class UserScript(UserScriptBase): _name = "CPA attack with noise" _description = "Simple example of attack script using CPA Progressive and random noise" def __init__(self, api): UserScriptBase.__init__(self, api) self.initProject() self.initPreprocessing() self.initAnalysis() self.initReporting() def initProject(self): pass def initPreprocessing(self): ppMod0 = preprocessing.add_noise_random.AddNoiseRandom( self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxNoise(0.005000) ppMod0.init() self.traces = ppMod0 def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm( CPAProgressive, chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit, chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit. LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys( [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3000)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults( "Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource( self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): self.attack.processTraces()
class Attack(UserScriptBase): _name = "DES-CPA Attack Analyzer Script" def initPreprocessing(self): self.traces = self.api.project().traceManager() def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm( chipwhisperer.analyzer.attacks.cpa_algorithms.progressive. CPAProgressive, chipwhisperer.analyzer.attacks.models.DES.DES, chipwhisperer.analyzer.attacks.models.DES.DES. LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults( "Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource( self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_descpa.cwp") self.initPreprocessing() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
class UserScript(UserScriptBase): _name = "CPA attack with noise" _description = "Simple example of attack script using CPA Progressive and random noise" def __init__(self, api): UserScriptBase.__init__(self, api) self.initProject() self.initPreprocessing() self.initAnalysis() self.initReporting() def initProject(self): pass def initPreprocessing(self): ppMod0 = preprocessing.add_noise_random.AddNoiseRandom(self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxNoise(0.005000) ppMod0.init() self.traces = ppMod0 def initAnalysis(self): self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.AES128_8bit( chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND ) self.attack.setAnalysisAlgorithm(CPAProgressive, leakage_object) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3000)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): self.attack.processTraces()
class Attack(UserScriptBase): _name = "DES-CPA Attack Analyzer Script" def initPreprocessing(self): self.traces = self.api.project().traceManager() def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() leakage_object = chipwhisperer.analyzer.attacks.models.DES.DES(chipwhisperer.analyzer.attacks.models.DES.SBox_output) self.attack.setAnalysisAlgorithm(chipwhisperer.analyzer.attacks.cpa_algorithms.progressive.CPAProgressive, leakage_object) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(100) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 3499)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_descpa.cwp") self.initPreprocessing() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
class Attack(UserScriptBase): _name = "CPA" _description = "Simple example of attack script using CPA" def __init__(self, api): UserScriptBase.__init__(self, api) self.initProject() self.initPreprocessing() self.initAnalysis() self.initReporting() def initProject(self): self.api.openProject(".\AES_8000t.cwp") def initPreprocessing(self): self.traces = self.api.project().traceManager() def initAnalysis(self): self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HD_LASTROUND_STATE) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(8000) self.attack.setIterations(1) self.attack.setReportingInterval(100) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0,396)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.setParameter(['Results', 'Save to Files', 'Save Raw Results', True]) self.api.setParameter(['Results', 'Save to Files', 'Save type', 'correlation']) #self.api.setParameter(['Results', 'PGE vs Trace Plot', 'Copy PGE Data to Clipboard', None]) def run(self): self.attack.processTraces()
class Attack(UserScriptBase): _name = "CPA Attack Analyzer Script" def initPreprocessing(self): # Add amplitude noise and jitter to the original traces ppMod0 = preprocessing.add_noise_jitter.AddNoiseJitter( self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxJitter(2) ppMod0.init() ppMod1 = preprocessing.add_noise_random.AddNoiseRandom(ppMod0) ppMod1.setEnabled(False) ppMod1.setMaxNoise(0.005000) ppMod1.init() self.traces = ppMod1 def initPreprocessing2(self): # Resync using SAD (to fix the jitter) and applies decimation (because we want to test this feature :) ppMod0 = preprocessing.resync_sad.ResyncSAD( self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setReference(rtraceno=0, refpoints=(90, 100), inputwindow=(70, 120)) ppMod0.init() ppMod1 = preprocessing.decimation_fixed.DecimationFixed(ppMod0) ppMod1.setEnabled(True) ppMod1.setDecimationFactor(2) ppMod1.init() self.traces = ppMod1 def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm( CPAProgressive, chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit, chipwhisperer.analyzer.attacks.models.AES128_8bit.AES128_8bit. LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetSubkeys( [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 