def main(): tdb= traces_database( __TABLE__ ) brk= des_breaker() # Some variables fullkey= None subkeys= None stability= 0 iteration= 0 fd= open(__OUTPUT_FILE__(), "w") # Multiply outputs def out( s ): fd.write(s+"\n") print s out( "# Table: " + __TABLE__ ) out( "# Stability threshold: " + str(__STABILITY_THRESHOLD__) ) out( "# Iteration threshold: " + str(__ITERATION_THRESHOLD__) ) out( "#" ) out( "# Columns: Iteration Stability Subkey0 ... Subkey7" ) # Searching for the key #print 'searching for the key..' while fullkey == None: start_time = time.time() msg, crypt, trace= tdb.get_trace() brk.process(msg, trace) iteration+= 1 #text= str(iteration).rjust(4) + " " # When enough iterations, trying to guess subkeys #if iteration >= __ITERATION_THRESHOLD__: if iteration >= __ITERATION_THRESHOLD__ : # Computing new subkeys and stability mark loc_subkeys= brk.get_subkeys() if loc_subkeys == subkeys: stability+= 1 else: subkeys= loc_subkeys stability= 0 # Gathering some informations #text+= str(stability).rjust(3) #for sk in subkeys: #text+= " " + str(sk).rjust(2) # If subkeys have been stable for long enough, try to guess the full key if stability >= __STABILITY_THRESHOLD__ : print 'Done' fullkey= brk.get_key(msg, crypt) # Flushing output #out( text ) # End of Attack out( "# Key: " + str(fullkey) + "\n" ) fd.close()
def test(): sb= sbox_breaker( 0 ) tdb= traces_database(TABLE) for i in range(10): msg, crypt, trace= tdb.get_trace() sb.process(msg, trace) best_key= sb.get_key() print "processed trace:", i, "- best key is:", best_key
def test(): sb= sbox_breaker( 1 ) tdb= traces_database(__TABLE__) for i in range(10): msg, crypt, trace= tdb.get_trace() sb.process(msg, parse_binary(trace)) best_key= sb.get_keys()[0] print "processed trace:", i, "- best key is:", best_key
def test():
ke= key_estimator(0, 56) # 56 is the correct key for the sbox #0
tdb= traces_database.traces_database(TABLE)
for i in range(10):
msg, crypt, trace= tdb.get_trace()
ke.process(msg, trace)
print "processed trace:", i, "- mark is:", ke.get_mark()
fd= open("output.csv", "w")
for f in ke.get_differential():
fd.write(str(f)+"\n")
fd.close()
def test(): sb= sbox_breaker( 6 ) tdb= traces_database(TABLE) for i in range(300): msg, crypt, trace= tdb.get_trace() print "processing trace: ",i sb.process(msg, trace[START:END]) if i>150 : best_key= sb.get_key() print "- best key is:", best_key key=sb.get_key() print "Got key ",best_key
def main(): tdb= traces_database( TABLE ) brk= des_breaker() # Some variables fullkey= None subkeys= None stability= 0 iteration= 0 fd= open(OUTPUT_FILE, "w") # Multiply outputs def out( s ): fd.write(s+"\n") print s out( "# Table: " + TABLE ) out( "# Stability threshold: " + str(STABILITY_THRESHOLD) ) out( "# Iteration threshold: " + str(ITERATION_THRESHOLD) ) out( "#" ) out( "# Columns: Iteration Stability Subkey0 ... Subkey7" ) # Searching for the key while fullkey == None: msg, crypt, trace= tdb.get_trace() trace = k4(10,trace) brk.process(msg, trace[START:END]) iteration+= 1 text= str(iteration).rjust(4) + " " # When enough iterations, trying to guess subkeys if iteration >= ITERATION_THRESHOLD: # Computing new subkeys and stability mark loc_subkeys= brk.get_subkeys() if loc_subkeys == subkeys: stability+= 1 else: subkeys= loc_subkeys stability= 0 # Gathering some informations text+= str(stability).rjust(3) for sk in subkeys: text+= " " + str(sk).rjust(2) # If subkeys have been stable for long enough, try to guess the full key if stability >= STABILITY_THRESHOLD: fullkey= brk.get_key(msg, crypt) # Flushing output out( text ) # End of Attack out( "# Key: " + str(fullkey) + "\n" ) fd.close()
