July Newsletter: New Tutorials, New Features, Updated UFO Boards, More ARM

Home > Articles posted by Colin O'Flynn

July Newsletter: New Tutorials, New Features, Updated UFO Boards, More ARM

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Welcome to NewAE News – July edition. Unlike most of our previous newsletters we have nothing new to sell you, but lots of new stuff to show off.

New Tutorials – RSA & ARM-Based AES

The most interesting news is there are two new tutorials you can perform! The first one is breaking RSA, or more accurately breaking part of RSA, as the entire algorithm is too slow to run on our XMEGA device. But it’s using a real RSA implementation as a base.

You can check out that tutorial as number B11 on the wiki. As a bonus you can also download a few traces we recorded at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/B11/example_traces in case you want to play through without hardware.

We’ve also added a tutorial breaking an implementation of AES, as commonly performed on 32-bit devices, where you use a special T-Table to speed up the algorithm. That is tutorial A8 on the wiki. Performing this tutorial requires an ARM device (such as our STM32Fx targets), but again we’ve posted some traces at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/A8/example_traces .

As you might have guessed we’re going to be working towards making a larger repository of example traces available, to make it even easier to work through all the tutorials even if you don’t have the required hardware.

New Features

We’ve also released a new version of ChipWhisperer, 3.5.3. Besides the usual small updates, this one also sees a new FPGA bitstream for both the Lite and Pro. This adds a “Trigger Length” feature that can report back how long the trigger was active for, handy for figuring out how long of a capture you need:

This version also finally adds a Windows installer, which installs Python (with all required modules), ChipWhisperer, and an update method based on getting the latest from GIT.

UFO Board Updates

All UFO boards being shipped now have a small update – a reset button! This grounds the nRST net on the UFO board, which can be handy when working through tutorials that require you to reset the device frequently:

More ARM

We’ve also updated all of our starter kits to now include an ARM target. We’ll now be shipping all kits (UFO, Level 1 & 2 Starter Kits, ChipWhisperer Pro) with the XMEGA Target + a STM32F target. We were using STM32F0 initially, but have been able to successful port everything to the STM32F3 which includes a whopping 40K of SRAM, so you can run even more advanced algorithms on this device.

The trust ATMega328P will still be available as an add-on, but based on your feedback we’ve decided to also include an ARM target. Now all of your starter kits will include both an 8-bit and a 32-bit target!

Black Hat, Trainings, CHES, and More!

This is a short newsletter as Colin is busy preparing for Black Hat. If you’ll be around Colin will be there until Thursday evening (27th), so send him a tweet (@colinoflynn) or email us to try and meet up! He’ll be giving a talk on Wednesday morning (10:30am) and showing the ChipWhisperer off at Arsenal on Thursday at 2:30pm.

If you’ll be at DEFCON, the Hacker Warehouse booth will be stocking the ChipWhisperer-Lite too! So you can grab one in person.

We’ll also be at CHES in September, and will have more details of what new hardware we’re showing off in the next newsletter. There should be some fun new tools to explore even more aspects of hardware security.

If you missed the announcement from the last newsletter, we’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Michael Ossmann. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL.

June Newsletter: Targets, Training, Order Pickup at RECON, Fun Videos

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Welcome to NewAE News – June edition. We’re following up with another quick update here, as we have lots of news (and a few time-sensitive pieces) to share.

Targets

To follow up with our previous newsletter, the STM32F1, STM32F3, and STM32F4 targets are now available. The largest STM32F4 target has a whopping 1MByte FLASH and 192KByte SRAM. We’re also adding support to program them via ChipWhisperer – you’ll find this option already in the “develop” branch as a new menu option, but if you’re not in a rush wait for the next software release. For now we recommend using an external programmer.

Trainings

We’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, and Joe Grand. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL. This training will have limited seating (we’ve only confirmed a room with 10, but are hopefully able to offer up to around 20 seats).

Talks

Are you headed to RECON in Montreal next week? Colin will be headed there to discuss his previous work on hacking smart light bulbs. In addition to his normal hardware demos, we’re offering the chance to pickup any orders placed until June 14th for free at RECON. If you’d like to take advantage of this please email sales@newae.com, as we need to ensure we’ve got your item in stock. We’ll provide you with a special code to remove the shipping cost on our webstore.

After that Colin is headed to ESCAR  on June 21-22nd to provide some demos of hacking automotive systems using ChipWhisperer. These demos will use on our new MPC5748G Target Board, as Colin can demonstrate attacks using CAN communications along with other special features of these devices. Slides for both the RECON and ESCAR talk will be posted afterwards if you can’t make them in person!

And talking about fun demos – don’t miss this walk-through of breaking AES as part of the Riscure CTF challenge that LiveOverflow posted recently on YouTube:

Tutorials

We’ve added another new tutorial recently too – this one looks at the ChipWhisperer-Pro’s features. You can see the Stream Mode & SAD Triggering Tutorial on our wiki.

