def initAnalysis(self):
self.attack = CPA()
self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0,3000))
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
leakage_object = chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit(
chipwhisperer.analyzer.attacks.models.AES128_8bit.SBox_output)
self.attack.setAnalysisAlgorithm(CPAProgressive, leakage_object)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys(
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 2999))
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
self.attack.setAnalysisAlgorithm(
chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.
CPAProgressive, chipwhisperer.analyzer.attacks.models.DES.DES,
chipwhisperer.analyzer.attacks.models.DES.DES.
LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(100)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 3499))
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES(
chipwhisperer.analyzer.attacks.models.DES.SBox_output)
self.attack.setAnalysisAlgorithm(
chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.
CPAProgressive, leakage_object)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(100)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 3499))
def initAnalysis(self):
self.attack = CPA()
self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0,3000))
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
leakage_object = chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit(chipwhisperer.analyzer.attacks.models.AES128_8bit.SBox_output)
self.attack.setAnalysisAlgorithm(CPAProgressive,leakage_object)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 2999))
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES(chipwhisperer.analyzer.attacks.models.DES.SBox_output)
self.attack.setAnalysisAlgorithm(chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.CPAProgressive, leakage_object)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(100)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 3499))
class Attack(UserScriptBase):
_name = "DES-CPA Attack Analyzer Script"
def initPreprocessing(self):
self.traces = self.api.project().traceManager()
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
self.attack.setAnalysisAlgorithm(
chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.
CPAProgressive, chipwhisperer.analyzer.attacks.models.DES.DES,
chipwhisperer.analyzer.attacks.models.DES.DES.
LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(100)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 3499))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.getResults("Attack Settings").setAnalysisSource(self.attack)
self.api.getResults(
"Correlation vs Traces in Attack").setAnalysisSource(self.attack)
self.api.getResults("Output vs Point Plot").setAnalysisSource(
self.attack)
self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack)
self.api.getResults("Results Table").setAnalysisSource(self.attack)
self.api.getResults("Save to Files").setAnalysisSource(self.attack)
self.api.getResults("Trace Output Plot").setTraceSource(self.traces)
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
def run(self):
# This is what the API will execute
self.api.openProject("projects/tut_descpa.cwp")
self.initPreprocessing()
# Setup the analysis, widgets, and do the attack
self.initAnalysis()
self.initReporting()
self.attack.processTraces()
# Delete all pending scripts executions (that are observing the api be available again),
# otherwise the current setup would be overridden
self.api.executingScripts.disconnectAll()
class Attack(UserScriptBase):
_name = "CPA Attack Analyzer Script"
def initPreprocessing(self):
# Add amplitude noise and jitter to the original traces
ppMod0 = preprocessing.add_noise_jitter.AddNoiseJitter(
self.api.project().traceManager())
ppMod0.setEnabled(True)
ppMod0.setMaxJitter(2)
ppMod0.init()
ppMod1 = preprocessing.add_noise_random.AddNoiseRandom(ppMod0)
ppMod1.setEnabled(False)
ppMod1.setMaxNoise(0.005000)
ppMod1.init()
self.traces = ppMod1
def initPreprocessing2(self):
# Resync using SAD (to fix the jitter) and applies decimation (because we want to test this feature :)
ppMod0 = preprocessing.resync_sad.ResyncSAD(
self.api.project().traceManager())
ppMod0.setEnabled(True)
ppMod0.setReference(rtraceno=0,
refpoints=(90, 100),
inputwindow=(70, 120))
ppMod0.init()
ppMod1 = preprocessing.decimation_fixed.DecimationFixed(ppMod0)
ppMod1.setEnabled(True)
ppMod1.setDecimationFactor(2)
ppMod1.init()
self.traces = ppMod1
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
self.attack.setAnalysisAlgorithm(
CPAProgressive,
chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit,
chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit.
LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys(
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 2999))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.getResults("Attack Settings").setAnalysisSource(self.attack)
self.api.getResults(
"Correlation vs Traces in Attack").setAnalysisSource(self.attack)
self.api.getResults("Output vs Point Plot").setAnalysisSource(
self.attack)
self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack)
self.api.getResults("Results Table").setAnalysisSource(self.attack)
self.api.getResults("Save to Files").setAnalysisSource(self.attack)
self.api.getResults("Trace Output Plot").setTraceSource(self.traces)
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
def run(self):
# This is what the API will execute
self.api.openProject("projects/tut_cpa.cwp")
self.initPreprocessing()
# In order to increase test coverage, we will save the trace with noise to the trace manager
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
self.api.setParameter([
'Results', 'Trace Recorder', 'Trace Format', 'ChipWhisperer/Native'
])
self.api.setParameter(
['Results', 'Trace Recorder', 'Trace Range', (0, 49)])
self.api.setParameter(
['Results', 'Trace Recorder', 'Point Range', (0, 2999)])
self.api.setParameter(['Results', 'Trace Recorder', 'Save', None])
# Deselect the original traces and select this new one
self.api.project().traceManager().setTraceSegmentStatus(0, False)
self.api.project().traceManager().setTraceSegmentStatus(1, True)
self.api.saveProject()
# Fix the traces
self.initPreprocessing2()
# Setup the analysis, widgets, and do the attack
self.initAnalysis()
self.initReporting()
self.attack.processTraces()
# Delete all pending scripts executions (that are observing the api be available again),
# otherwise the current setup would be overridden
self.api.executingScripts.disconnectAll()
class UserScript(UserScriptBase):
_name = "CPA attack with noise"
_description = "Simple example of attack script using CPA Progressive and random noise"
def __init__(self, api):
UserScriptBase.__init__(self, api)
self.initProject()
self.initPreprocessing()
self.initAnalysis()
self.initReporting()
def initProject(self):
pass
def initPreprocessing(self):
ppMod0 = preprocessing.add_noise_random.AddNoiseRandom(self.api.project().traceManager())
ppMod0.setEnabled(True)
ppMod0.setMaxNoise(0.005000)
ppMod0.init()
self.traces = ppMod0
def initAnalysis(self):
self.attack = CPA()
self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0,3000))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.getResults("Attack Settings").setAnalysisSource(self.attack)
self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack)
self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack)
self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack)
self.api.getResults("Results Table").setAnalysisSource(self.attack)
self.api.getResults("Save to Files").setAnalysisSource(self.attack)
self.api.getResults("Trace Output Plot").setTraceSource(self.traces)
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
def run(self):
self.attack.processTraces()
import chipwhisperer as cw from chipwhisperer.analyzer.attacks.cpa import CPA from chipwhisperer.analyzer.attacks.cpa_algorithms.progressive import CPAProgressive from chipwhisperer.analyzer.attacks.models.AES128_8bit import * from chipwhisperer.analyzer.preprocessing.add_noise_random import AddNoiseRandom traces = self.project.traceManager() attack = CPA() leak_model = AES128_8bit(InvSBox_output) # inv sbox works on T-Box Decryption as well attack.setAnalysisAlgorithm(CPAProgressive, leak_model) #attack.setTraceSource(traces) attack.setTraceSource(self.ppmod[0]) attack.setTraceStart(0) attack.setTracesPerAttack(-1) attack.setIterations(1) attack.setReportingInterval(10) attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) attack.setPointRange((48000,50400)) # attack last round which occurs 1st, for decryption self.results_table.setAnalysisSource(attack) self.correlation_plot.setAnalysisSource(attack) self.output_plot.setAnalysisSource(attack) self.pge_plot.setAnalysisSource(attack) attack.processTraces()
class Attack(UserScriptBase):
_name = "DES-CPA Attack Analyzer Script"
def initPreprocessing(self):
