Approved_users, administrator
366
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
→Reset via Auxiliary Module
|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro
|Target Device =
|Target Architecture = XMEGA/Arm
|Hardware Crypto = No
|Purchase Hardware =
== Building the Target Firmware ==
The target firmware we'll be using for this tutorial is located in the directory <code>chipwhisperer\hardware\victims\firmware\basic-passwdcheck</code>. Build the firmware using <code>make</code>, once again being careful to ensure you are using the correct <code>PLATFORM{{CollapsibleSection|intro =</code> command. You should end up === Building for CWLite with something like this being printed:XMEGA Target ===|content= Building for XMEGA}}
{{CollapsibleSection
|intro = === CW308 (UFO) Hardware Setup ===
|content= CW308 HW Setup}}
== Manual Communications with the Target ==
Assuming you have ChipWhisperer-Capture setup when you programmed the target (if not, run ''connect_cwlite_simpleserial.py'' and the ''setup_*.py'' script relevant to your target), you can continue by selecting ''Tools --> Terminal'', and pressing ''Connect''. You should see a window such as this:<p>[[File:Termconn.png|image]]</p>At this pointwe need to reset the target device. The easiest way to do this is use the programmer interface, and press the ''Check Signature'' or ''Read Signature'' button. If your target doesn't have a programmer in ChipWhisperer Capture, you can manually toggle the reset pin. This is typically the ''nrst'' pin. This will reset the target device as part of the signature read operation. You should see some messages come across the terminal emulator window:<p>[[File:Checksig_print.png|image]]</p>'''Note a few warnings about the terminal emulator:'''* The on-board buffer is fairly small, and can be able to configure easily overflowed. You may notice a few longer lines become trunicated if printing is too fast!* You can uncheck the target "Show non-ASCII as hex" to avoid having the <code>0a</code> printed in red. The <code>0a</code> is the previous tutorialshex character for a newline. Rather than tediously going through Many protocols use non-ASCII characters, so to help with debugging it is left enabled by default. We've now got some super-secure system! Let's begin with some exploratory tests - in this case I happened to know the setup process againcorrect password is <code>h0px3</code>.<p>'''tip'''</p> <p>In real systems, weyou may often know ''ll simply use one '' of the scripts built into passwords, which is sufficient to investigate the ChipWhisperer-Capture softwarepassword checking routines as we will do. This You also normally have an ability to reset passwords to default. While the reset procedure would erase any data you care about, the attacker will demonstrate how be able to use this 'sacrificial' device to learn about possible vulnerabilites. So the assumption that we can have access to the password is really just saying we have access to ''a'' password, and will use that knowledge to break the system in general.</p><p>Using the terminal emulator, write the correct password in, and press <code><enter></code>. You should be greeted by a script as a starting point welcome message, and if using the CW-Lite XMEGA target the green LED will illuminate:</p><p>[[File:Passok.png|image]]</p>The system enters an infinite loop for any password entry. Thus you must reset the system, use the ''Programmer Window'' to simplify our setupagain perform a ''Check Signature'' or ''Read Signature'' operation.
== Recording Power Traces ==
<li><code>a\n</code></li></ul>
<p>You should notice a distinct change in the password depending how many characters were correct. For example the following shows the difference between passwords of <code>h0px4</code> (which has 4 correct characters) and <code>h0paa</code> (which has 3 correct characters). For example, on an XMEGA target:</p>
<blockquote><p>[[File:3vs4.png|image]]</p></blockquote></li></ol>
<ol style="list-style-type: decimal;">
<li> Scroll down the list of scripts, and you'll find one labeled "aux_reset_cw1173.py". This script has a simple function of attempting to reset If you're not using the XMEGA device using target, you'll need to edit the programmerscript to use the ''nrst'' pin instead of <u>''pdic''</u>:
<br>
[[File:auxreset_test1.png|600px]]
# Reset XMEGA device
Resetter = ResetCW1173(xmegapin=True'pdic', delay_ms=delay_ms)# Reset STM32Fx device#Resetter = ResetCW1173(pin='nrst', delay_ms=delay_ms)
# Reset AVR
#Resetter = ResetCW1173(xmegapin=False'nrst', delay_ms=delay_ms)
# Reset before arming - more stable# avoids possibility of false triggers# need delay in target firmware to avoid race condition
aux_list.register(Resetter.resetThenDelay, "before_trace")
# Reset after arming - # scope can catch entire reset# avoids race condition# target reset can cause false triggers (usually not an issue)
#aux_list.register(Resetter.delayThenReset, "after_arm")
</syntaxhighlight>
{{Greenbox|Make sure to uncomment the correct reset line (shown in the example above) and comment out the other one using a #}}
<li>You can edit the values required such as reset time & location by changing the script (using an external editor). But an easier method is to insert it into our attack script itself. As a test we'll see if the default values work.</li>
<li> Press ''Capture 1''. The target will automatically reset, with the Safe-o-matic 3000 boot sequence appearing in the console. Then, 1 second later, the program will send the password to the target and record a power trace.
== Performing the Timing Attack ==
So far, we've set up our ChipWhisperer to automatically reset the target, send it a password attempt of our choice, and record a power trace while the target processes the password. Now, we'll write a Python script to automatically try different passwords and use these power traces to discover the password stored on the target.
If you're comfortable with python scripting, you may want to use a standalone script utilizing ChipWhisperer's python module. See [[Making Scripts]] for examples on recording and interacting with traces.
=== Scripting the Setup ===
=== Running a Single Capture ===
With our settings prepared, the next step is to use our script to record and analyze a power trace. We need to be able to get the trace data into our Python script so we can analyze it for the timing attack. [[Making Scripts]] is a great resource for learning how to make scripts running ChipWhisperer.
The API allows us to ''press the Capture 1'' button and ''view the power trace'' without using the GUI. There are two relevant commands here. First, we'll need to import ChipWhisperer:
Now that we can record one power trace, we can start the timing attack. Our goal here is to automatically find the first letter of the Super Secret (tm) password.
<p>Look at this example of the power traces when 0 and 1 bytes are correct. We can see a clear point that appears to shift forward (what this point will be and how far it will shift will depend on your target) in time:</p>
<blockquote><p>[[File:Passwordcrackerpts.png|image]]</p></blockquote>
<p>When we guess the first byte incorrectly, there is a distinct power spike at sample number 153. However, when we guess correctly, the target spends more time processing the password, and this spike moves 72 samples forward. This means that we can check if our first byte is correct by checking this data point: if we're right, it will have an amplitude greater than -0.2. Note the specific point will change for different hardware, and may also change if you use different versions of avr-gcc your compiler to compile the target code. The example code here was compiled with WinAVR 20100110, which has avr-gcc 4.3.3. If you view the video version of this tutorial the point numbers are different for example, so be sure to check what they are for your specific system.</p>
Add a loop to your script that does the following:
# Grab the trace and check data[153]
nextTrace = scope.getLastTrace()
if datanextTrace[153] > -0.2:
print "Success: " + c
</syntaxhighlight>