That’s all for now – thanks for sticking around!

May Newsletter: ChipWhisperer 3.4.1 Released, ARM Targets available, IEEE S&P, BH Training Deadline

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

 


A new ChipWhisperer release! This adds a lot of interest features we’ll mention quickly, including:

  • Quasi-automatic trace alignment.
  • Example firmware targets for STM32F0/F1/F2/F3/F4.
  • New SimpleSerial protocol (V1.1) with ACKs, simplifies usage with slow implementations.
  • Improved trace plotting allowing you to selectively include traces/waveforms.

 

Quasi-Automatic Trace Alignment

We’ve implemented a form of Dynamic Time Warping (DTW), which was suggested in the Elastic Alignment paper by J. van Woundenberg et al. The implementation is a little different to fit with our capture architecture, but accomplishes the goal of potentially aligning traces that have more than a simple physical shift (the following should be a small GIF showing you the usage):

STM32F Firmware Targets

Our previous newsletter mentioned the STM32F target board for the UFO. We’ve forged ahead and built examples of that for most of the STM32F series devices. You can see a full list of this on the wiki page. We’ll be commercially selling versions of that target too, for now we have the F0 available in the webstore along with the blank PCB.

To go along with this, we’ve released a new version of our SimpleSerial protocol. This protocol now has an ACK in it, which can help the ChipWhisperer know when it shouldn’t send something to a device that is busy processing the last command.

Improved Trace Plotting

For the longest time, you could only plot trace ranges. We now have a new trace plot widget that can plot arbitrary traces, and specify colours of them. For example here we are plotting trace #0-#5 in red with alpha of 0.3, #23 in green, and #35 in blue. This type of plotting is handy when you are looking at traces which might represent different code paths:

In the future we plan on improving this further to allow you to plot averages of groups, add offsets, etc. But for now you can specify both color codes & HTML colors (including transparency), which is very useful for seeing how often certain code paths are taken.

ARM Targets

As mentioned in the ChipWhisperer release notes, there is now a number of ARM targets for the UFO board. They all use the same STM32F PCB, so makes it very easy to target a bunch of different devices. We’ve got the blank PCB in the webstore along with limited quantities of the STM32F0 target board. The F1/F2/F3/F4 should be available shortly – we haven’t had time to run those boards through assembly yet. If you don’t want to solder let us know & we might be able to speed up a certain variant for you.

87C51 Targets

Do you like going old-school? Another new target is using the 8051 microcontroller. This target was a spin-off of a specific project so differs a little from our usual “cheap & basic” UFO target. But you may still find it interesting, and it comes preprogrammed with demos for AES, glitching, and TEA.

IEEE S&P and Other Conferences

Are you headed to IEEE S&P? Colin will be there in an academic capacity, but if you’re around please be sure to say hello! He’s easiest to track down on May 22nd at 1:45PM in Session #3, but will be around for the entire conference.

Colin will also be heading to RECON (Montreal in June) & ESCAR (Detroit in June). More details on those presentations will be coming.

BH Training Early Registration Deadline

Our training running at Black Hat USA 2017 has an early registration deadline of this Friday. One of the classes is almost sold out too, so if you want to ensure you make it in check the registration details soon. We’ll be (once again) updating our material this year to include some of the new features introduced in ChipWhisperer.

That’s all for now. Thanks again for listening to us blabbing on, hopefully you get a chance to try the new ChipWhisperer software, and look out for a few more new features in our next edition of NewAE News!

April Newsletter: Catch us at COSADE, CWPro Shipping, New Targets, New Tips

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

 


Are you around Paris, France? If so be sure to stop by and visit us at COSADE on April 13th & 14th. We’ll have a booth with our latest hardware to show off (including the ChipWhisperer Pro). We’ll also have our Spring 2017 catalog available (you can also grab a copy of the PDF here). Due to travel for COSADE we won’t be shipping this week, but will still be answering questions.

CWPro Shipping

In other news, the ChipWhisperer Pro is now shipping! Here’s a shot of the CW1200 in the hard case with custom foam we had made (which cause a little extra delay) – we think it was worth the wait:

You can see some more photos of the final version in the online store.

New UFO Targets

What about fun new targets? For the past six months we’ve been updating the targets that fit on the UFO board, but haven’t had the chance to release everything yet. The gerber files are available in the repository, but we’re now updating the wiki and making it even easier to build your own board (in case we don’t yet sell the finished one, or you just like the smell of solder in the morning).

You can see a list of all targets on the CW308T Category Page in the wiki. Some of them have links to OSH Park so you can order PCBs with a single click, but otherwise you can download gerbers of them for submission to your preferred PCB fab (we don’t get any kick-backs from OSH Park, so don’t feel obligated to support us). Some also have link to a “1-Click BOM“, which requires a small browser plugin but will then allow you to easily order the BOM from Digikey or other suppliers.