2999)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults( "Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource( self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_cpa.cwp") self.initPreprocessing() # In order to increase test coverage, we will save the trace with noise to the trace manager self.api.getResults("Trace Recorder").setTraceSource(self.traces) self.api.setParameter([ 'Results', 'Trace Recorder', 'Trace Format', 'ChipWhisperer/Native' ]) self.api.setParameter( ['Results', 'Trace Recorder', 'Trace Range', (0, 49)]) self.api.setParameter( ['Results', 'Trace Recorder', 'Point Range', (0, 2999)]) self.api.setParameter(['Results', 'Trace Recorder', 'Save', None]) # Deselect the original traces and select this new one self.api.project().traceManager().setTraceSegmentStatus(0, False) self.api.project().traceManager().setTraceSegmentStatus(1, True) self.api.saveProject() # Fix the traces self.initPreprocessing2() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()
import chipwhisperer as cw from chipwhisperer.analyzer.attacks.cpa import CPA from chipwhisperer.analyzer.attacks.cpa_algorithms.progressive import CPAProgressive from chipwhisperer.analyzer.attacks.models.AES128_8bit import * from chipwhisperer.analyzer.preprocessing.add_noise_random import AddNoiseRandom traces = self.project.traceManager() attack = CPA() leak_model = AES128_8bit(InvSBox_output) # inv sbox works on T-Box Decryption as well attack.setAnalysisAlgorithm(CPAProgressive, leak_model) #attack.setTraceSource(traces) attack.setTraceSource(self.ppmod[0]) attack.setTraceStart(0) attack.setTracesPerAttack(-1) attack.setIterations(1) attack.setReportingInterval(10) attack.setTargetSubkeys([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) attack.setPointRange((48000,50400)) # attack last round which occurs 1st, for decryption self.results_table.setAnalysisSource(attack) self.correlation_plot.setAnalysisSource(attack) self.output_plot.setAnalysisSource(attack) self.pge_plot.setAnalysisSource(attack) attack.processTraces()
class Attack(UserScriptBase): _name = "CPA Attack Analyzer Script" def initPreprocessing(self): # Add amplitude noise and jitter to the original traces ppMod0 = preprocessing.AddNoiseJitter.AddNoiseJitter(self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setMaxJitter(2) ppMod0.init() ppMod1 = preprocessing.AddNoiseRandom.AddNoiseRandom(ppMod0) ppMod1.setEnabled(False) ppMod1.setMaxNoise(0.005000) ppMod1.init() self.traces = ppMod1 def initPreprocessing2(self): # Resync using SAD (to fix the jitter) and applies decimation (because we want to test this feature :) ppMod0 = preprocessing.ResyncSAD.ResyncSAD(self.api.project().traceManager()) ppMod0.setEnabled(True) ppMod0.setReference(rtraceno=0, refpoints=(90,100), inputwindow=(70,120)) ppMod0.init() ppMod1 = preprocessing.DecimationFixed.DecimationFixed(ppMod0) ppMod1.setEnabled(True) ppMod1.setDecimationFactor(2) ppMod1.init() self.traces = ppMod1 def initAnalysis(self): # Setup the CPA algorith self.attack = CPA() self.attack.setAnalysisAlgorithm(CPAProgressive,chipwhisperer.analyzer.attacks.models.AES128_8bit,chipwhisperer.analyzer.attacks.models.AES128_8bit.LEAK_HW_SBOXOUT_FIRSTROUND) self.attack.setTraceStart(0) self.attack.setTracesPerAttack(50) self.attack.setIterations(1) self.attack.setReportingInterval(10) self.attack.setTargetBytes([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]) self.attack.setTraceSource(self.traces) self.attack.setPointRange((0, 2999)) def initReporting(self): # Configures the attack observers (usually a set of GUI widgets) self.api.getResults("Attack Settings").setAnalysisSource(self.attack) self.api.getResults("Correlation vs Traces in Attack").setAnalysisSource(self.attack) self.api.getResults("Output vs Point Plot").setAnalysisSource(self.attack) self.api.getResults("PGE vs Trace Plot").setAnalysisSource(self.attack) self.api.getResults("Results Table").setAnalysisSource(self.attack) self.api.getResults("Save to Files").setAnalysisSource(self.attack) self.api.getResults("Trace Output Plot").setTraceSource(self.traces) self.api.getResults("Trace Recorder").setTraceSource(self.traces) def run(self): # This is what the API will execute self.api.openProject("projects/tut_cpa.cwp") self.initPreprocessing() # In order to increase test coverage, we will save the trace with noise to the trace manager self.api.getResults("Trace Recorder").setTraceSource(self.traces) self.api.setParameter(['Results', 'Trace Recorder', 'Trace Format', 'ChipWhisperer/Native']) self.api.setParameter(['Results', 'Trace Recorder', 'Trace Range', (0, 49)]) self.api.setParameter(['Results', 'Trace Recorder', 'Point Range', (0, 2999)]) self.api.setParameter(['Results', 'Trace Recorder', 'Save', None]) # Deselect the original traces and select this new one self.api.project().traceManager().setTraceSegmentStatus(0, False) self.api.project().traceManager().setTraceSegmentStatus(1, True) self.api.saveProject() # Fix the traces self.initPreprocessing2() # Setup the analysis, widgets, and do the attack self.initAnalysis() self.initReporting() self.attack.processTraces() # Delete all pending scripts executions (that are observing the api be available again), # otherwise the current setup would be overridden self.api.executingScripts.disconnectAll()