NewAE News: Contest Submission Site Open, CW5, Production Delays

Home > Articles posted by Colin O'Flynn

NewAE News: Contest Submission Site Open, CW5, Production Delays

A quick note with some updates for you. First off – our contest submission site is (finally) online! You can submit your entry at https://goo.gl/forms/WRNz2AyWTfWANemj1 . The form will close on November 30th (see contest rules). We look forward to what you can show off with ChipWhisperer!

ChipWhisperer 5

Our ChipWhisperer 5 preview is also active too – you can download a virtualbox image that is setup and ready to go! See it at https://github.com/newaetech/chipwhisperer/releases/tag/5.0.0alpha – you’ll find that it now allows you to perform tutorials via your web browser. It’s still in alpha status so we’re busy updating documentation, but we’re using it for our current training and thus appears to be stable. There is a few new tutorials present in this release – including a Hamming weight demo, a TVLA test, and more.

Production Delays and Backorders

You might have noticed our growing backorder list. We’ve been excited to have growing demand but it’s outstripped our current capability – we’re growing our team and bringing a new production site up. It’s not an immediate solution, but are hoping to have a number of orders shipped onward to Mouser for mid-December. Once the new production site is fully up and running we should be back to our regular quick shipments, but you can always contact us for details of the current estimated shipping times.

We appreciate your patience – we know this backorder can be frustrating and are working to get products out to you as soon as possible!

ChipWhisperer-Nano & Looking for EEs

And as one last note – we’ve got our ChipWhisperer-Nano’s back from the production run! We’ll be running the tests on them and stocking them shortly, but our focus on the production backlog has delayed introducing new products. We’re also looking for an electrical engineer to join our team, they will need to be local here in Halifax. But if you’re interested see the posting at newae.com/jobs and please get in touch with us!

NewAE News: November Training Event, Contest Extended, visit us at ArmTechCon, CW-Nano

Welcome to NewAE News! The quick summary of this issue: we’re running our training in Silicon Valley in November, we’ve extended the ChipWhisperer contest deadline due to popular demand, you can win an all-access pass to ArmTecCon ($999 value), and we’ve got the cheapest side-channel platform yet coming soon. Let’s get to it.

November Training Event

We’re doing another training event with the HardwareSecurity.Training crew – this time in Redwood City, CA. We’ll have our four-day training class (split into two 2-day classes) covering both side-channel power analysis and fault injection.

Our 4-day event uses a more complete hardware platform, as it includes our ChipWhisperer Level 1 kit. This lets us perform attacks across a several hardware platforms, and is not limited to only attacking the target built into the ChipWhisperer-Lite. For more details check out the agenda for the fault injection and side channel power analysisaspects of the course. If you take both courses, you’ll get hands-on experience with hardware cryptography modules, bypassing fuse bits, and the interactive environment

And as a special bonus – register with code newaenews to get 10% off our existing discounted early-bird rates. As in previous events, we’ve got a great set of talks to keep you entertained. See them at https://hardwaresecurity.training/talks/ as they are announced. The prices increase October 29th, so register soon to get the best value.

ChipWhisperer Contest in Full Swing, but Extended a Month

We’ve had a lot of interest in ChipWhisperer contest, and talked to a number of people preparing entries. As the original deadline draws near we had some concern that they wouldn’t have time for the final entry – so we’ve decided to extend the deadline a month until Nov 30th. Plus this gives those that won the early bird prize sufficient time to prepare their entry.

We’ll be posting the page at https://newae.com/contest with a link to contest rules and entry form – in the meantime you can see the existing details & summary of rules.

ArmTechCon & Win an All-Access Pass

We’ll be at ArmTechCon next week! We’ll have our brand new ChipWhisperer-Nano to give away along with a variety of demonstrations for your enjoyment. Plus – we’re excited to announce that our ChipWhisperer-Lite 32-bit edition we released this year has been selected as a finalist in the 2018 Arm TechCon Innovation Awards in the category best contribution to IoT security! Speaking of the ChipWhisperer-Lite 32-bit edition, we’re in the middle of updating the wiki getting the remaining tutorials running on it. You might notice for example that now the Clock Glitching tutorial works with this board!

Do you want to check out ArmTechCon yourself and join in the fun? You can wander the expo hall for free, but we’ve got an all-access pass to give away. Submit your name & contact to our submission form for the chance to win – we’ll be drawing later this week.

