|
|
(5 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | {{Warningbox|This tutorial has been updated for ChipWhisperer 4.0.0 release. If you are using 3.x.x see the "V3" link in the sidebar.}} | + | {{Warningbox|This tutorial has been updated for ChipWhisperer 5 release. If you are using 4.x.x or 3.x.x see the "V4" or "V3" link in the sidebar.}} |
| | | |
| {{Infobox tutorial | | {{Infobox tutorial |
Line 8: |
Line 8: |
| |capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro | | |capture hardware = CW-Lite, CW-Lite 2-Part, CW-Pro |
| |Target Device = | | |Target Device = |
− | |Target Architecture = XMEGA/ARM | + | |Target Architecture = XMEGA/ARM/Other |
| |Hardware Crypto = No | | |Hardware Crypto = No |
| |Purchase Hardware = | | |Purchase Hardware = |
| }} | | }} |
| + | <!-- To edit this, edit Template:Tutorial_boilerplate --> |
| + | {{Tutorial boilerplate}} |
| | | |
| + | * Jupyter file: '''PA_Intro_1-Firmware_Build_Setup.ipynb''' |
| | | |
− | This tutorial will introduce you to the 'simpleserial' communications system. It will show you how to perform different operations on data based on input from the ChipWhisperer software. This can be used for building your own system which you wish to 'break'.
| + | == XMEGA Target == |
| | | |
− | For users of the ChipWhisperer Lite with ARM target, you'll want to ensure you have the latest updates to the ChipWhisperer platform. This can be done by using the ChipWhisperer Git Update program, or by using git to checkout the develop branch and pulling any updates.
| + | See the following for using: |
| + | * ChipWhisperer-Lite Classic (XMEGA) |
| + | * ChipWhisperer-Lite Capture + XMEGA Target on UFO Board (including NAE-SCAPACK-L1/L2 users) |
| + | * ChipWhisperer-Pro + XMEGA Target on UFO Board |
| | | |
− | {{TOC|limit=3}}
| + | https://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_intro_1-openadc-cwlitexmega.html#tutorial-pa-intro-1-openadc-cwlitexmega |
| | | |
− | <h2> What is SimpleSerial </h2>
| + | == ChipWhisperer-Lite ARM / STM32F3 Target == |
| | | |
− | [[SimpleSerial]] is the communications protocol used for almost all of the ChipWhisperer demo project. It's a very basic serial protocol which can be easily implemented on most systems. This system communicates using a standard asyncronous serial protocol, 38400 baud, 8-N-1.
| + | See the following for using: |
| + | * ChipWhisperer-Lite 32-bit (STM32F3 Target) |
| + | * ChipWhisperer-Lite Capture + STM32F3 Target on UFO Board (including NAE-SCAPACK-L1/L2 users) |
| + | * ChipWhisperer-Pro + STM32F3 Target on UFO Board |
| | | |
− | All messages are sent in ASCII-text, and are normally terminated with a line-feed ('\n'). This allows you to interact with the simpleserial system over a standard terminal emulator.
| + | https://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_intro_1-openadc-cwlitearm.html#tutorial-pa-intro-1-openadc-cwlitearm |
| | | |
− | The following message types are defined:
| + | == ChipWhisperer Nano Target == |
| | | |
− | ; <code>x</code>
| + | See the following for using: |
− | : Sending a 'x' resets the buffers. This does not require a line-feed termination. It is suggested to always send a stream of x's to initilize the system in case the device was already in some other mode due to noise/corruption.
| + | * ChipWhisperer-Nano |
− | ; <code>k00112233445566778899AABBCCDDEEFF\\n</code>
| + | |
− | : Loads the encryption key <code>00112233445566778899AABBCCDDEEFF</code> into the system. If not called the system may use some default key. | + | |
− | ; <code>pAABBCCDDEEFF00112233445566778899\\n</code>
| + | |
− | : Encrypts the data <code>AABBCCDDEEFF00112233445566778899</code> with the key loaded with the 'k' command. The system will respond with a string starting with r, as shown next.
| + | |
− | ; <code>rCBBD4A2B34F2571758FF6A797E09859D\\n</code>
| + | |
− | : This is the response from the system. If data has been encrypted with a 'p' for example, the system will respond with the 'r' sequence automatically. So sending the earlier example means the result of the encryption was <code>cbbd4a2b34f2571758ff6a797e09859d</code>.
