
adc_freq = 29538459
adc_rate = 29538459
adc_locked = True
freq_ctr = 0
freq_ctr_src = extclk
clkgen_src = system
extclk_freq = 10000000
clkgen_mul = 2
clkgen_div = 26
clkgen_freq = 7384615
clkgen_locked = True
trigger =
triggers = tio4
module = basic
io =
tio1 = serial_rx
tio2 = serial_tx
tio3 = high_z
tio4 = high_z
pdid = high_z
pdic = high_z
nrst = high_z
glitch_hp = 0
glitch_lp = 0
extclk_src = hs1
hs2 = clkgen
target_pwr = True
glitch =
clk_src = target
width = 10.15625
width_fine = 0
offset = 10.15625
offset_fine = 0
trigger_src = manual
arm_timing = after_scope
ext_offset = 0
repeat = 1
output = clock_xor
</pre></li>
</ol>
<ol start="4" style="list-style-type: decimal;">
<li>Once again on the ''Target Settings'' tab<p>Next, delete append the various required commandsto clear the simpleserial commands and to enable the automatic resets. Make a note of Doing so will require two steps: (1) figuring out the resulting ''Script Commands'' which you will need target settings and adjusting them, and (2) inserting our code to enter to achieve this same goal. Close ChipWhisperer-Captureperform the device reset.</lip><li><p>Continue editing your script. FirstUsing the console, find you can dump parameters of the line setting the Trigger Offsetsimpleserial target (assuming you are still connected):</psyntaxhighlight lang=python><pre>['OpenADC', 'Trigger Setup', 'Offset', 1500],</pre>> target<init_cmd = key_cmd = k$KEY$\ninput_cmd = go_cmd = p>And set this to 0, which we were using previously:</p>$TEXT$\noutput_cmd = r$RESPONSE$\nbaud = 38400protver = <pre>['OpenADC', 'Trigger Setup', 'Offset', 0],</pre></lisyntaxhighlight><li><p>Next, append the required commands to clear the simpleserial commands and to enable the automatic resets:</p><pre/li>#Example of using a list to set parameters. Slightly easier to copy/paste in this formatlstexample = [['CW Extra', 'CW Extra Settings', 'Trigger Pins', 'Target IO4 (Trigger Line)', True], ...BUNCH MORE COMMANDS HERE HAVE BEEN REMOVED... #Final step: make DCMs relock in case they are lost ['OpenADC', 'Clock Setup', 'ADC Clock', 'Reset ADC DCM', None],
<li><p>Finally, we We will need to set the passwordguess so we can observe different traces. You can enter the password in the Capture ''Target Settings'' tab, and see the following sort of call would set the appropriate password:or simply use a command like </pcode><pre>selftarget.api.setParameter([go_cmd = 'Simple Serial', 'Go Command', u'h0px3\h0p3\n'])</precode>.</p>Note the newline is actually escaped, to set the text equivalent of what will be printed. This will result in an actual newline going out across the serial port. Set that command at some point in your script.</pli><li>Close any open ChipWhisperer-Capture windowsFinally, and run the script as beforeyou made. You It should connect load all settings & on hitting capture-1 you will get a waveform related to the target, and be able to press ''Capture 1'' and see power measurement during the correct waveformcomparison.</li>
</ol>
=== Running a Single Capture ===
With our settings prepared, the next step is to use our script to record and analyze a power trace. We need to be able to get the trace data into our Python script so we can analyze it for the timing attack. [[Making Scripts]] is a great resource for learning how to make scripts running ChipWhisperer.
We want to test these two commands. After the setup portion of your script, add some code similar to the following:
<presyntaxhighlight lang=python>#Put this at beginning of scriptimport chipwhisperer as cw #Put this later on after setup happenscw.captureN(self.apiscope, self.capture1()data = target, None, self.apiaux_list, self.getScope(ktp, 1)trace = scope.channels[0].getTracegetLastTrace()print datatrace</presyntaxhighlight> Run your script. The ChipWhisperer should automatically capture one trace and print out the several thousand some datapoints. (Note that output of <code>print</code> statements may go to the ''Debug Logging'' tab in the GUI.) This is all we need to continue.
=== Attacking a Single Letter ===
Now that we can record one power trace, we can start the timing attack. Our goal here is to automatically find the first letter of the Super Secret (tm) password.
