|As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.|
→Reset via Auxiliary Module
<ol style="list-style-type: decimal;">
We're going to use the ''Reset AVR/XMEGA via CW-Lite'' auxiliary module.Let's get an idea of how this module works: * Navigate to the auxiliary modules folder (<code>chipwhisperer\software\chipwhisperer\capture\auxiliary\</code>) and open <code>ResetCW1183Read.py </code> in your choice of text editor. * Find the function definition for <code>resetDevice()</code>. It contains a line that looks like: <pre> CWCoreAPI.getInstance().getScope().scopetype.cwliteXMEGA.readSignature() </pre> * Look for the lines where this function gets called. You'll find that the function <code>traceArm()</code> uses it like: < pre> resettiming = self.findParam('resettiming').value() if resettiming == 'Pre-Arm': self.resetDevice() </pre> Effectively, this code will read the target's signature before we arm the power measurement. This means that the target will automatically be reset before capturing a power trace.
Go back to the ChipWhisperer Capture software. In the ''Generic Settings'' tab, switch the Auxiliary Module to ''Reset AVR/XMEGA via CW-Lite''.< /li> <li> Now, in the ''Aux Settings'' tab, we can configure our automatic reset. Make sure the settings are: * Pre-arm delay: roughly 1200 ms * Post-arm delay: the default (0 ms) is fine * Reset timing: Pre-arm (reset the device before we arm the scope)
<li> Press ''Capture 1''. The target will automatically reset, with the Safe-o-matic 3000 boot sequence appearing in the console. Then, 1 second later, the program will send the password to the target and record a power trace.
Now, confirm that you can try different passwords (in ''Target Settings'') and see how the power trace changes when your password has 0, 1, 2... correct characters.
= Performing the Timing Attack =