Follow {{Warningbox|This tutorial has been updated for ChipWhisperer 4.0.0 release. If you are using 3.x.x see the same procedure as "V3" link in [Creating Tutorial B5 Breaking AES (Straightforward)], but:- Flashing the DES firmware at the target (i.e. chipwhisperer/hardware/victims/firmware/simpleserial-des/simpleserial-des-xmegasidebar.hex), instead;}}
and{{Infobox tutorial|name = B5-2:Breaking DES (Straightforward)|image = |caption = |software versions =|capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro|Target Device = |Target Architecture = XMEGA|Hardware Crypto = No|Purchase Hardware = }}
- Setting an appropriate 'Total Samples' and 'Offset' in the Scope Settings;
- Setting the 'Key Length (Bytes)', 'Input Length (Bytes)' and 'Output Length (Bytes)' to 8 bytes in the Target Settings;
- Setting an appropriate 8 bytes Key in the Generic Settings.
Or, alternatively, the script "ChipWhisperer-Lite: DES SimpleSerial on XMEGA" can be executed to do the above steps automatically in this platform.
In Follow the Analyzersame procedure as in : [[Tutorial B5 Breaking AES (Straightforward)]], but:# Flashing the only difference is DES firmware to set the Crypto Algorithm target device (e.g. chipwhisperer/hardware/victims/firmware/simpleserial-des/simpleserial-des-xmega.hex), instead;# Setting an appropriate 'Total Samples' (e.g. 3500) and 'Offset' (e.g. 15500) in the ''Scope Settings'';# Setting the 'Key Length (Bytes)', 'Input Length (Bytes)' and 'Output Length (Bytes)' to DES 8 bytes in the ''Target Settings'';# Setting an appropriate 8 bytes Key in the Attack ''Generic Settings(e.g. 2B 7E 15 16 28 AE D2 A6)''.
* Or, alternatively, execute the script "setup_cwlite_xmega_des.py" to perform steps 2-4 (you still need to perform step 1 yourself). In the Analyzer, you'll need to modify the script to call the DES model instead of the AES model. This will mean: <pre>from chipwhisperer.analyzer.attacks.models.DES import DES, SBox_output</pre> And setting: <pre>leak_model = DES(SBox_output)</pre> See the example analyzer script for a complete listing of the required commands. Note that the attack attemps to recover the [[wikipedia:File:DES-key-schedule.png|first round subkeykey]], which only have has 48bits([[wikipedia:File:DES-f-function.png|8 s-boxes x 6 bits each]]), while the original key has 54 significant 56 significative bits (64 if we count the parity bits that are irrelevant). So, if we map the first round subkeykey, obtained after the attack, to the original key (you can use the provided DES Key Schedule Tool to do it), there will still be 8 bits missing (256 combinations). However [[File:deskeyschedulecalc.png]] In this example, it can be easily recovered using brute forcematches the original key that was: [[File:key_des.png|801x801px]] == Links == {{Template:Tutorials}}[[Category:Tutorials]]
