Changes

You can also view a 53-min [https://www.youtube.com/watch?v=h4eAU6vEONs&hd=1 Video Version on YouTube]:

You should have already completed tutorialtimingsimple to gain a better understanding of the ChipWhisperer interface.

The target firmware is located in the directory <code>chipwhisperer\hardware\victims\firmware\basic-passwdcheck</code>. Build the firmware using <code>make</code>, once again being careful to ensure you have modified the <code>makefile</code> to select the correct target. You should end up with something like this being printed:

-------- end --------</pre>

At this point, you should be able to configure the target as in the tutorialtimingsimple or tutorialcomms. Rather than tediously going through the setup process again, we'll simply use one of the scripts built into the ChipWhisperer-Capture software. This will demonstrate how we can use a script as a starting point to simplify our setup.

<li>Using the programming tool (such as XMEGA programming dialog), program the file <code>basic-passwdcheck.hex</code> into the target device. This file is located where you ran <code>make</code> previously.</li>

<li><p>Select ''Tools --&gt; Open Terminal'', and press ''Connect''. You should see a window such as this:</p>

<li><p>At this point we need to reset the target device. The easiest way to do this is use the programmer interface, and press the ''Check Signature'' or ''Read Signature'' button. This will reset the target device as part of the signature read operation. You should see some messages come across the terminal emulator window:</p>

<dl>

<dt>Note a few warnings about the terminal emulator:</dt>

<p>In real systems, you may often know ''one'' of the passwords, which is sufficient to investigate the password checking routines as we will do. You also normally have an ability to reset passwords to default. While the reset procedure would erase any data you care about, the attacker will be able to use this 'sacrificial' device to learn about possible vulnerabilites. So the assumption that we have access to the password is really just saying we have access to ''a'' password, and will use that knowledge to break the system in general.</p></blockquote></li>

<li><p>Using the terminal emulator, write the correct password in, and press <code>&lt;enter&gt;</code>. You should be greeted by a welcome message, and if using the CW-Lite XMEGA target the green LED will illuminate:</p>

<li>The system enters an infinite loop for any password entry. Thus you must reset the system, use the ''Programmer Window'' to again perform a ''Check Signature'' or ''Read Signature'' operation.</li>

<li>Enter an incorrect password - notice a different message is printed, and if using the CW-Lite XMEGA target the red LED will come on.</li>

<li>Timeout set to 5 seconds or greater (to give yourself time when manually testing)</li></ul>

<li><p>Change to the ''Target Settings'' tab, and delete the ''Command'' strings. Those strings are used in the AES attack to send a specific command to the target device, for now we will be manually sending data:</p>

<li><p>Perform the following actions:</p>

<blockquote><ol style="list-style-type: lower-roman;">

</blockquote>

<p>You must send the password before the timeout occurs -- you can increase the length of the timeout if needed to give yourself more time! If this works you should see the power consumption displayed in the GUI:</p>

<li><p>Rather than using the manual terminal, let's now use the GUI to automatically send a password try. Switching back to the ''Target Settings'' tab, write <code>h0px3\n</code> into the ''Go Command'' option:</p>

<p>The ''Go Command'' is sent right after the scope is armed. In this example it means we can capture the power consumption during the password entry phase.</p></li>

<li><p>Now perform the following actions:</p>

<p>You should notice a distinct change in the password depending how many characters were correct. For example the following shows the difference between passwords of <code>h0px4</code> (which has 4 correct characters) and <code>h0paa</code> (which has 3 correct characters):</p>

TODO - see reset via programming interface for now

The following example targets the ChipWhisperer-Lite XMEGA target. You can modify it for ChipWhisperer-Lite AVR target by replacing <code>XMEGA</code> with <code>AVR</code> in the function calls. We'll first learn how to recreate the process of pressing the ''Check Signature'' button via the API. This isn't normally exposed, but we can explore that using the Python Console.

sleep(0.8)</pre>

<p>Remember Python is ''whitespace sensitive'', so you'll have to be careful with indents in use. To being with, simply type <code>def reset_device():</code> at the console and press enter. You'll notice the <code>&gt;&gt;&gt;</code> changes to <code>...</code> at the console prompt:</p>

<p>Now you will enter the next two lines. Remember you must insert at least one space before each line, and it must be consistent between the two lines entered. Once you enter the last line, press enter and the <code>...</code> should change back to <code>&gt;&gt;&gt;</code></p>

<li>Check you can run <code>reset_device()</code> at the console and the device resets. If there is an error check you've run the import statements previously and for other typos. Re-run the <code>def reset_device():</code> step if required.</li>

<li><p>Now we need to define the class which links the function to a step in the capture. To do so, we want to define the following:</p>

<li>Confirm you can press ''Capture 1'' in the GUI without needing to manually reset the XMEGA target device. Play around with the password to again see the effect of changing password length. In particular, start to consider where you might look for an indicator about how far in the loop you can go? Play around with 0 correct digits, 1 correct digits, etc.</li></ol>

<ol style="list-style-type: decimal;">

]</pre>

<p>Those parameters come from the ''Scripting Parameters'' tab. Switch over to it and notice how when you change the text for example, it tells you the required parameter name to do this via the API call:</p>

<p>Note that commands run via the script are also printed, so you can see where the values being set are coming from too. At this point close the ''ChipWhisperer-Capture'' window, as we will confirm the script still works.</p></li>

<li><p>Run the new script (which doesn't have any changes yet). You may have to open a console with Python in the path:</p>

<p>Set that command at some point after your call to <code>cap.auxChanged()</code>. Close any open ChipWhisperer-Capture windows, and run the script as before. You should connect to the target, and be able to press ''Capture 1'' and see the correct waveform.</p></li>

<li><p>Next, we will automatically start attacking the system. You needed to figure out where we will look to determine if the password check is working. Looking at an example of the power when 0 and 1 bytes are correct, we can see a good point that appears to shift forward in time:</p>

<p>This point corresponds to an offset of 153 samples, and a delta for each character of 72 points. Note the specific point will change for different hardware, and may also change if you use different versions of avr-gcc to compile the target code. The example code here was compiled with WinAVR 20100110, which has avr-gcc 4.3.3. If you view the video version of this tutorial the point numbers are different for example, so be sure to check what they are for your specific system.</p>

<p>Let's start with cracking just the first character, assuming it's a lowercase alphanumeric character:</p>

* If there was a lock-out on a wrong password, the system would ignore it, as it resets the target after every attempt.

</blockquote>

This tutorial has demonstrated the use of the power side-channel for performing timing attacks. A target with a simple password-based security system is broken. In addition you have learned about the scripting support in the ChipWhisperer-Capture software.