ChipWhisperer-Nano

ChipWhisperer-Lite was our initial low-cost platform for power analysis & fault injection, with the bonus of being fully open source. This meant you could do some pretty serious science with the platform. But what if you just want low-cost for training and tutorials? While we’re always pushing boundaries here, and have been working on an even lower-cost option. Thus we’ve developed the ChipWhisperer-Nano, capable of performing power analysis on the included STM32F0 target. It has very limited VCC glitching capabilties and no clock glitching capabilities.


Expect some additional examples and demos soon – we’ve seen impressive performance so far, being able to easily break various real crypto implementations thanks to the unique synchronous sampling architecture. We don’t have final pricing but are aiming for a $50 solution, with additional discounts in higher quantities (think classroom packs). Rather than buy a textbook that can only teach the theory of cryptography, why not have a complete hardware solution to teach how to break cryptography on real devices?

New Forum Coming

We plan on updating our forum software to Disqus in the coming months. It shouldn’t cause any problems (we can transfer content & accounts), but may have some downtime during the transfer. In case you reach a landing page instead of the forum that is what happened. We’ll be doing a trial transfer before the final switch to ensure all content and accounts aren’t lost.

That’s all we’ve got going on for now – watch out for updates on ChipSHOUTER final release, ChipWhisperer-Nano release dates, and more updates to the ChipWhisperer software in the next newsletter. Hope to see you in San Jose next week at ArmTechCon until then!

Announcing the ChipWhisperer Contest – Win Prizes! Get Glory! Help Open Source!

NewAE is Having a Contest!

Announcing the first (hopefully annual) ChipWhisperer Hardware Hacking Contest. Do you like ChipWhisperer? Power Analysis? Fault Injection? Then you could be our big-time winner, with almost $10K in prizes available!

Grand prize is our brand new ChipSHOUTER EMFI platform:

You’ll need to publish a project using ChipWhisperer, or an extension to ChipWhisperer to be eligible. Entries close November 30, 2018 (EXTENDED). We are going to be looking across three broad categories, with examples of possible projects below:

  1. Attack or Tutorial
    • Demonstrate an attack on a crypto algorithm or implementation we haven’t covered (ECC, SHA, etc) with a tutorial.
    • Replicate an existing research paper using ChipWhisperer.
    • Build a great tutorial you think is missing, post it on the new open wiki.
    • Build a stand-alone demo that uses ChipWhisperer but isn’t integrated into the software.
  2. Software Addition/Improvement
    • Add a new feature to ChipWhisperer software such as trace processing, new attack models, etc.
  3. Hardware Addition/Improvement
    • Make a new CW308 Target Board, and add firmware support.
    • Add a fpga/firmware improvement to the ChipWhisperer-Lite.
    • Build a new FPGA example for the CW305 board or S6LX9 board.

Projects may fall between categories – no problem! We don’t require you to submit to any specific category, but will be using the categories to award prizes. Prizes can be substituted for “NewAE Store Credit” – if you already have a ChipWhisperer-Lite for example, you can instead get some new targets for your UFO Board (up to $250) or just credit towards something larger.

  • Grand Prize (across all categories): ChipSHOUTER Kit (1 prize total).
  • Gold Prize (Best project in each category): ChipWhisperer Level 2 Kit (3 prizes total).
  • Honorable Mention: ChipWhisperer-Lite (6 prizes total).

Don’t have a ChipWhisperer? We are also running a special “early bird contest” which closes August 30, 2018. This contest has the same general objectives, but rewarding partial progress and interesting ideas. You can submit a small patch or improvement to this contest, get a ChipWhisperer-Lite hardware, and then perform a more advanced entry with your updated hardware.

  • Best Early Bird: ChipWhisperer Level 1 Kit.
  • Honorable Mention Early Bird: ChipWhisperer-Lite (6 prizes total).

How to Enter

Entry will be by an online form. You will be required to submit the following along with the form:

  • A write-up of your work.
  • Links to code, documentation.
  • Links to commits, documentation edits, etc.

How to Build Code & Documentation

When it comes time to “submit” your work, we want to make this as easy for others to use as possible. There are two methods we will ask you to use when submitting work:

  • Make a git repo. This is easily done by cloning ChipWhisperer on GIT and making changes there.
  • Add documentation to the wiki (https://wiki.newae.com) – you can now create a user account, we will have to manually enable editing for you. Once you create an account email wiki@newae.com so we can activate it and know you aren’t a spam bot.

