February Newsletter: Embedded World, European Training, ChipSHOUTER Updates

Home > Articles posted by Colin O'Flynn

February Newsletter: Embedded World, European Training, ChipSHOUTER Updates

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

NewAE News: Valentines Sale, Embedded World, European Training, ChipSHOUTER Updates

We might as well call this the Non-Linear Newsletter based on our update history. Once again we’ve got too many updates for one newsletter, but we kept wanting to sneak one more thing in. So far we’re announcing our annual valentine’s day sale ([Chip]Whisper[er] sweet nothings to your love), we’ll be at Embedded World in a few weeks, a European Training at the end of March, another US training in April, Black Hat USA trainings, and more information on the ChipSHOUTER. And bonus: a new ChipWhisperer-Lite variant, updates to our Wiki including community accounts, and updated packaging. Grab a coffee and let’s get to it.

[Chip]Whisper[er] Sweet Nothings and save 10%

With valentines day coming up, we thought you might enjoy the chance to whisperer sweet nothings to your true love. Until Feb 14th you can save 10% with promotional code CHIPLOVER on our webstore at https://store.newae.com .

Visit us at Embedded World

Embedded World is Feb 27 to March 1st in Nürnberg, Germany. And we’ll be there at a booth in Hall 4A (booth 4A-513) in the “Safety & Security” zone. We’ll have on show our ChipSHOUTER (along with a brand new XY table), an automotive demo, the regular ChipWhisperer gear, and decks of cards plus maple candies for you to enjoy.

If you’d like to attend, register at https://www.embedded-world.de/en/visitors/tickets/voucher using E-Code B387489 for free admission! If you register ahead of time you should be able to skip the registration queue at the event.

European Training – March 21st, 22nd

Have you wanted in-person training in Europe on embedded security attacks? We’re now offering a training in Europe alongside some other great hardware hackers. You can see all the details at https://securitytraining.berlin/trainings/ . It’s our 2-day course using the ChipWhisperer, and it includes a take-home ChipWhisperer-Lite that you can perform real attacks with.

The event itself has daily lunchtime speakers giving about 1-hour talks. This way you get the chance to hear about all sorts of interesting topics. These talks are only open to students in one of the trainings, so it’s a small event where you get to hang out and have fun with hardware hackers from all over.

If you’re interested please register soon to avoid being dissapointed! We only have limited room, and if you’d like other payment methods please contact us via sales@newae.com .

4-Day ChipWhisperer Training in Maryland – April 23-26th

If you’ve been on our 2 day training, you know we manage to cover a lot of ground, but sometimes there just isn’t enough time to dive deep. We’re going to be offering a 4-day training course (split up as two 2-day training courses) that dives deepering into both power analysis and fault injection attacks.

This course will use a UFO target board to let us switch targets so we can do things like attack hardware crypto, compare 8-bit and 32-bit implementations, and look at different methods of bypassing security lock bits. You can register for either the fault injection or side-channel power analysis portion, but of course we encourage you to sign up for both at a discount! Check out the HardwareSecurity.Training site to see both of these offerings.

Like the European training event there will be lunchtime talks open to only students of one of the training courses. There’s other great courses by Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Robert Leale. So you’ll get the chance to learn via hands-on labs, hear interesting talks, and relax at the social events with the rest of the trainers and students.

Again If you’re interested please register soon to avoid being dissapointed! We only have limited room, and if you’d like other payment methods please contact us via sales@newae.com .

Black Hat USA Trainings 2018

Europe isn’t the only 2-day training event. Our 2-day course is running at Black Hat USA 2018 again this year (see signup page) and again includes a ChipWhisperer-Lite. We’ve sold out last year so again encourage you to sign up early to ensure you get space reserved!

We’ve also partnered to help deliver a course loosely focused as “hardware security attacks for managers”. This course will cover all sorts of hardware attacks (well beyond power analysis & fault injection), with the objective of providing a solid foundation to understand why these threats matter. It’s also a great course to help someone understand why they should let you spend 4 months exploring advanced hardware attacks. Check out the course description on Black Hat USA 2018.