def test():
ke= n_key_estimator( [(0, 56), (1, 11)] ) # 56 and 11 are the correct keys for sbox #0 and #1
tdb= traces_database.traces_database(TABLE)
for i in range(10):
msg, crypt, trace= tdb.get_trace()
ke.process(msg, trace)
print "Processed trace:", i, "- mark is:", ke.get_mark()
fd= open("output.csv", "w")
for f in ke.get_differential():
fd.write(str(f)+"\n")
fd.close()
def main(): # Start timer start_time = time.time() # Preparing output directory OUTDIR= outdir() if not path.isdir( OUTDIR ): print "WARNING: Output directory "+OUTDIR+ " does not exist: creating it !!" mkdir(OUTDIR) # Checking consistency of <N> and <ORDER> if N>1 and ORDER != "randomized": print "ERROR: You choose multiple analyses (N="+str(N)+") but ORDER is different of \"randomized\" !!" sys.exit(1) for n in range(N): # Choose whether or not we are local or distant if DB_or_FS: tdb= traces_database(TABLE) else: tdb= traces_filesystem(DIRECTORY) # Some variables fullkey= None subkeys= None stability= 0 iteration= 0 # Build name and opening file log logfile= OUTDIR+"/output_#"+str(n)+".txt" fd= open( logfile, 'w' ) def out( s ): # Multiply outputs fd.write(s+"\n") fd.flush() print s out( "# Table: " + TABLE ) out( "# Stability threshold: " + str(STABILITY_THRESHOLD) ) out( "# Iteration threshold: " + str(ITERATION_THRESHOLD) ) out( "#" ) out( "# Columns: Iteration Stability Subkey0 ... Subkey7" ) # Create DES breaker object brk= des_breaker() # Searchs for the key while fullkey == None: msg, crypt, trace= tdb.get_trace() if not msg: # At the end of the database print "WARNING: All files used, key undisclosed !!" sys.exit(1) if msg != 'err': wave= dsp( trace ) brk.process(msg, wave) iteration+= 1 text= str(iteration).rjust(4) + " " # When enough iterations, trying to guess subkeys if iteration >= ITERATION_THRESHOLD: # Computing new subkeys and stability mark loc_subkeys= brk.get_subkeys() if loc_subkeys == subkeys: stability+= 1 else: subkeys= loc_subkeys stability= 0 # Gathering some informations text+= str(stability).rjust(3) for sbox in range(8): if sbox in SB_LST: text+= " " + str( subkeys[ SB_LST.index(sbox) ] ).rjust(2) else: text+= " ".rjust(2) # If subkeys have been stable for long enough, try to guess the full key if stability >= STABILITY_THRESHOLD: if len( SB_LST ) == 8: # Attack on all SBox fullkey= brk.get_key(msg, crypt) else: fullkey="All attacked subkeys disclosed" for sbox in SB_LST: if subkeys[sbox] != SK_R1[sbox]: fullkey=None # Flushing output out( text ) # End of Attack out( "# Key: " + str(fullkey) + "\n" ) print "# Execution time: ", time.time() - start_time fd.close() sys.exit(1)
def main():
# Checks consistency of <N> and <ORDER>
if N>1 and ORDER != "randomized":
print "ERROR: You choose multiple analyses (N="+str(N)+") but ORDER is different of \"randomized\" !!"
sys.exit(1)
# Prepares output directory
OUTDIR= outdir()
if not path.isdir( OUTDIR ):
print "WARNING: Output directory "+OUTDIR+ " does not exist: creating it !!"