FAQ

Q: Can I enter work I did previously?

A: We don’t have a limit on when the work occurred, so if you have some old work using ChipWhisperer now is the time to finish documenting it and submit to the contest!

 

Q: For the “early bird prize”, do I need working demos or am I submitting an idea?

A: The “early bird prize” will give preference to fully working submissions.

 

Q: Can I submit an updated project from the early bird prize to the full entry?

A: YES! That is the idea of the early bird prize – you might have some partial results already.

 

Q: Can I submit something different to the early bird prize and the full entry?

A: YES! You can use the early bird prize to get hardware which you then use in a full submission.

 

Who Can Enter?

The ChipWhisperer Hardware Hacking Contest (the “Contest”) is open to legal residents of the fifty (50) United States and the District of Columbia, Canada (excluding Quebec), the United Kingdom, Australia, New Zealand, Germany, France, the Netherlands, Japan, India, South Africa, and wherever else the Contest is not prohibited or restricted by law. The Contest is not open to residents of Quebec, Cuba, Iran, North Korea, Sudan, Syria, or any jurisdiction where the Contest would be restricted or prohibited by law including all countries sanctioned by the Government of Canada. Participants must be at least 18 years of age (or the local age of majority where they live, if higher) at the time of entry.

Full contest rules will be available at time of submission.

ChipSHOUTER Pre-Order Starts, CW-Lite Arm Available, Catch us at Black HAT, DEF CON, CyberAuto!

It’s happening! ChipSHOUTER is being released to production, which means we are pre-ordering to get people in line for shipments. The kit comes not only with our ChipSHOUTER, but with the Ballistic Gel EMFI target, a simple EMFI target, and adapters for connecting to ChipWhisperer + other lab gear:


You can see all the details on the pre-order page on the webstore. For all the technical details, you’ll want to check out the user manual, or see the GITHub repo including the Ballistic Gel + Simple EMFI target design. Now as a special pre-order deal, if you pre-order we have a limited edition “remote trigger” switch that will get shipped to you:

Pre-orders will ship before final release of Oct/2018 – initial shipments are expected next week, but there will be a delay due to Black Hat + DEF CON.

Catch us at Black Hat, DEF CON, and More

Heading to Black Hat? DEF CON? Colin will be running his training course (still some last-second room), plus will be talking about our new open-source ChipWhisperer-Lint tool. In addition there is an arsenal talk/demo of the latest ChipWhisperer platform. Stop by to say hello – we’ll be trying to throw a few ChipWhisperer-Lite’s into the crowd too if you attend!

While we don’t have any “official business” at DEF CON, Colin will be around. Catch him on twitter to say hello! We’re going to try and organize an impromptu ChipWhisperer meet-up, check @newaetech on Twitter for details of that when it’s posted.

And if you’re heading to Cyber Auto next week, Colin will be teaching some students about power analysis & fault injection that they might have a chance to use on real systems. Later on we’ll be at the CHES conference too!

Finally we’ll be at CHES again this year – we’ll have ChipSHOUTER setup along with the rest of our embedded tools. We’ll have our decks of cards to give out and lots of new demos, so be sure to stop by and say hello!

Upcoming Trainings

We’ve got some more trainings coming up – full details will be in the next newsletter, but check HardwareSecurity.training for details. Our next date will be in Redwood City, CA on November 26-29, 2018. Talks and guest trainings are still to be announced.

New ChipWhisperer-Lite 32-bit takes aim at evaluation security of cryptographic libraries and security mechanism for IoT applications.

Halifax, Canada: NewAE Technology Inc. is proud to introduce the newest hardware version of their revolutionary open-source platform for performing advanced hardware security attacks such as power analysis and fault injection attacks, the “ChipWhisperer-Lite 32-Bit”. This uses an Arm®-based evaluation target, onto which a variety of cryptographic code and security algorithms can be loaded. The ChipWhisperer-Lite allows engineers to evaluate the security of the target code against advanced attacks such as side-channel power analysis and fault injection attacks.