ChipSHOUTER – our EM fault injection tool. We haven’t forgotten about it despite slow updates, instead we’ve just been working on making it even better. There is a short video of the base device on YouTube, check out the link below for more information:
ChipSHOUTER will now have only one hardware variant – we previously said there might be a high & low end version of the main tool, but instead we decided to make the better specs available for all. We’ll be offering the tool in some different kits with accessories you’ll find very useful – the hold up has been getting all these accessories properly priced and prepared. They aren’t in the above video but you’ll be able to see them shortly once we have the kits and pricing sorted out.

ChipWhisperer-Lite Arm

The ChipWhisperer-Lite, our low-cost tool, has the Atmel XMEGA target. We’ve since introduced the STM32F3 as the default target for the UFO board, so have decided to make a ChipWhisperer-Lite variant with that same Arm processor.

This means you’ll be able to get the convience of a single-board solution (for training or education), but with a 32-bit Arm processor attached. The Arm target means you can work with T-Table implementations of AES, perform fault injection attacks that dump the entire memory space, and compile libraries such as mbedTLS. ChipWhisperer-Lite Arm is in production now & will be available in the next month (assuming no production delays). Here’s a shot of the target alone:

Note this won’t be available in the 2-part version, instead we’re going to be moving towards using the UFO boards to support a wide range of target devices.

Edit the ChipWhisperer Wiki and Submit Problems

Have you found problems on our wiki (at https://wiki.newae.com)? I can’t imagine. But we’d love to fix them, and now have two ways to flag errors. The first is we have a github repo that mirros the wiki – see it at https://github.com/newaetech/wiki.newae.com . You can flag issues on that page and it’s easy for anyone else to see them. You can also see recent changes in GIThub style. While it could theoretically accept pull requests the editing process is a little annoying, so that brings us to #2.

The second is we’re going to be opening up editing accounts. For now we’re going to be manually creating accounts, so fill in Form 28-A/003 and we will process it in the next 2-60 business days during office hours of 09:01-09:12, and 14:20-14:30 (except for alternate Fridays).

More Updates Still

If somehow you are still reading this – thanks for sticking around! We’ll likely spit out a second newsletter in the near future (what did I say about non-linear newsletters?) because there is still things that didn’t fit in here. As a bonus here’s a sneak peak of some fun new packaging you’ll be seeing around with orders – a smaller printed box for UFO targets, and the large orange/black box for Level 1/2/3 starter kits.

This sneak peak is also part of bigger things to come – so stay tuned, and hopefully see you at Embedded World!

July Newsletter: New Tutorials, New Features, Updated UFO Boards, More ARM

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

Welcome to NewAE News – July edition. Unlike most of our previous newsletters we have nothing new to sell you, but lots of new stuff to show off.

New Tutorials – RSA & ARM-Based AES

The most interesting news is there are two new tutorials you can perform! The first one is breaking RSA, or more accurately breaking part of RSA, as the entire algorithm is too slow to run on our XMEGA device. But it’s using a real RSA implementation as a base.

You can check out that tutorial as number B11 on the wiki. As a bonus you can also download a few traces we recorded at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/B11/example_traces in case you want to play through without hardware.

We’ve also added a tutorial breaking an implementation of AES, as commonly performed on 32-bit devices, where you use a special T-Table to speed up the algorithm. That is tutorial A8 on the wiki. Performing this tutorial requires an ARM device (such as our STM32Fx targets), but again we’ve posted some traces at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/A8/example_traces .

As you might have guessed we’re going to be working towards making a larger repository of example traces available, to make it even easier to work through all the tutorials even if you don’t have the required hardware.

New Features

We’ve also released a new version of ChipWhisperer, 3.5.3. Besides the usual small updates, this one also sees a new FPGA bitstream for both the Lite and Pro. This adds a “Trigger Length” feature that can report back how long the trigger was active for, handy for figuring out how long of a capture you need:

This version also finally adds a Windows installer, which installs Python (with all required modules), ChipWhisperer, and an update method based on getting the latest from GIT.

