def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0,3000))
def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit( chipwhisperer.analyzer.attacks.models.AES128_8bit.SBox_output) self.attack.setAnalysisAlgorithm(CPAProgressive, leakage_object) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys( [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 2999))
def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm( chipwhisperer.analyzer.attacks.cpa_algorithms.progressive. CPAProgressive, chipwhisperer.analyzer.attacks.models.DES.DES, chipwhisperer.analyzer.attacks.models.DES.DES. LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499))
def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES( chipwhisperer.analyzer.attacks.models.DES.SBox_output) self.attack.setAnalysisAlgorithm( chipwhisperer.analyzer.attacks.cpa_algorithms.progressive. CPAProgressive, leakage_object) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499))
def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0,3000))
def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit(chipwhisperer.analyzer.attacks.models.AES128_8bit.SBox_output) self.attack.setAnalysisAlgorithm(CPAProgressive,leakage_object) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 2999))
def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES(chipwhisperer.analyzer.attacks.models.DES.SBox_output) self.attack.setAnalysisAlgorithm(chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.CPAProgressive, leakage_object) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499))
class Attack(UserScriptBase): _name = "DES-CPA Attack Analyzer Script" def initPreprocessing(self): self.traces = self.api.project().traceManager() def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm( chipwhisperer.analyzer.attacks.cpa_algorithms.progressive. CPAProgressive, chipwhisperer.analyzer.attacks.models.DES.DES, chipwhisperer.analyzer.attacks.models.DES.DES. LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults( "Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource( self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_descpa.cwp") self.initPreprocessing() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
class Attack(UserScriptBase): _name = "CPA Attack Analyzer Script" def initPreprocessing(self): # Add amplitude noise and jitter to the original traces ppMod0 = preprocessing.add_noise_jitter.AddNoiseJitter( self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxJitter(2) ppMod0.init() ppMod1 = preprocessing.add_noise_random.AddNoiseRandom(ppMod0) ppMod1.setEnabled(False) ppMod1.setMaxNoise(0.005000) ppMod1.init() self.traces = ppMod1 def initPreprocessing2(self): # Resync using SAD (to fix the jitter) and applies decimation (because we want to test this feature :) ppMod0 = preprocessing.resync_sad.ResyncSAD( self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setReference(rtraceno=0, refpoints=(90, 100), inputwindow=(70, 120)) ppMod0.init() ppMod1 = preprocessing.decimation_fixed.DecimationFixed(ppMod0) ppMod1.setEnabled(True) ppMod1.setDecimationFactor(2) ppMod1.init() self.traces = ppMod1 def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm( CPAProgressive, chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit, chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit. LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys( [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 2999)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults( "Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource( self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_cpa.cwp") self.initPreprocessing() # In order to increase test coverage, we will save the trace with noise to the trace manager self.api.getResults("Trace Recorder").setTraceSource(self.traces) self.api.setParameter([ 'Results', 'Trace Recorder', 'Trace Format', 'ChipWhisperer/Native' ]) self.api.setParameter( ['Results', 'Trace Recorder', 'Trace Range', (0, 49)]) self.api.setParameter( ['Results', 'Trace Recorder', 'Point Range', (0, 2999)]) self.api.setParameter(['Results', 'Trace Recorder', 'Save', None]) # Deselect the original traces and select this new one self.api.project().traceManager().setTraceSegmentStatus(0, False) self.api.project().traceManager().setTraceSegmentStatus(1, True) self.api.saveProject() # Fix the traces self.initPreprocessing2() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
class UserScript(UserScriptBase): _name = "CPA attack with noise" _description = "Simple example of attack script using CPA Progressive and random noise" def __init__(self, api): UserScriptBase.__init__(self, api) self.initProject() self.initPreprocessing() self.initAnalysis() self.initReporting() def initProject(self): pass def initPreprocessing(self): ppMod0 = preprocessing.add_noise_random.AddNoiseRandom(self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxNoise(0.005000) ppMod0.init() self.traces = ppMod0 def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0,3000)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): self.attack.processTraces()
import chipwhisperer as cw from chipwhisperer.analyzer.attacks.cpa import CPA from chipwhisperer.analyzer.attacks.cpa_algorithms.progressive import CPAProgressive from chipwhisperer.analyzer.attacks.models.AES128_8bit import * from chipwhisperer.analyzer.preprocessing.add_noise_random import AddNoiseRandom traces = self.project.traceManager() attack = CPA() leak_model = AES128_8bit(InvSBox_output) # inv sbox works on T-Box Decryption as well attack.setAnalysisAlgorithm(CPAProgressive, leak_model) #attack.setTraceSource(traces) attack.setTraceSource(self.ppmod[0]) attack.setTraceStart(0) attack.setTracesPerAttack(-1) attack.setIterations(1) attack.setReportingInterval(10) attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) attack.setPointRange((48000,50400)) # attack last round which occurs 1st, for decryption self.results_table.setAnalysisSource(attack) self.correlation_plot.setAnalysisSource(attack) self.output_plot.setAnalysisSource(attack) self.pge_plot.setAnalysisSource(attack) attack.processTraces()