“The evolution of our example board to include an Arm®-based 32-bit target is a long-standing customer request”, explains Dr. Colin O’Flynn, C.T.O. of NewAE Technology Inc, “and is a testament to the expanding popularity of Arm® devices in IoT products which remain cost-sensitive but often need to have higher security level due to their interconnected capabilities”.

The ChipWhisperer® project contains a variety of open-source tools, designed to help engineers evaluate device and code security against advanced attacks that can break typical cryptographic implementations. By providing engineers with a complete toolchain include software, hardware, and documentation, NewAE Technology Inc. is help engineers make smart security decisions so they understand how these advanced attacks function. By understanding the attacks, products can be designed to resist them or reduce the impact when broken.

“Side channel power analysis and fault injection attacks were first publicly disclosed over 18 years ago, but the lack of easily accessible evaluation tools means products released today often remain trivially vulnerable to these attacks”, continues Dr. O’Flynn. The ChipWhisperer series of tools includes a variety of hardware and software, much of it open-source to allow further extensions by customers and users.

The ChipWhisperer-Lite line represents the current lowest-cost evaluation platform for these attacks. It integrates the power measurement functionality (meaning no oscilloscope is required), using NewAE Technology Inc’s synchronous sampling technology. The same board hosts a STM32F3 (Arm® Cortex®-M4 based) device which code such an AES bootloader or Arm® Mbed™ TLS Stack can be loaded on. The ChipWhisperer-Lite 32-bit allows evaluation of this code, with various examples and tutorials posted online at http://www.ChipWhisperer.com .

In addition to power analysis, the ChipWhisperer-Lite can also perform fault injection using clock and voltage glitching. These attacks allow corrupting of internal memory, registers, or device states. By performing evaluation of the code against these attacks, the designers can build better defenses into their devices.

The ChipWhisperer-Lite 32-bit is available now for $250 US from NewAE Technology’s worldwide distributor Mouser Electronics, along with NewAE Technology’s online store. The product number is “NAE-CWLITE-ARM”.

 

Arm®, Cortex® and MBED® are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

ChipWhisperer® is a registered trademark of NewAE Technology Inc in the US and/or elsewhere.

Mouser Electronics Signs Global Distribution Agreement with NewAE to Distribute ChipWhisperer Hardware Security

April 11, 2018 – Mouser Electronics, Inc., the authorized global distributor with the newest semiconductors and electronic components, today announced a global distribution agreement with NewAE Technology Inc., a company dedicated to providing low-cost, open source tools for performing side-channel power analysis and fault glitching. The NewAE product line available from Mouser Electronics centers around the ChipWhisperer toolchain, which combines open source hardware, software, training, and documentation for embedded hardware securityresearch. The ChipWhisperer system consists of capture boards, target boards, and software to perform attacks and analysis.

“Hardware security is one of the most important challenges for today’s design engineers, and NewAE’s ChipWhisperer products provide our customers with tools to integrate security into their designs,” said Andy Kerr, Vice President, Supplier Management, Products at Mouser Electronics. “This partnership brings NewAE’s products to customers around the world, allowing them to take advantage of these innovative solutions.”

“Mouser’s robust global distribution and support network will enable us to reach our goal of making our hardware security solutions widely available to the industry, academia, and others focused on hardware security,” said Colin O’Flynn, CEO at NewAE Technology. “We are excited to be joining forces to deliver our ChipWhisperer product lines to new customers around the world.”

ChipWhisperer starter kits provide all the equipment necessary, including capture and target boards, to conduct side-channel power analysis and fault injection attacks. The ChipWhisperer-Lite Level 1 Starter Kitallows engineers to perform attacks on a variety of included targets, such as an 8-bit microcontroller and 32-bit microcontroller, while the ChipWhisperer-Lite Level 2 Starter Kit enables attacks on external targets. The ChipWhisperer-Pro Level 3 Starter Kit, suitable for laboratory use, features a 98 Ksample buffer, a streaming mode for almost unlimited capture, and a pattern-based I/O trigger.

The ChipWhisperer-Lite capture boards offers a low-cost solution for embedded hardware security research, delivering NewAE’s established analog front-end and FPGA design in a small form factor. The ChipWhisperer-Lite is available as a single board or in a two-part version with SMA connectors that enable easy connection to other boards.