mkdir(OUTDIR)
# Runs <N> analyses
for n in range(N):
# Chooses whether or not we are local or distant
if DB_or_FS:
tdb= traces_database(TABLE)
else:
tdb= traces_filesystem(DIRECTORY)
# Builds name and opens file log
logfile= OUTDIR + '/' + str( id(tdb) ) + time.strftime("_%Y_%b_%d_%H:%M:%S") + "_key_info_#" + str(n) + ".txt"
fd= open( logfile, 'w' )
def out( s ): # Multiple outputs
fd.write(s+"\n")
fd.flush()
print s
# Displays some informations
out( "# Table: " + TABLE )
out( "# Stability threshold: " + str(STABILITY_THRESHOLD) )
out( "# Iteration threshold: " + str(ITERATION_THRESHOLD) )
out( "#" )
out( "# Columns: Iteration Stability Subkey0 ... Subkey7" )
# Searches for the key
fullkey= None
sk_lst= [] # List of disclosed key_sbox couples
while fullkey == None:
# Searches for one subkey
iteration= 0
prev_subkeys= {} # Dictionnary to store subkeys of previous step
stability= {} # Dictionnary to store stability and each undisclosed sboxes
brk= des_breaker12( list(sk_lst) ) # Creates DES breaker object
new_sb= False # No new subkey disclosed
while not new_sb:
msg, crypt, trace= tdb.get_trace()
if not msg: # At the end of the database
print "WARNING: All files used, key undisclosed !!"
sys.exit(1)
wave= dsp( trace ) # Passes trace to DSP
brk.process(msg, wave) # Passes trace to DES breaker
iteration+= 1
text= str(iteration).rjust(4) + " "
# When enough iterations, tries to guess subkeys
if iteration >= ITERATION_THRESHOLD:
# Computes new subkeys
cur_subkeys= brk.get_subkeys() # Returns (sbox, key)
# Computes stability mark...
for s,k in cur_subkeys:
if s not in map( lambda sk: sk[0], sk_lst ): # ...for undisclosed subkeys
if k == prev_subkeys.get( s, None ):
stability[s]= ( k, stability.get( s, [0,0] )[1] + 1 ) # stability= { sbox:( key, stability ) }
else:
stability[s]= ( k, 0 )
prev_subkeys[s]= k
# Gathers some informations
max_stab= max( map( lambda k_s: k_s[1], stability.values() ) )
text+= str( max_stab ).rjust(3)
for sbox in range(8):
if sbox in SB_LST:
text+= " " + str( cur_subkeys[ SB_LST.index(sbox) ][1] ).rjust(2)
else:
text+= " ".rjust(2)
out( text )
# Checks if one subkey has been stable for long enough
for sbox, key_stab in stability.items():
if key_stab[1] == STABILITY_THRESHOLD:
new_sb= True
sk_lst.append( [ sbox, key_stab[0] ] ) # Saves info on new disclosed subkey
out( "SBox #" + str(sbox) + " disclosed (" + str( key_stab[0] ) + ") - MTD= " + str(iteration) )
# If all subkey disclosed, tries to guess the full key
if len( sk_lst ) == 8: # Attack on all SBox
full_sk= list (sk_lst ) # Hard copy of sk_lst
full_sk.sort( reverse=False, key=itemgetter(0) ) # Sorts subkeys by increasing sbox
full_subkeys= map( lambda s_k: s_k[1], full_sk)
fullkey= brk.get_key(msg, crypt, full_subkeys )
elif len( sk_lst ) == len( SB_LST ):
fullkey="All attacked sbox stable"
# @note we do no longer check the full key as error may have occur later
#for sbox in SB_LST:
# if subkeys[sbox] != SK_R1[sbox]:
# fullkey=None
# Prepares next run
tdb.rollback() # Rolls back database
del brk
# Outputs value of full key
out( "# Key: " + str(fullkey) + "\n" )
# Prepares next analysis (if any)
del tdb
fd.close()
def process(self, msg, trace): """ Process the given trace for the given message. Updates the best key (instance member) """ # Computing differential traces and the best key at that point # (i.e. given the number of traces consumed from the database so far) for fv, nke in self.__n_key_estimators: nke.process( msg, trace ) self.__best_key= None def get_keys(self): "Return the keys sorted by best candidates" keys_marks= [] if self.__best_key == None: for fv, nke in self.__n_key_estimators: keys_marks.append( list( [fv, nke.get_mark()] ) ) keys_marks.sort( reverse=True, key=itemgetter(1) ) # Sort by sbox return map( lambda km: km[0], keys_marks ) if __name__ == "__main__": sb= n_sbox_breaker( [ [0,56], [1,None] ] ) # Here, subkey #0 is known, we look for subkey #1 tdb= traces_database(TABLE) for i in range(100): msg, crypt, trace= tdb.get_trace() sb.process(msg, trace) best_keys= sb.get_keys() print "Processed trace:", i, " - Best key is:", best_keys[0], " - True key is at position: ", best_keys.index( [ [0,56], [1,11] ] )
# Modules only for test
from traces_database import traces_database
def dsp( wave ):
#Limiting number of samples
trace= wave[BEGIN_T:END_T]
# Pre-processing
if DSP == "kurtosis":
trace= k4( 100, trace )
elif DSP == "RMS":
sum = 0.