| + | |
| | | |
− | <h2> Building the Basic Example </h2>
| + | https://chipwhisperer.readthedocs.io/en/latest/tutorials/pa_intro_1-cwnano-cwnano.html#tutorial-pa-intro-1-cwnano-cwnano |
− | <h3> Building For the XMEGA Target </h3>
| + | |
− | | + | |
− | You'll need to have installed avr-gcc and avr-libc. You may have already done this by following the installation guide, or if using the ChipWhisperer-VM it comes prepared with avr-gcc already setup. See the [[Installing_ChipWhisperer]] guide for details.
| + | |
− | | + | |
− | Once you have a working compiler (check by typing 'avr-gcc' at the command line - if using Windows you may need to setup a special batch file to provide you with a avr-gcc command prompt).
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>We want to use the existing SimpleSerial firmware as a base for our project, but we don't want to edit the existing firmware. Instead, we'll make a new project with a copy of this firmware. Copy the directory <code>simpleserial-base</code> which is found at <code>chipwhisperer/hardware/victims/firmware/</code> of the chipwhisperer release to a new directory called <code>simpleserial-base-lab1</code>. You must keep it in the same directory, as it will reference other files within that directory for the build process.</li>
| + | |
− | <li><dl>
| + | |
− | <dt>Open a terminal with avr-gcc in the path. If using Windows the sidebar on the [[Installing_ChipWhisperer]] page - you can either add WinAVR to your system path, or you can run the 'winavr.bat' file suggested.</dt></dl>
| + | |
− | </li>
| + | |
− | <li><p>Change the terminal to the newly copied directory. For example:</p>
| + | |
− | Windows:<pre>cd c:\chipwhisperer\hardware\victims\firmware\simpleserial-base-lab1</pre>
| + | |
− | Linux/macOS:<pre>cd chipwhisperer/hardware/victims/firmware/simpleserial-base-lab1</pre></li>
| + | |
− | <li><p>Then, run <code>make</code> to build the system. Make sure you specify which platform you're using as your target. For example, for the ChipWhisperer Lite target, run</p>
| + | |
− | <pre>make PLATFORM=CW303</pre>
| + | |
− | <p>Which should have the following output:</p>
| + | |
− | <pre>...Bunch of lines removed...
| + | |
− | Creating Extended Listing: simpleserial-base.lss
| + | |
− | avr-objdump -h -S -z simpleserial-base.elf > simpleserial-base.lss
| + | |
− | | + | |
− | Creating Symbol Table: simpleserial-base.sym
| + | |
− | avr-nm -n simpleserial-base.elf > simpleserial-base.sym
| + | |
− | | + | |
− | Size after:
| + | |
− | AVR Memory Usage
| + | |
− | ----------------
| + | |
− | Device: atxmega128d3
| + | |
− | | + | |
− | Program: 1524 bytes (1.1% Full)
| + | |
− | (.text + .data + .bootloader)
| + | |
− | | + | |
− | Data: 224 bytes (2.7% Full)
| + | |
− | (.data + .bss + .noinit)
| + | |
− | | + | |
− | | + | |
− | Built for platform CW-Lite XMEGA
| + | |
− | | + | |
− | -------- end --------</pre></li>
| + | |
− | Ensure that the "Built for platform ___" matches your target device.
| + | |
− | </ol>
| + | |
− | | + | |
− | <h3> Building for the ARM Target </h3>
| + | |
− | You'll need to have installed the GNU Embedded Toolchain for ARM. If you haven't yet, see the [[Installing_ChipWhisperer]] guide, specifically the '''Installing ARM Toolchain''' section, for details.
| + | |
− | | + | |
− | Once you have a working compiler (check by typing 'arm-none-eabi-gcc' at the command line).
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li>We want to use the existing SimpleSerial firmware as a base for our project, but we don't want to edit the existing firmware. Instead, we'll make a new project with a copy of this firmware. Copy the directory <code>simpleserial-base</code> which is found at <code>chipwhisperer/hardware/victims/firmware/</code> of the chipwhisperer release to a new directory called <code>simpleserial-base-lab1</code>. You must keep it in the same directory, as it will reference other files within that directory for the build process.</li>
| + | |
− | <li><dl>
| + | |
− | <dt>Open a terminal with arm-none-eabi-gcc in the path. If using Windows the sidebar on the [[Installing_ChipWhisperer]] page</dt></dl>
| + | |
− | </li>
| + | |
− | <li><p>Change the terminal to the newly copied directory. For example:</p>
| + | |
− | Windows:<pre>cd c:\chipwhisperer\hardware\victims\firmware\simpleserial-base-lab1</pre>
| + | |
− | Linux/macOS:<pre>cd chipwhisperer/hardware/victims/firmware/simpleserial-base-lab1</pre></li>
| + | |
− | <li><p>Then, run <code>make</code> to build the system. Make sure you specify which platform you're using as your target. For example, for the ChipWhisperer Lite target, run</p>
| + | |
− | <pre>make PLATFORM=CWLITEARM CRYPTO_TARGET=TINYAES128C</pre>
| + | |
− | <p>Which should have the following output:</p>
| + | |
− | <pre>...Bunch of lines removed...