class Attack(UserScriptBase): _name = "DES-CPA Attack Analyzer Script" def initPreprocessing(self): self.traces = self.api.project().traceManager() def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES(chipwhisperer.analyzer.attacks.models.DES.SBox_output) self.attack.setAnalysisAlgorithm(chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.CPAProgressive, leakage_object) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_descpa.cwp") self.initPreprocessing() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
class Attack(UserScriptBase): _name = "CPA Attack Analyzer Script" def initPreprocessing(self): # Add amplitude noise and jitter to the original traces ppMod0 = preprocessing.AddNoiseJitter.AddNoiseJitter(self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxJitter(2) ppMod0.init() ppMod1 = preprocessing.AddNoiseRandom.AddNoiseRandom(ppMod0) ppMod1.setEnabled(False) ppMod1.setMaxNoise(0.005000) ppMod1.init() self.traces = ppMod1 def initPreprocessing2(self): # Resync using SAD (to fix the jitter) and applies decimation (because we want to test this feature :) ppMod0 = preprocessing.ResyncSAD.ResyncSAD(self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setReference(rtraceno=0, refpoints=(90,100), inputwindow=(70,120)) ppMod0.init() ppMod1 = preprocessing.DecimationFixed.DecimationFixed(ppMod0) ppMod1.setEnabled(True) ppMod1.setDecimationFactor(2) ppMod1.init() self.traces = ppMod1 def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 2999)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_cpa.cwp") self.initPreprocessing() # In order to increase test coverage, we will save the trace with noise to the trace manager self.api.getResults("Trace Recorder").setTraceSource(self.traces) self.api.setParameter(['Results', 'Trace Recorder', 'Trace Format', 'ChipWhisperer/Native']) self.api.setParameter(['Results', 'Trace Recorder', 'Trace Range', (0, 49)]) self.api.setParameter(['Results', 'Trace Recorder', 'Point Range', (0, 2999)]) self.api.setParameter(['Results', 'Trace Recorder', 'Save', None]) # Deselect the original traces and select this new one self.api.project().traceManager().setTraceSegmentStatus(0, False) self.api.project().traceManager().setTraceSegmentStatus(1, True) self.api.saveProject() # Fix the traces self.initPreprocessing2() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
"""CPA attack script. Assumes that a project with XMEGA software DES traces is already open. """ import chipwhisperer as cw from chipwhisperer.analyzer.attacks.cpa import CPA from chipwhisperer.analyzer.attacks.cpa_algorithms.progressive import CPAProgressive from chipwhisperer.analyzer.attacks.models.DES import DES, SBox_output #self.project = cw.openProject("2017-mar23-xmega-des.cwp") traces = self.project.traceManager() attack = CPA() leak_model = DES(SBox_output) attack.setAnalysisAlgorithm(CPAProgressive, leak_model) attack.setTraceSource(traces) attack.setTraceStart(0) attack.setTracesPerAttack(-1) attack.setIterations(1) attack.setReportingInterval(10) attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) attack.setPointRange((0, -1)) self.results_table.setAnalysisSource(attack) self.correlation_plot.setAnalysisSource(attack) self.output_plot.setAnalysisSource(attack) self.pge_plot.setAnalysisSource(attack) attack.processTraces()
class UserScript(UserScriptBase): _name = "CPA with noise" _description = "Simple example of attack script using CPA Progressive and random noise" def __init__(self, api): UserScriptBase.__init__(self, api) self.initProject() self.initPreprocessing() self.initAnalysis() self.initReporting() def initProject(self): pass def initPreprocessing(self): ppMod0 = preprocessing.AddNoiseRandom.AddNoiseRandom(None, self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxNoise(0.005000) ppMod0.init() self.traces = ppMod0 def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0,3000)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.resultWidgets["Correlation vs Traces in Attack"].setAnalysisSource(self.attack) self.api.resultWidgets["Knownkey Source"].setAnalysisSource(self.attack) self.api.resultWidgets["Output vs Point Plot"].setAnalysisSource(self.attack) self.api.resultWidgets["PGE vs Trace Plot"].setAnalysisSource(self.attack) self.api.resultWidgets["Results Table"].setAnalysisSource(self.attack) self.api.resultWidgets["Save to Files"].setAnalysisSource(self.attack) self.api.resultWidgets["Trace Output Plot"].setTraceSource(self.traces) def run(self): self.attack.processTraces()
class Attack(UserScriptBase): _name = "CPA" _description = "Simple example of attack script using CPA" def __init__(self, api): UserScriptBase.__init__(self, api) self.initProject() self.initPreprocessing() self.initAnalysis() self.initReporting() def initProject(self): self.api.openProject(".\AES_8000t.cwp") def initPreprocessing(self): self.traces = self.api.project().traceManager() def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HD_LASTROUND_STATE) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(8000) self.attack.setIterations(1) self.attack.setReportingInterval(100) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0,396)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.setParameter(['Results', 'Save to Files', 'Save Raw Results', True]) self.api.setParameter(['Results', 'Save to Files', 'Save type', 'correlation']) #self.api.setParameter(['Results', 'PGE vs Trace Plot', 'Copy PGE Data to Clipboard', None]) def run(self): self.attack.processTraces()