# Side-Channel Workshop
In this lab, we will walk through a simple power analysis (SPA) side-channel attack.

The provided data client will connect you to an embedded device that accepts 4-digit passwords, compares them to the correct password using the `strcmp` (string compare) function, and returns the result (correct/incorrect) and a power side-channel trace of the device performing the operation.

**Your goal: use the power traces to crack the 4-digit password**

## Prologue
Just run this once to import the network backend

In [None]:
from lab import *

## Step 1: Create Client
First, we need to create the client. You can create one of two clients, each with a different difficulty.

In [None]:
# basic difficulty (large trigger signal, 4-digit numeric)
dc = DataClient()

# basic difficulty (no trigger signal, 4-digit numeric)
# dc = DataClient(path=DataClient.MED_PATH)

# advanced difficulty (no trigger signal, any 4-digit value)
# dc = DataClient(path=DataClient.ADV_PATH, seed='changeme')

## Step 2: Fetch trace
Next, we need to use the client to fetch a trace from the server using a password guess. Note: your first fetch may take a bit.

In [None]:
trace = dc.fetch('0000')

# advanced binary input
# trace = dc.fetch([b'\x01\x02\03\x04'])

## Step 3: Plot trace
Once we have the trace, we can then plot it. Here, you can see the effect of different levels of smoothing as well as how to stack multiple plots in one view.

**NOTE: The `%maplotlib widgit` line is needed for an interactive plot**

In [None]:
%matplotlib widget
plot_trace(trace, 1)
plot_trace(trace, 10)
plot_trace(trace, 100)

We can see that the device running this comparison operation results in a structured trace, where (presumably) different operations result in different amounts of power draw. We will be able to use this structure to infer the correctness of our key guesses by comparing traces of 

---
## Your Turn!
Now, using these steps, see if you can crack the password!

Please don't just brute-force all 10k possible combinations. That will both bog down the server for your fellow attackers and defeat the purpose of the exercise :)

Feel free to add more Python code cells to work with using the `+` button in the upper left.

---
## Finished?
If you've finished early or just want a challenge, try some of the following:

* Figure out the optimal strategy for guessing passwords (what is the minimum number of guesses to ensure cracking the PIN?)
* Try using the advanced data client. The timing-critical section will be harder to spot and the password is 4 bytes of binary input instead of 4 digits

---
## Need a hint?
Run each cell below to reveal another hint

**NOTE:** Some details of the clues only apply to the basic difficulty challenge.

## Hint 1

In [None]:
%load hints/hint1.py

## Hint 2

In [None]:
%load hints/hint2.py

## Hint 3

In [None]:
%load hints/hint3.py

## Hint 4:

In [None]:
%load hints/hint4.py

## Hint 5

In [None]:
%load hints/hint5.py

## Hint 6

In [None]:
%load hints/hint6.py

## Hint 7

In [None]:
%load hints/hint7.py