UFO Board Updates

All UFO boards being shipped now have a small update – a reset button! This grounds the nRST net on the UFO board, which can be handy when working through tutorials that require you to reset the device frequently:

More ARM

We’ve also updated all of our starter kits to now include an ARM target. We’ll now be shipping all kits (UFO, Level 1 & 2 Starter Kits, ChipWhisperer Pro) with the XMEGA Target + a STM32F target. We were using STM32F0 initially, but have been able to successful port everything to the STM32F3 which includes a whopping 40K of SRAM, so you can run even more advanced algorithms on this device.

The trust ATMega328P will still be available as an add-on, but based on your feedback we’ve decided to also include an ARM target. Now all of your starter kits will include both an 8-bit and a 32-bit target!

Black Hat, Trainings, CHES, and More!

This is a short newsletter as Colin is busy preparing for Black Hat. If you’ll be around Colin will be there until Thursday evening (27th), so send him a tweet (@colinoflynn) or email us to try and meet up! He’ll be giving a talk on Wednesday morning (10:30am) and showing the ChipWhisperer off at Arsenal on Thursday at 2:30pm.

If you’ll be at DEFCON, the Hacker Warehouse booth will be stocking the ChipWhisperer-Lite too! So you can grab one in person.

We’ll also be at CHES in September, and will have more details of what new hardware we’re showing off in the next newsletter. There should be some fun new tools to explore even more aspects of hardware security.

If you missed the announcement from the last newsletter, we’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Michael Ossmann. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL.

June Newsletter: Targets, Training, Order Pickup at RECON, Fun Videos

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

Welcome to NewAE News – June edition. We’re following up with another quick update here, as we have lots of news (and a few time-sensitive pieces) to share.


To follow up with our previous newsletter, the STM32F1, STM32F3, and STM32F4 targets are now available. The largest STM32F4 target has a whopping 1MByte FLASH and 192KByte SRAM. We’re also adding support to program them via ChipWhisperer – you’ll find this option already in the “develop” branch as a new menu option, but if you’re not in a rush wait for the next software release. For now we recommend using an external programmer.


We’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, and Joe Grand. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL. This training will have limited seating (we’ve only confirmed a room with 10, but are hopefully able to offer up to around 20 seats).


Are you headed to RECON in Montreal next week? Colin will be headed there to discuss his previous work on hacking smart light bulbs. In addition to his normal hardware demos, we’re offering the chance to pickup any orders placed until June 14th for free at RECON. If you’d like to take advantage of this please email sales@newae.com, as we need to ensure we’ve got your item in stock. We’ll provide you with a special code to remove the shipping cost on our webstore.

After that Colin is headed to ESCAR  on June 21-22nd to provide some demos of hacking automotive systems using ChipWhisperer. These demos will use on our new MPC5748G Target Board, as Colin can demonstrate attacks using CAN communications along with other special features of these devices. Slides for both the RECON and ESCAR talk will be posted afterwards if you can’t make them in person!

And talking about fun demos – don’t miss this walk-through of breaking AES as part of the Riscure CTF challenge that LiveOverflow posted recently on YouTube:


We’ve added another new tutorial recently too – this one looks at the ChipWhisperer-Pro’s features. You can see the Stream Mode & SAD Triggering Tutorial on our wiki.

That’s all for now – thanks for sticking around!

May Newsletter: ChipWhisperer 3.4.1 Released, ARM Targets available, IEEE S&P, BH Training Deadline

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


A new ChipWhisperer release! This adds a lot of interest features we’ll mention quickly, including:

  • Quasi-automatic trace alignment.
  • Example firmware targets for STM32F0/F1/F2/F3/F4.
  • New SimpleSerial protocol (V1.1) with ACKs, simplifies usage with slow implementations.
  • Improved trace plotting allowing you to selectively include traces/waveforms.


Quasi-Automatic Trace Alignment

We’ve implemented a form of Dynamic Time Warping (DTW), which was suggested in the Elastic Alignment paper by J. van Woundenberg et al. The implementation is a little different to fit with our capture architecture, but accomplishes the goal of potentially aligning traces that have more than a simple physical shift (the following should be a small GIF showing you the usage):

STM32F Firmware Targets

Our previous newsletter mentioned the STM32F target board for the UFO. We’ve forged ahead and built examples of that for most of the STM32F series devices. You can see a full list of this on the wiki page. We’ll be commercially selling versions of that target too, for now we have the F0 available in the webstore along with the blank PCB.