| + | |
− | Linking: simpleserial-base-CWLITEARM.elf
| + | |
− | arm-none-eabi-gcc -mcpu=cortex-m4 -I. -mthumb -mfloat-abi=hard -mfpu=fpv4-sp-d16 -fmessage-length=0 -ffunction-sections -gdwarf-2 -DSS_VER=SS_VER_1_1 -DSTM32F303xC -DSTM32F3 -DSTM32 -DDEBUG -DHAL_TYPE=HAL_stm32f3 -DPLATFORM=CWLITEARM -DTINYAES128C -DF_CPU=7372800UL -Os -funsigned-char -funsigned-bitfields -fshort-enums -Wall -Wstrict-prototypes -Wa,-adhlns=objdir/simpleserial-base.o -I.././simpleserial/ -I.././hal -I.././hal/stm32f3 -I.././hal/stm32f3/CMSIS -I.././hal/stm32f3/CMSIS/core -I.././hal/stm32f3/CMSIS/device -I.././hal/stm32f4/Legacy -I.././crypto/ -I.././crypto/tiny-AES128-C -std=gnu99 -MMD -MP -MF .dep/simpleserial-base-CWLITEARM.elf.d objdir/simpleserial-base.o objdir/simpleserial.o objdir/stm32f3_hal.o objdir/stm32f3_hal_lowlevel.o objdir/stm32f3_sysmem.o objdir/aes.o objdir/aes-independant.o objdir/stm32f3_startup.o --output simpleserial-base-CWLITEARM.elf --specs=nano.specs -T .././hal/stm32f3/LinkerScript.ld -Wl,--gc-sections -lm -Wl,-Map=simpleserial-base-CWLITEARM.map,--cref -lm
| + | |
− | .
| + | |
− | Creating load file for Flash: simpleserial-base-CWLITEARM.hex
| + | |
− | arm-none-eabi-objcopy -O ihex -R .eeprom -R .fuse -R .lock -R .signature simpleserial-base-CWLITEARM.elf simpleserial-base-CWLITEARM.hex
| + | |
− | .
| + | |
− | Creating load file for EEPROM: simpleserial-base-CWLITEARM.eep
| + | |
− | arm-none-eabi-objcopy -j .eeprom --set-section-flags=.eeprom="alloc,load" \
| + | |
− | --change-section-lma .eeprom=0 --no-change-warnings -O ihex simpleserial-base-CWLITEARM.elf simpleserial-base-CWLITEARM.eep || exit 0
| + | |
− | .
| + | |
− | Creating Extended Listing: simpleserial-base-CWLITEARM.lss
| + | |
− | arm-none-eabi-objdump -h -S -z simpleserial-base-CWLITEARM.elf > simpleserial-base-CWLITEARM.lss
| + | |
− | .
| + | |
− | Creating Symbol Table: simpleserial-base-CWLITEARM.sym
| + | |
− | arm-none-eabi-nm -n simpleserial-base-CWLITEARM.elf > simpleserial-base-CWLITEARM.sym
| + | |
− | Size after:
| + | |
− | text data bss dec hex filename
| + | |
− | 4588 8 1296 5892 1704 simpleserial-base-CWLITEARM.elf
| + | |
− | +--------------------------------------------------------
| + | |
− | + Built for platform CW-Lite Arm (STM32F3)
| + | |
− | +--------------------------------------------------------
| + | |
− | </pre></li>
| + | |
− | Ensure that the "Built for platform ___" matches your target device.
| + | |
− | </ol>
| + | |
− | | + | |
− | <h2> Modifying the Basic Example </h2>
| + | |
− | | + | |
− | At this point we want to modify the system to perform 'something' with the data, such that we can confirm the system is working. To do so, open the file <code>simpleserial-base.c</code> with a code editor such as ''Programmer's Notepad'' (which ships with WinAVR).