n = 0.
for sample in trace:
sum += sample ** 2
n += 1
trace= [ sqrt( sum / n ) ] # @note "trace" should remain a list for other classes
return trace
if __name__ == "__main__":
tdb= traces_database(TABLE) # Open database
msg, crypt, data= tdb.get_trace() # Reads one trace
wave= dsp( data ) # Read one trace and apply pre-processing
# @note Change "constant.py" to modify DSP
fd= open("trace.csv",'w')
for sample in wave:
fd.write( str(sample)+'\n' )
fd.close()
def main(): tdb= traces_database( __TABLE__ ) brk= des_breaker() # Some variables fullkey= None subkeys= None stability= 0 iteration= 0 fd= open(__OUTPUT_FILE__(), "w") # Multiply outputs def out( s ): fd.write(s+"\n") print s out( "# Table: " + __TABLE__ ) out( "# Stability threshold: " + str(__STABILITY_THRESHOLD__) ) out( "# Iteration threshold: " + str(__ITERATION_THRESHOLD__) ) out( "#" ) out( "# Columns: Iteration Stability Subkey0 ... Subkey7" ) # Searching for the key out( "Recherche de 48 bits de cle par analyse du premier tour" ) while fullkey == None: msg, crypt, trace= tdb.get_trace() brk.process(msg, trace) iteration+= 1 text= str(iteration).rjust(4) + " " # When enough iterations, trying to guess subkeys if iteration >= __ITERATION_THRESHOLD__: # Computing new subkeys and stability mark loc_subkeys= brk.get_subkeys() if loc_subkeys == subkeys: stability+= 1 else: subkeys= loc_subkeys stability= 0 # Gathering some informations text+= str(stability).rjust(3) for sk in subkeys: text+= " " + str(sk).rjust(2) # If subkeys have been stable for long enough, try to guess the full key if stability >= __STABILITY_THRESHOLD__: # fullkey= brk.get_key(msg, crypt) break # Flushing output out( text ) second_round_begin= iteration subkeys2= None out( "Recherche des 8 derniers bits par analyse du second tour" ) brk.__begin_second_round__() while fullkey == None: msg, crypt, trace= tdb.get_trace() brk.process2(msg, trace) iteration+= 1 text= str(iteration).rjust(4) + " " if iteration >= second_round_begin + __ITERATION_THRESHOLD__: # When enough iterations, trying to guess subkeys # Computing new subkeys and stability mark loc_subkeys= brk.get_subkeys2() if loc_subkeys == subkeys2: stability+= 1 else: subkeys2= loc_subkeys stability= 0 # Gathering some informations text+= str(stability).rjust(3) text+= " " + str(subkeys2[0]).rjust(2) text+= " " + str(subkeys2[1]).rjust(2) text+= " " + str(subkeys2[2]).rjust(2) text+= " " + str(0).rjust(2) text+= " " + str(subkeys2[3]).rjust(2) text+= " " + str(0).rjust(2) text+= " " + str(subkeys2[4]).rjust(2) text+= " " + str(subkeys2[5]).rjust(2) # If subkeys have been stable for long enough, try to guess the full key if stability >= __STABILITY_THRESHOLD__: break # Flushing output out( text ) # End of Attack fullkey= brk.recover_full_key(subkeys, subkeys2) out( "# Key: " + str(fullkey) + "\n" ) fd.close()
