In [1]:
import numpy as np
%matplotlib notebook
import matplotlib.pyplot as plt
import ipywidgets as widgets
import serial
import time
from picoscope import ps5000a
import picosdk
from picosdk.discover import find_all_units
import serial.tools.list_ports as port_list
import chipwhisperer as cw

# Check if the Picoscope is connected
scopes = find_all_units()
for scope in scopes:
    print("Working with:")
    print(scope.info)
    scope.close()
ports = list(port_list.comports())
for p in ports:
    print (p)


Working with:
UnitInfo(driver=<picosdk.ps5000a.Ps5000alib object at 0x7f040d0610a0>, variant=b'5244D', serial=b'KU687/0175')
/dev/ttyS4 - n/a


**PicoScope setup**

In [2]:
ps = ps5000a.PS5000a()
print("Found the following picoscope:")
print(ps.getAllUnitInfo())

# Since target runnning at 10 MHz and AES requires from trigger
obs_duration = 3.225E-6
# Sample at least 516 points within that window
sampling_interval = obs_duration / 1260
# Configure timebase
(actualSamplingInterval, nSamples, maxSamples) = ps.setSamplingInterval(sampling_interval, obs_duration)
print("Nsamples : ", nSamples)
print("Sampling interval = %f us" % (actualSamplingInterval*nSamples*1E6))

# 50mV range on channel A, AC coupled, 20 MHz BW limit
ps.setChannel('A', 'AC', 0.05, 0.0, enabled=True, BWLimited=True)
# Channel B is trigger
ps.setChannel('B', 'DC', 10.0, 0.0, enabled=True)
ps.setSimpleTrigger('B', 2.0, 'Rising', timeout_ms=2000, enabled=True)

Found the following picoscope:
DriverVersion                 : PS5000A Linux Driver, 2.1.113.3501
USBVersion                    : 3.0
HardwareVersion               : 1
VariantInfo                   : 5244D
BatchAndSerial                : KU687/0175
CalDate                       : 26Apr23
KernelVersion                 : 0.0
DigitalHardwareVersion        : 1
AnalogueHardwareVersion       : 1
PicoFirmwareVersion1          : 1.7.15.0
PicoFirmwareVersion2          : 1.2.34.0
Nsamples :  1612
Sampling interval = 3.224000 us


**CW305 setup**

In [3]:
TARGET_PLATFORM = 'CW305_100t'
fpga_id = '100t'
target = cw.target(None, cw.targets.CW305, fpga_id=fpga_id, force = True)

print(target.is_programmed())

target.vccint_set(1.0)
target.pll.pll_enable_set(True)         # enable PLL chip
target.pll.pll_outenable_set(False, 0)  # disable PLL 0
target.pll.pll_outenable_set(True, 1)   # enable PLL 1
target.pll.pll_outenable_set(False, 2)  # disable PLL 2
target.pll.pll_outfreq_set(10E6, 1)     # PLL1 frequency set to 10 MHz
# 1 ms is plenty idling time --> maybe not useful with picoscope (?) 
target.clksleeptime = 1 

True


**Capture loop**

In [4]:
def pico_capture():
    # Arm the picoscope
    ps.runBlock()
    time.sleep(0.05)
    # Trigger the encryption on Target
    target.fpga_write(target.REG_USER_LED, [0x01])
    target.usb_trigger_toggle()
    ps.waitReady()
    # Capture the trace 
    data = ps.getDataV('A', nSamples, returnOverflow=False)
    return data

In [5]:
from tqdm.notebook import tnrange
project_file = "sca_test_CW305.cwp"
project = cw.create_project(project_file, overwrite=True)

from Crypto.Cipher import AES
from chipwhisperer.common.traces import Trace

ktp = cw.ktp.Basic()
# Initialize cipher to verify DUT result:
key, text = ktp.next()
cipher = AES.new(bytes(key), AES.MODE_ECB)
print("Key: ", key)
#print("Plaintext: ", text)

N = 1000        # Number of traces
traces = []
textin = []
keys = []
data_mV = []

target.fpga_write(target.REG_CRYPT_KEY, key)