<blockquote><p>[[File:Passwordcrackerpts.png|image]]</p></blockquote>
<p>When we guess the first byte incorrectly, there is a distinct power spike at sample number 153. However, when we guess correctly, the target spends more time processing the password, and this spike moves 72 samples forward. This means that we can check if our first byte is correct by checking this data point: if we're right, it will have an amplitude greater than -0.2. Note the specific point will change for different hardware, and may also change if you use different versions of avr-gcc your compiler to compile the target code. The example code here was compiled with WinAVR 20100110, which has avr-gcc 4.3.3. If you view the video version of this tutorial the point numbers are different for example, so be sure to check what they are for your specific system.</p></li>
* Sets the ''Go Command'' to the next character we want to try
* Captures a power trace
* Repeats for all characters we want to try
An example of this loop is:
<presyntaxhighlight lang=python>
trylist = 'abcdefghijklmnopqrstuvwxyz0123456789'
for c in trylist:
# Test this password and record Get a power traceusing our next attempt selfnextPass = password + '{}'.api.setParameterformat(['Simple Serial', 'Go Command', c ) + '"\n'])" target.go_cmd = nextPass cw.captureN(self.apiscope, self.capture1(target, None, self.aux_list, self.ktp, 1) # Get Grab the data trace and check data[153] data nextTrace = selfscope.api.getScope().channels[0].getTracegetLastTrace() if datanextTrace[153] > -0.2:
print "Success: " + c
</presyntaxhighlight>
This script will eventually stop, but you can use Ctrl+C on the command line to kill it. Make sure your script prints "Success: h"!
=== Attacking the Full Password ===
The last step is to attack the entire password, one letter at a time. The procedure to do this is:
* Start with a blank password string
An example of this loop is:
<presyntaxhighlight lang=python># Crack the first letter
password = ''
trylist = 'abcdefghijklmnopqrstuvwxyz0123456789'
for c in trylist:
# Get a power trace using our next attempt
nextPass = password + '{}'.format(c)+ "\n" selftarget.apigo_cmd = nextPass cw.setParametercaptureN(['Simple Serial'self.scope, 'Go Command'self.target, '{}\n'None, self.format(nextPass)]) aux_list, self.api.capture1(ktp, 1)
# Grab the trace
nextTrace = selfscope.api.getScope().channels[0].getTracegetLastTrace()
# Check location 153, 225, etc. If it's too low, we've failed
print '{} characters: {}'.format(i+1, password)
break
</presyntaxhighlight>
After some time, this prints <code>5 characters: h0px3</code> -- it automatically finds the correct password.
* If there was a lock-out on a wrong password, the system would ignore it, as it resets the target after every attempt.
== Conclusion ==
This tutorial has demonstrated the use of the power side-channel for performing timing attacks. A target with a simple password-based security system is broken. In addition you have learned about the scripting support in the ChipWhisperer-Capture software.
== Appendix: Completed Timing Attack Script ==The <code>run()</code> function at the end of the complete tutorial might look something like the followingthis:<presyntaxhighlight lang=python>"""This script is an example of a timing attack on a simple password checker. It is the result of Tutorial B3-1 from the ChipWhisperer Wiki.""" import chipwhisperer as cwfrom chipwhisperer.capture.auxiliary.ResetCW1173Read import ResetCW1173 # GUI compatibilitytry: def runscope = self.scope target = self.target aux_list = self.aux_listexcept NameError: pass # Set up scopescope.gain.gain = 45scope.adc.samples = 2000scope.adc.offset = 0scope.adc.basic_mode = "rising_edge"scope.clock.clkgen_freq = 7370000scope.clock.adc_src = "clkgen_x4"scope.trigger.triggers = "tio4"scope.io.tio1 = "serial_rx"scope.io.tio2 = "serial_tx"scope.io.hs2 = "clkgen" # Set up targettarget.key_cmd = ""target.go_cmd = "h0px3\n"target.output_cmd = "" # Set up aux module to reset target before captureresetter = ResetCW1173(xmega=True, delay_ms=1200)aux_list.register(resetter.resetThenDelay, "before_trace") # Test one capturecw.captureN(self.scope, self.target, None, self.aux_list, self.ktp, 1)trace = scope.getLastTrace()print trace # Crack the first letterpassword = ''trylist = 'abcdefghijklmnopqrstuvwxyz0123456789' for i in range(5): for c in trylist: # This is the function that gets called when Get a power trace using our script startsnext attempt nextPass = password + '{}'.format(c) + "\n" target.go_cmd = nextPass cw.captureN(self.scope, self.target, None, self.aux_list, self.ktp, 1)
# First: set up Grab the basics and connect to the CW-Litetrace self.api.setParameter(['Generic Settings', 'Scope Module', 'ChipWhisperer/OpenADC']) self.api.setParameter(['Generic Settings', 'Target Module', 'Simple Serial']) self.api.setParameter(['Generic Settings', 'Trace Format', 'ChipWhisperer/Native']) self.api.setParameter(['Simple Serial', 'Connection', 'ChipWhisperer-Lite']) self.api.setParameter(['ChipWhisperer/OpenADC', 'Connection', 'ChipWhisperer-Lite']) self.apinextTrace = scope.connectgetLastTrace()
{{Template:Tutorials}}
[[Category:Tutorials]]
