Skip to content
ChipWhisperer-Lint is an open source implementation of our automated leakage detection tool.
Python Shell
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.


This project is designed to help users perform automated testing of embedded hardware. This requires users to have certain hardware (ChipWhisperer) which is used to record example power traces.

With these traces we can perform analysis to determine how vulnerable a target device (normally - an AES crypto hardware core) is to side channel power analysis.


For more details on this tool and results see the White Paper. This was presented at Black Hat 2018.

See the following for examples and results:


Let's get this thing working.


Setting up requires running the backend server "somewhere". Basically it's supposed to run on EC2 server because they are a cheap way to get a bunch of cores and memory. You can do this locally as well, but it's fairly computationally intensive.

While there will be a hosted version, right now that is not available with a general interface. Thus it's easier if you run your own EC2 server.


The user has a number of power analysis traces, they were captured with a random plaintext and random fixed key. This random-random capture is done to reduce the chance one specific key is accidentally "picked off".

Briefly, it works like this:

  1. Zips together a bunch of power traces.
  2. Uploads files to server - by default the server.ini assumes they are in /var/cwlint/traces, so put them there and unzip.

Now call the server setup. Right now that looks like this:

python run --cwproject="xmega-aes-small.cwp" --config="aes128_sbox.cfg"

This returns and tells you the project ID. The system then runs the check. You can then check for status of the request:

python status 8

Finally making a HTML report.

python result --html example_result.html 8

The report generation is currently a simple script -- this will be fixed eventually, but for the PoC has worked well enough (oops). It will likely happen on the backend since it will become much faster to download.

You can’t perform that action at this time.