# Dummy capture call due to bug of using AC coupling
pico_capture()

for i in tnrange(N, desc='Capturing traces'):
    
    # Write plaintext to target
    target.fpga_write(target.REG_CRYPT_TEXTIN, text)

    # Capture the trace 
    data = pico_capture()
    traces.append(np.array(data))
    data_mV.append(np.array(data)*1E3)

    # Organize and store data
    response = target.fpga_read(target.REG_CRYPT_CIPHEROUT, 16)
    trace_i = Trace(np.array(data), text, response[::-1], key)
    project.traces.append(trace_i)
    
    # Sanity check with expected ciphertext
    #print("Response fpga: ",[ hex(el) for el in response[::-1]])
    #print("Expected instead: ", [hex(el) for el in cipher.encrypt(bytes(text))])
    #assert (list(response[::-1]) == list(cipher.encrypt(bytes(text)))), "Incorrect encryption result!\nGot {}\nExp {}\n".format(list(response), list(text))
    
    key, text = ktp.next() 
    textin.append(text)
    keys.append(key)

project.save()
target.dis()

Key:  CWbytearray(b'2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c')


Capturing traces:   0%|          | 0/1000 [00:00<?, ?it/s]

** Plotting trace **

In [6]:
from bokeh.plotting import figure, show
from bokeh.io import output_notebook
from bokeh.models import CrosshairTool

output_notebook()
p = figure(plot_width=800)

xrange = range(len(traces[0]))
p.line(xrange, traces[4], line_color="red")
show(p)

** Performing AES CPA attack **

In [7]:
import chipwhisperer.analyzer as cwa
attack = cwa.cpa(project, cwa.leakage_models.last_round_state_diff)
cb = cwa.get_jupyter_callback(attack)
results = attack.run(cwa.get_jupyter_callback(attack, 25))


Unnamed: 0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
PGE=,129,94,72,231,232,149,186,48,114,144,81,35,253,20,34,1
0,45 0.139,C1 0.216,D2 0.170,28 0.170,8B 0.164,E6 0.206,31 0.176,C9 0.215,99 0.168,63 0.181,1F 0.166,6D 0.155,B7 0.195,80 0.161,5E 0.199,94 0.179
1,98 0.134,16 0.129,68 0.136,42 0.136,42 0.139,4E 0.147,91 0.135,B7 0.143,76 0.131,7A 0.139,9F 0.166,FF 0.132,03 0.127,69 0.142,B0 0.137,A6 0.144
2,AB 0.134,7E 0.123,F6 0.130,48 0.130,C8 0.132,CB 0.139,BC 0.134,C6 0.134,2D 0.130,18 0.137,DD 0.124,53 0.132,97 0.125,C1 0.139,BA 0.134,B8 0.135
3,E9 0.132,32 0.122,9A 0.124,01 0.130,E8 0.124,7D 0.130,5C 0.124,85 0.132,AA 0.128,DD 0.130,1B 0.120,2B 0.126,FD 0.123,49 0.126,17 0.131,D4 0.126
4,90 0.129,29 0.122,A5 0.123,AE 0.130,C3 0.122,A9 0.125,5A 0.123,F4 0.127,6E 0.127,29 0.124,D2 0.114,79 0.121,89 0.122,F6 0.124,61 0.130,75 0.115
5,D1 0.123,31 0.121,12 0.122,99 0.130,C6 0.121,60 0.123,63 0.121,3C 0.126,6B 0.123,BD 0.122,B0 0.114,BF 0.119,B1 0.120,A0 0.122,B5 0.126,4A 0.113
6,29 0.122,2C 0.119,3B 0.121,FA 0.127,C0 0.120,4A 0.121,87 0.121,4F 0.126,CC 0.121,22 0.119,62 0.113,0A 0.117,32 0.118,C0 0.120,1D 0.124,1C 0.113
7,F6 0.120,8A 0.116,D4 0.117,41 0.127,5F 0.119,EA 0.120,79 0.118,C2 0.121,0C 0.119,D0 0.115,17 0.112,97 0.116,66 0.118,9D 0.119,44 0.124,E5 0.110
8,19 0.115,E5 0.115,28 0.114,FD 0.125,D5 0.118,7F 0.119,85 0.118,28 0.117,7C 0.118,06 0.114,EC 0.111,59 0.115,9C 0.117,1A 0.117,E9 0.122,AC 0.110