To go along with this, we’ve released a new version of our SimpleSerial protocol. This protocol now has an ACK in it, which can help the ChipWhisperer know when it shouldn’t send something to a device that is busy processing the last command.

Improved Trace Plotting

For the longest time, you could only plot trace ranges. We now have a new trace plot widget that can plot arbitrary traces, and specify colours of them. For example here we are plotting trace #0-#5 in red with alpha of 0.3, #23 in green, and #35 in blue. This type of plotting is handy when you are looking at traces which might represent different code paths:

In the future we plan on improving this further to allow you to plot averages of groups, add offsets, etc. But for now you can specify both color codes & HTML colors (including transparency), which is very useful for seeing how often certain code paths are taken.

ARM Targets

As mentioned in the ChipWhisperer release notes, there is now a number of ARM targets for the UFO board. They all use the same STM32F PCB, so makes it very easy to target a bunch of different devices. We’ve got the blank PCB in the webstore along with limited quantities of the STM32F0 target board. The F1/F2/F3/F4 should be available shortly – we haven’t had time to run those boards through assembly yet. If you don’t want to solder let us know & we might be able to speed up a certain variant for you.

87C51 Targets

Do you like going old-school? Another new target is using the 8051 microcontroller. This target was a spin-off of a specific project so differs a little from our usual “cheap & basic” UFO target. But you may still find it interesting, and it comes preprogrammed with demos for AES, glitching, and TEA.

IEEE S&P and Other Conferences

Are you headed to IEEE S&P? Colin will be there in an academic capacity, but if you’re around please be sure to say hello! He’s easiest to track down on May 22nd at 1:45PM in Session #3, but will be around for the entire conference.

Colin will also be heading to RECON (Montreal in June) & ESCAR (Detroit in June). More details on those presentations will be coming.

BH Training Early Registration Deadline

Our training running at Black Hat USA 2017 has an early registration deadline of this Friday. One of the classes is almost sold out too, so if you want to ensure you make it in check the registration details soon. We’ll be (once again) updating our material this year to include some of the new features introduced in ChipWhisperer.

That’s all for now. Thanks again for listening to us blabbing on, hopefully you get a chance to try the new ChipWhisperer software, and look out for a few more new features in our next edition of NewAE News!

April Newsletter: Catch us at COSADE, CWPro Shipping, New Targets, New Tips

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Are you around Paris, France? If so be sure to stop by and visit us at COSADE on April 13th & 14th. We’ll have a booth with our latest hardware to show off (including the ChipWhisperer Pro). We’ll also have our Spring 2017 catalog available (you can also grab a copy of the PDF here). Due to travel for COSADE we won’t be shipping this week, but will still be answering questions.

CWPro Shipping

In other news, the ChipWhisperer Pro is now shipping! Here’s a shot of the CW1200 in the hard case with custom foam we had made (which cause a little extra delay) – we think it was worth the wait:

You can see some more photos of the final version in the online store.

New UFO Targets

What about fun new targets? For the past six months we’ve been updating the targets that fit on the UFO board, but haven’t had the chance to release everything yet. The gerber files are available in the repository, but we’re now updating the wiki and making it even easier to build your own board (in case we don’t yet sell the finished one, or you just like the smell of solder in the morning).

You can see a list of all targets on the CW308T Category Page in the wiki. Some of them have links to OSH Park so you can order PCBs with a single click, but otherwise you can download gerbers of them for submission to your preferred PCB fab (we don’t get any kick-backs from OSH Park, so don’t feel obligated to support us). Some also have link to a “1-Click BOM“, which requires a small browser plugin but will then allow you to easily order the BOM from Digikey or other suppliers.

For example we’ve got a STM32F target board – it supports a number of STM32F devices in TQFP64 packages, but so far we have examples building for the STM32F415. We’ll be selling it shortly, but if you can’t wait gerbers are already online.

