As of August 2020 the site you are on ( is deprecated, and content is now at


Jump to: navigation, search

Tutorial A5 Breaking AES-256 Bootloader

64 bytes added, 23:06, 16 September 2016
13th Round Key
# Imports for AES256 Attack
from chipwhisperer.analyzer.attacks.models.AES128_8bit base import getHWModelsBasefrom chipwhisperer.analyzer.attacks.models.aes.funcs import sbox, inv_sbox, inv_shiftrows, inv_mixcolumns, inv_subbytes
class AES256Attack(object):
numSubKeys = 16
@staticmethodclass AES256Attack(ModelsBase): _name = 'AES 128'  def __init__(self): ModelsBase.__init__(self, 16, 256, model=None) self.numRoundKeys = 10 def leakage(self, textin, textout, guess, bnum, setting, state): if setting == 13: knownkey = [0xea0xba, 0x790x41, 0x790x9b, 0x200x11, 0xc80x07, 0x710x7b, 0x440x5d, 0x7d0x32, 0x460x1d, 0x620xa0, 0x5f0x7f, 0x510x0a, 0x85, 0xc10x05, 0x3b0xd8, 0xcb0xcd] xored = [knownkey[i] ^ textin[i] for i in range(0, 16)] block = xored block = inv_shiftrows(block) block = inv_subbytes(block) block = inv_mixcolumns(block) block = inv_shiftrows(block) result = block return getHW(self.HW[inv_sbox((result[bnum] ^ guess)))]
You can look back at the C code of the AES-256 decryption to see how this is implementing the decryption code. Note that because of the Inverse MixColumns operation, we need the entire input ciphertext -- otherwise, we would only need to operate on one byte of the ciphertext.
# Add the above function to your custom script file.
# Change the <code>setAnalysisAlgorithm</code> in the script to use your custom functions by making the following call:
#:<pre>self.attack.setAnalysisAlgorithm(CPAProgressive, AES256Attack, 13None)</pre>
# As we did in the 14th round attack, reducing the point range can speed up the attack. For example, to use a smaller range of points, try changing the <code>setPointRange()</code> function call to
>>> from chipwhisperer.analyzer.attacks.models.aes.funcs import shiftrows,mixcolumns
>>> knownkey = [0xC6, 0xBD, 0x4E, 0x50, 0xAB, 0xCA, 0x75, 0x77, 0x79, 0x87, 0x96, 0xCA, 0x1C, 0x7F, 0xC5, 0x82]
>>> key = shiftrows(knownkey)
Approved_users, bureaucrat, administrator

Navigation menu