self.traces = self.api.project().traceManager()
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES(chipwhisperer.analyzer.attacks.models.DES.SBox_output)
self.attack.setAnalysisAlgorithm(chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.CPAProgressive, leakage_object)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(100)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 3499))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.getResults("Attack Settings").setAnalysisSource(self.attack)
self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack)
self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack)
self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack)
self.api.getResults("Results Table").setAnalysisSource(self.attack)
self.api.getResults("Save to Files").setAnalysisSource(self.attack)
self.api.getResults("Trace Output Plot").setTraceSource(self.traces)
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
def run(self):
# This is what the API will execute
self.api.openProject("projects/tut_descpa.cwp")
self.initPreprocessing()
# Setup the analysis, widgets, and do the attack
self.initAnalysis()
self.initReporting()
self.attack.processTraces()
# Delete all pending scripts executions (that are observing the api be available again),
# otherwise the current setup would be overridden
self.api.executingScripts.disconnectAll()
class Attack(UserScriptBase):
_name = "CPA Attack Analyzer Script"
def initPreprocessing(self):
# Add amplitude noise and jitter to the original traces
ppMod0 = preprocessing.AddNoiseJitter.AddNoiseJitter(self.api.project().traceManager())
ppMod0.setEnabled(True)
ppMod0.setMaxJitter(2)
ppMod0.init()
ppMod1 = preprocessing.AddNoiseRandom.AddNoiseRandom(ppMod0)
ppMod1.setEnabled(False)
ppMod1.setMaxNoise(0.005000)
ppMod1.init()
self.traces = ppMod1
def initPreprocessing2(self):
# Resync using SAD (to fix the jitter) and applies decimation (because we want to test this feature :)
ppMod0 = preprocessing.ResyncSAD.ResyncSAD(self.api.project().traceManager())
ppMod0.setEnabled(True)
ppMod0.setReference(rtraceno=0, refpoints=(90,100), inputwindow=(70,120))
ppMod0.init()
ppMod1 = preprocessing.DecimationFixed.DecimationFixed(ppMod0)
ppMod1.setEnabled(True)
ppMod1.setDecimationFactor(2)
ppMod1.init()
self.traces = ppMod1
def initAnalysis(self):
# Setup the CPA algorith
self.attack = CPA()
self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0, 2999))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.getResults("Attack Settings").setAnalysisSource(self.attack)
self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack)
self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack)
self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack)
self.api.getResults("Results Table").setAnalysisSource(self.attack)
self.api.getResults("Save to Files").setAnalysisSource(self.attack)
self.api.getResults("Trace Output Plot").setTraceSource(self.traces)
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
def run(self):
# This is what the API will execute
self.api.openProject("projects/tut_cpa.cwp")
self.initPreprocessing()
# In order to increase test coverage, we will save the trace with noise to the trace manager
self.api.getResults("Trace Recorder").setTraceSource(self.traces)
self.api.setParameter(['Results', 'Trace Recorder', 'Trace Format', 'ChipWhisperer/Native'])
self.api.setParameter(['Results', 'Trace Recorder', 'Trace Range', (0, 49)])
self.api.setParameter(['Results', 'Trace Recorder', 'Point Range', (0, 2999)])
self.api.setParameter(['Results', 'Trace Recorder', 'Save', None])
# Deselect the original traces and select this new one
self.api.project().traceManager().setTraceSegmentStatus(0, False)
self.api.project().traceManager().setTraceSegmentStatus(1, True)
self.api.saveProject()
# Fix the traces
self.initPreprocessing2()
# Setup the analysis, widgets, and do the attack
self.initAnalysis()
self.initReporting()
self.attack.processTraces()
# Delete all pending scripts executions (that are observing the api be available again),
# otherwise the current setup would be overridden
self.api.executingScripts.disconnectAll()
"""CPA attack script.
Assumes that a project with XMEGA software DES traces is already open.