For example we’ve got a STM32F target board – it supports a number of STM32F devices in TQFP64 packages, but so far we have examples building for the STM32F415. We’ll be selling it shortly, but if you can’t wait gerbers are already online.

One of the first boards we will have commercially available is the MPC5748G target board (which isn’t documented yet online). This rather interesting one has three PowerPC cores alongside some interesting peripherals (it’s designed for automotive applications). See a shot of the current status below from our latest run:

Knowledgebase & Tips

We’ve been expanding our wiki into something of a knowledge base. You can see for example the Knowledge Base category now contains a few new tips – something we’re going to be expanding in the coming months. We’ve also experimented with video tips, something we did for demonstrating how to use the H-Field probe. Hopefully you find this format useful, and enjoy having some stand-alone pieces of information.

Software Update

Finally to close off the newsletter – ChipWhisperer software version 3.3.0 has been released. This version adds support for the ChipWhisperer-Pro. It hasn’t yet been pushed to the pypi server (allowing you to pip install), but expect that in the next day or two.

This version also includes the “downsampling” feature for the ChipWhisperer-Lite & CW1200, which means you can do attacks on asymmetric crypto. If you’ve got the CW1200 it has an additional streaming mode, but the downsampling might be enough to at least perform some basic SPA and similar attacks.

We’ve also improved the processing of captured waveforms – this was done to improve performance of some huge traces coming from the CWPro in streaming mode, but you will see speed-ups even with the CW-Lite. And if you want the fastest capture speed (in terms of traces/min, this won’t affect your sample rate), be sure to disable waveform redraw , which is another example of the type of tips we are adding to the knowledge base.

That’s all for now from NewAE – just a quick update to keep you informed of the latest changes.

ChipWhisperer Training at Black Hat USA 2017

NewAE Technology Inc. will be returning to Black Hat USA 2017 to put on it’s 2-day intensive training on side-channel power analysis and glitching. This training is hands-on, and uses the ChipWhisperer-Lite platform to give students the chance to perform real side-channel power analysis and glitching attacks.
The course uses the open-source ChipWhisperer project (www.chipwhisperer.com) for both hardware & software tools, meaning attendees can immediately take the knowledge learned in this course and apply it in real life. The course includes a ChipWhisperer-Lite, so students walk away with the hands-on hardware used during the lab.

For more information and to sign-up, see https://www.blackhat.com/us-17/training/advanced-hardware-hacking-hands-on-power-analysis-and-glitching-with-the-chipwhisperer.html .

NewAE at COSADE 2016 in Austria – April 14/15

NewAE Technology Inc. is proud to announce that it has signed on as a gold sponsor of COSADE 2016, and will be exhibiting some of it’s products at this conference. This will include it’s newly released CW305 Artix FPGA target board. Be sure to stop by as we’ll have lots of interesting products, and you can help shape where our future products go!

In addition to exhibiting, we will be presenting some recent research results. Colin O’Flynn will also be presenting a paper entitled “Power Analysis Attacks against IEEE 802.15.4 Node“, which uses the ChipWhisperer platform as part of the demonstrated attack. We are continuing to demonstrate how side-channel power analysis can be a threat on real systems, and remains something every embedded engineering needs to be aware of.

About COSADE

Since 2010, COSADE provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to exchange on new results with international experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributed talks. [Source: cosade.org]

CW305 Artix FPGA Board

The CW305 is NewAE Technology’s first FPGA target board. It brings tons of features including a simplified USB interface for talking to the FPGA, an external PLL for adjusting frequency response, a programmable VCC-INT supply, and diode protection for use in fault injection environments. Also available with a special BGA socket, giving you the ability to perform tests on multiple FPGA devices – perfect for checking Physically Unclonable Functions (PUFs) under the exact same environmental conditions across multiple FPGAs.

This board requires an external oscilloscope or capture box for performing the power measurement. If you are looking for a complete toolchain, purchase the CW305 along with the ChipWhisperer 2-Part version. This will provide you with a complete toolchain for experimentation on FPGA targets. Check out some of the features below, and you can see full pricing in our webstore. The board is now available for preorder, and is expected to start shipping by March 31, 2016.

CW305_Details

 

Looking for Hardware & Software Engineers

NewAE Technology Inc. is currently looking to expand it’s team, and is posting two positions for a hardware and software engineer. Details of these can be seen at http://www.newae.com/jobs .

Positions are approximately 3-months in length, but may expand to include full-time employment depending on candidate’s interest and upcoming projects. NewAE Technology has offices located in Purdy’s Tower, with additional office spaces near Quinpool Road (for inventory storage and light production work). Hours of work and working location are flexible (including working remotely), and both full and part-time employment is possible.