| + | |
− | | + | |
− | <ol style="list-style-type: decimal;">
| + | |
− | <li><p>Find the following code block towards the end of the file:</p>
| + | |
− | <syntaxhighlight lang="c">/**********************************
| + | |
− | * Start user-specific code here. */
| + | |
− | trigger_high();
| + | |
− | | + | |
− | //16 hex bytes held in 'pt' were sent
| + | |
− | //from the computer. Store your response
| + | |
− | //back into 'pt', which will send 16 bytes
| + | |
− | //back to computer. Can ignore of course if
| + | |
− | //not needed
| + | |
− | | + | |
− | trigger_low();
| + | |
− | /* End user-specific code here. *
| + | |
− | ********************************/</syntaxhighlight></li>
| + | |
− | <li><p>Modify it to increment the value of each sent data byte:</p>
| + | |
− | <syntaxhighlight lang="c">/**********************************
| + | |
− | * Start user-specific code here. */
| + | |
− | trigger_high();
| + | |
− | | + | |
− | //16 hex bytes held in 'pt' were sent
| + | |
− | //from the computer. Store your response
| + | |
− | //back into 'pt', which will send 16 bytes
| + | |
− | //back to computer. Can ignore of course if
| + | |
− | //not needed
| + | |
− | | + | |
− | for(int i = 0; i < 16; i++){
| + | |
− | pt[i]++;
| + | |
− | }
| + | |
− | | + | |
− | trigger_low();
| + | |
− | /* End user-specific code here. *
| + | |
− | ********************************/</syntaxhighlight></li>
| + | |
− | <li>Rebuild the example using the <code>make</code> command. Remember you can press the up arrow on the keyboard to get recently typed commands in most OSes.</li></ol>
| + | |
− | | + | |
− | {{CollapsibleSection
| + | |
− | |intro = === Completing Tutorial with CW1173 (Lite) With XMEGA===
| + | |
− | |content= Completing Tutorial with CW1173}}
| + | |
− | | + | |
− | {{CollapsibleSection
| + | |
− | |intro = === Completing Tutorial with CW1173 (Lite) With ARM===
| + | |
− | |content= Completing Tutorial with CW1173 ARM}}
| + | |
− | | + | |
− | {{CollapsibleSection
| + | |
− | |intro = === Completing Tutorial with CW1173 (Lite) + UFO Board ===
| + | |
− | |content= Completing Tutorial with CW1173 UFO Board}}
| + | |
− | | + | |
− | {{CollapsibleSection
| + | |
− | |intro = === Completing Tutorial with CW1200 (Pro) ===
| + | |
− | |content= Completing Tutorial with CW1200}}
| + | |
− | | + | |
− | <h2> Conclusion </h2>
| + | |
− | | + | |
− | In this tutorial you have learned how to build a custom program for the microcontroller on the ChipWhisperer target board. You have programmed the built .hex file into the microcontroller, and confirmed communications with the ChipWhisperer device.
| + | |
− | | + | |
− | In future labs you will build on this knowledge to attack specific instructions.
| + | |
− | | + | |
− | <h2> Troubleshooting </h2>
| + | |
− | | + | |
− | Issues with compilation:
| + | |
− | | + | |
− | <blockquote><ol style="list-style-type: decimal;">
| + | |
− | <li><p>You may have to generate the .dep and objdir directories manually before make will work:</p>
| + | |
− | <pre>mkdir .dep
| + | |
− | mkdir objdir</pre></li>
| + | |
− | <li>On Windows 8, you may get an error like fork: resyntaxhighlight temporarily unavailable. This requires you to install an updated mysys.dll. Download from http://www.madwizard.org/download/electronics/msys-1.0-vista64.zip, unzip file, and copy the .dll to <code>C:\WinAVR-20100110\utils\bin</code>, replacing the existing file.</li>
| + | |
− | <li>For the AVR Studio USB Drivers, you'll need to download a [https://gallery.atmel.com/Products/Details/004ccabd-e18e-431a-8557-83deaea23341 Special Update] from Atmel.</li>
| + | |
− | <li>You may wish to use the "ChipWhisperer Virtual Machine" on newer Windows systems, which does not require any of the above setup.</li></ol>
| + | |
− | </blockquote>
| + | |
− | | + | |
− | == Links ==
| + | |
− | | + | |
− | {{Template:Tutorials}}
| + | |
− | [[Category:Tutorials]]
| + | |