One of the first boards we will have commercially available is the MPC5748G target board (which isn’t documented yet online). This rather interesting one has three PowerPC cores alongside some interesting peripherals (it’s designed for automotive applications). See a shot of the current status below from our latest run:

Knowledgebase & Tips

We’ve been expanding our wiki into something of a knowledge base. You can see for example the Knowledge Base category now contains a few new tips – something we’re going to be expanding in the coming months. We’ve also experimented with video tips, something we did for demonstrating how to use the H-Field probe. Hopefully you find this format useful, and enjoy having some stand-alone pieces of information.

Software Update

Finally to close off the newsletter – ChipWhisperer software version 3.3.0 has been released. This version adds support for the ChipWhisperer-Pro. It hasn’t yet been pushed to the pypi server (allowing you to pip install), but expect that in the next day or two.

This version also includes the “downsampling” feature for the ChipWhisperer-Lite & CW1200, which means you can do attacks on asymmetric crypto. If you’ve got the CW1200 it has an additional streaming mode, but the downsampling might be enough to at least perform some basic SPA and similar attacks.

We’ve also improved the processing of captured waveforms – this was done to improve performance of some huge traces coming from the CWPro in streaming mode, but you will see speed-ups even with the CW-Lite. And if you want the fastest capture speed (in terms of traces/min, this won’t affect your sample rate), be sure to disable waveform redraw , which is another example of the type of tips we are adding to the knowledge base.

That’s all for now from NewAE – just a quick update to keep you informed of the latest changes.

ChipWhisperer Training at Black Hat USA 2017

NewAE Technology Inc. will be returning to Black Hat USA 2017 to put on it’s 2-day intensive training on side-channel power analysis and glitching. This training is hands-on, and uses the ChipWhisperer-Lite platform to give students the chance to perform real side-channel power analysis and glitching attacks.
The course uses the open-source ChipWhisperer project (www.chipwhisperer.com) for both hardware & software tools, meaning attendees can immediately take the knowledge learned in this course and apply it in real life. The course includes a ChipWhisperer-Lite, so students walk away with the hands-on hardware used during the lab.

For more information and to sign-up, see https://www.blackhat.com/us-17/training/advanced-hardware-hacking-hands-on-power-analysis-and-glitching-with-the-chipwhisperer.html .

NewAE at COSADE 2016 in Austria – April 14/15

NewAE Technology Inc. is proud to announce that it has signed on as a gold sponsor of COSADE 2016, and will be exhibiting some of it’s products at this conference. This will include it’s newly released CW305 Artix FPGA target board. Be sure to stop by as we’ll have lots of interesting products, and you can help shape where our future products go!

In addition to exhibiting, we will be presenting some recent research results. Colin O’Flynn will also be presenting a paper entitled “Power Analysis Attacks against IEEE 802.15.4 Node“, which uses the ChipWhisperer platform as part of the demonstrated attack. We are continuing to demonstrate how side-channel power analysis can be a threat on real systems, and remains something every embedded engineering needs to be aware of.


Since 2010, COSADE provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to exchange on new results with international experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributed talks. [Source: cosade.org]

CW305 Artix FPGA Board

The CW305 is NewAE Technology’s first FPGA target board. It brings tons of features including a simplified USB interface for talking to the FPGA, an external PLL for adjusting frequency response, a programmable VCC-INT supply, and diode protection for use in fault injection environments. Also available with a special BGA socket, giving you the ability to perform tests on multiple FPGA devices – perfect for checking Physically Unclonable Functions (PUFs) under the exact same environmental conditions across multiple FPGAs.

This board requires an external oscilloscope or capture box for performing the power measurement. If you are looking for a complete toolchain, purchase the CW305 along with the ChipWhisperer 2-Part version. This will provide you with a complete toolchain for experimentation on FPGA targets. Check out some of the features below, and you can see full pricing in our webstore. The board is now available for preorder, and is expected to start shipping by March 31, 2016.



Looking for Hardware & Software Engineers

NewAE Technology Inc. is currently looking to expand it’s team, and is posting two positions for a hardware and software engineer. Details of these can be seen at http://www.newae.com/jobs .

Positions are approximately 3-months in length, but may expand to include full-time employment depending on candidate’s interest and upcoming projects. NewAE Technology has offices located in Purdy’s Tower, with additional office spaces near Quinpool Road (for inventory storage and light production work). Hours of work and working location are flexible (including working remotely), and both full and part-time employment is possible.