"""
import chipwhisperer as cw
from chipwhisperer.analyzer.attacks.cpa import CPA
from chipwhisperer.analyzer.attacks.cpa_algorithms.progressive import CPAProgressive
from chipwhisperer.analyzer.attacks.models.DES import DES, SBox_output
#self.project = cw.openProject("2017-mar23-xmega-des.cwp")
traces = self.project.traceManager()
attack = CPA()
leak_model = DES(SBox_output)
attack.setAnalysisAlgorithm(CPAProgressive, leak_model)
attack.setTraceSource(traces)
attack.setTraceStart(0)
attack.setTracesPerAttack(-1)
attack.setIterations(1)
attack.setReportingInterval(10)
attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7])
attack.setPointRange((0, -1))
self.results_table.setAnalysisSource(attack)
self.correlation_plot.setAnalysisSource(attack)
self.output_plot.setAnalysisSource(attack)
self.pge_plot.setAnalysisSource(attack)
attack.processTraces()
class UserScript(UserScriptBase):
_name = "CPA with noise"
_description = "Simple example of attack script using CPA Progressive and random noise"
def __init__(self, api):
UserScriptBase.__init__(self, api)
self.initProject()
self.initPreprocessing()
self.initAnalysis()
self.initReporting()
def initProject(self):
pass
def initPreprocessing(self):
ppMod0 = preprocessing.AddNoiseRandom.AddNoiseRandom(None, self.api.project().traceManager())
ppMod0.setEnabled(True)
ppMod0.setMaxNoise(0.005000)
ppMod0.init()
self.traces = ppMod0
def initAnalysis(self):
self.attack = CPA()
self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(50)
self.attack.setIterations(1)
self.attack.setReportingInterval(10)
self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0,3000))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.resultWidgets["Correlation vs Traces in Attack"].setAnalysisSource(self.attack)
self.api.resultWidgets["Knownkey Source"].setAnalysisSource(self.attack)
self.api.resultWidgets["Output vs Point Plot"].setAnalysisSource(self.attack)
self.api.resultWidgets["PGE vs Trace Plot"].setAnalysisSource(self.attack)
self.api.resultWidgets["Results Table"].setAnalysisSource(self.attack)
self.api.resultWidgets["Save to Files"].setAnalysisSource(self.attack)
self.api.resultWidgets["Trace Output Plot"].setTraceSource(self.traces)
def run(self):
self.attack.processTraces()
class Attack(UserScriptBase):
_name = "CPA"
_description = "Simple example of attack script using CPA"
def __init__(self, api):
UserScriptBase.__init__(self, api)
self.initProject()
self.initPreprocessing()
self.initAnalysis()
self.initReporting()
def initProject(self):
self.api.openProject(".\AES_8000t.cwp")
def initPreprocessing(self):
self.traces = self.api.project().traceManager()
def initAnalysis(self):
self.attack = CPA()
self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HD_LASTROUND_STATE)
self.attack.setTraceStart(0)
self.attack.setTracesPerAttack(8000)
self.attack.setIterations(1)
self.attack.setReportingInterval(100)
self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
self.attack.setTraceSource(self.traces)
self.attack.setPointRange((0,396))
def initReporting(self):
# Configures the attack observers (usually a set of GUI widgets)
self.api.getResults("Attack Settings").setAnalysisSource(self.attack)
self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack)
self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack)
self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack)
self.api.getResults("Results Table").setAnalysisSource(self.attack)
self.api.getResults("Save to Files").setAnalysisSource(self.attack)
self.api.getResults("Trace Output Plot").setTraceSource(self.traces)
self.api.setParameter(['Results', 'Save to Files', 'Save Raw Results', True])
self.api.setParameter(['Results', 'Save to Files', 'Save type', 'correlation'])
#self.api.setParameter(['Results', 'PGE vs Trace Plot', 'Copy PGE Data to Clipboard', None])
def run(self):
self.attack.processTraces()