In [8]:

from chipwhisperer.analyzer.attacks.models.aes.key_schedule import key_schedule_rounds
recv_lastroundkey = [kguess[0][0] for kguess in results.find_maximums()]
recv_key = key_schedule_rounds(recv_lastroundkey, 10, 0)
for subkey in recv_key:
    print(hex(subkey))
key=list(key)
assert (key == recv_key), "Failed to recover encryption key!\nGot {}\nExp {}\n".format(recv_key, key)

0xd2
0xb0
0x2a
0xea
0x41
0x84
0xf9
0x85
0x48
0xbc
0xae
0x6
0xdf
0x15
0x7e
0x5


AssertionError: Failed to recover encryption key!
Got [210, 176, 42, 234, 65, 132, 249, 133, 72, 188, 174, 6, 223, 21, 126, 5]
Exp [43, 126, 21, 22, 40, 174, 210, 166, 171, 247, 21, 136, 9, 207, 79, 60]


In [9]:
leak_model = cwa.leakage_models.sbox_output
attack = cwa.cpa(project, leak_model)
results = attack.run(cwa.get_jupyter_callback(attack, 25))

Unnamed: 0,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
PGE=,138,63,43,149,61,191,218,99,93,45,162,182,110,207,115,236
0,83 0.140,8B 0.128,7B 0.166,55 0.144,9A 0.157,ED 0.144,D5 0.137,42 0.130,7E 0.131,66 0.132,45 0.129,F6 0.128,F7 0.132,F0 0.132,8B 0.133,CD 0.138
1,44 0.137,5B 0.123,BF 0.141,F8 0.143,24 0.127,21 0.125,CB 0.136,BA 0.128,A7 0.129,C7 0.131,44 0.126,CE 0.124,6C 0.124,2A 0.130,E4 0.129,36 0.136
2,03 0.134,93 0.123,DA 0.129,5E 0.131,D5 0.126,8B 0.122,F6 0.123,17 0.127,82 0.122,21 0.128,DB 0.120,44 0.123,E6 0.123,E3 0.126,0B 0.129,28 0.120
3,D4 0.130,59 0.121,67 0.127,E2 0.127,F6 0.126,10 0.122,42 0.123,19 0.123,D0 0.121,B4 0.124,AE 0.120,3E 0.121,04 0.121,49 0.126,BD 0.126,08 0.119
4,D0 0.128,84 0.120,16 0.127,4B 0.127,C3 0.125,4D 0.120,E9 0.121,93 0.119,16 0.120,3B 0.123,FA 0.118,F9 0.120,49 0.119,C7 0.125,9F 0.123,1C 0.118
5,49 0.124,80 0.120,B7 0.127,6C 0.125,56 0.125,AB 0.119,D3 0.119,BB 0.117,26 0.116,19 0.121,09 0.118,F1 0.118,43 0.118,DC 0.124,5C 0.119,44 0.117
6,4F 0.124,E8 0.120,2A 0.125,5F 0.123,86 0.123,E9 0.119,B7 0.119,55 0.116,B4 0.115,23 0.120,F8 0.114,89 0.115,EA 0.117,BA 0.121,A8 0.119,09 0.116
7,04 0.124,BF 0.119,FC 0.123,B2 0.121,CD 0.123,32 0.119,17 0.119,C5 0.116,0D 0.114,D2 0.120,21 0.114,DF 0.109,A6 0.116,04 0.119,A0 0.119,1F 0.112
8,E0 0.123,85 0.119,7D 0.123,9B 0.121,69 0.122,A6 0.118,EB 0.118,EC 0.116,95 0.114,68 0.119,BE 0.111,A5 0.109,72 0.113,CE 0.118,46 0.117,37 0.112