NewAE’s UFO Target Boards are designed to mount onto the UFO Baseboard for use with either the ChipWhisperer Pro or the ChipWhisperer-Lite Capture Tools. Target boards include versions that enable embedded security analysis on the Xilinx Spartan XC6SLX9 FPGA, STMicroelectronics STM32F series of Arm®Cortex® microcontrollers, NXP MPC5748G 32-bit microcontroller, Intel® D2000 Quark™ Microcontroller, and Intel 87C51 microcontroller. NewAE’s wide range of embedded hardware security systems are supported by accessories including the CANoodler CAN interface, CW506 advanced breakout board, and a probe set with power supply.

To learn more, visit www.mouser.com/newae-technology.

 

With its broad product line and unsurpassed customer service, Mouser strives to empower innovation among design engineers and buyers by delivering advanced technologies. Mouser stocks the world’s widest selection of the latest semiconductors and electronic components for the newest design projects. Mouser Electronics’ website is continually updated and offers advanced search methods to help customers quickly locate inventory. Mouser.com also houses data sheets, supplier-specific reference designs, application notes, technical design information, and engineering tools.

About Mouser
Mouser Electronics, a Berkshire Hathaway company, is an award-winning, authorized semiconductor and electronic component distributor focused on rapid New Product Introductions from its manufacturing partners for electronic design engineers and buyers. The global distributor’s website, Mouser.com, is available in multiple languages and currencies and features more than 5 million products from over 700 manufacturers. Mouser offers 22 support locations around the world to provide best-in-class customer service and ships globally to over 600,000 customers in 170 countries from its 750,000 sq. ft. state-of-the-art facility south of Dallas, Texas. For more information, visit www.mouser.com.

About NewAE Technology
NewAE Technology Inc. is a Canadian company that is revolutionizing the hardware security market, by making every engineer and designer aware of side-channel power analysis and clock glitching as important attack vectors. NewAE Technology Inc. is dedicated to providing tools for performing embedded hardware security research and making those tools widely available by not only reducing the cost, but by keeping the designs open. NewAE Technology Inc. hopes to fundamentally change the ecosystem of embedded development by making all engineers aware of both the theoretical and practical issues of side-channel power analysis and fault glitching.

Trademarks
Mouser and Mouser Electronics are registered trademarks of Mouser Electronics, Inc. All other products, logos, and company names mentioned herein may be trademarks of their respective owners.

 

 

Further information, contact:
Kevin Hess, Mouser Electronics
Senior Vice President of Marketing
(817) 804-3833
Kevin.Hess@mouser.com
For press inquiries, contact:
Kelly DeGarmo, Mouser Electronics
Manager, Corporate Communications and Media Relations
(817) 804-7764
Kelly.DeGarmo@mouser.com

March Newsletter: Mouser, US Training, ChipSHOUTER Pricing Information

Welcome to NewAE news – our most annoucement packed edition yet. First off, we want to say thanks to everyone who visited us at Embedded World! We had a great time meeting people, and lots of engineers seemed to be rethinking their life after discovering how easily embedded hardware crypto can be broken. Hopefully people caught our “Canadian-themed” outfits, but otherwise I’m sure there were questions about the lumberjack apparel:

Also thank you for taking our candy. If you missed it on Twitter we shipped about 10x more than needed, and suddenly had only a few hours to get rid of 9kg of maple candy. Luckily the kind people of Embedded World could be convinced we didn’t want them to feign interest in our products, and we just wanted them to take the candy so we didn’t have to lug it home.

Anyway, on with the serious news.

Buy Through Mouser

For years now our (very) kind customers have put up with our Canadian shipping rates, and our inability to precharge VAT or duties. We are very happy to announce we now have an alternative, that will mean cheap (and often free) shipping, plus prepaid duty and taxes to almost any country in the world.

Our products are now listed on Mouser – check out our NewAE Tech page. Or just search ChipWhisperer on Mouser! Not only does this make life easier for you, we are now offering more target devices than we’ve sold in the past. For example check out the MPC5748G target with a triple-core PowerPC, or the STM32F215 target with hardware AES peripherals, or the STM32F415 version also with hardware AES.

We’ll be announcing a number of other new targets shortly – these will be sold exclusively through Mouser. We’ve got builds for the SAM4L and ESP32 target done now, so will finish documenting these and they should be available shortly. Keep your eyes out for those in our newsletter (or just wait for the listing on Mouser!).

Our webstore & current sales channel will still exist, but we can’t compete with the great shipping rates and no surprise fees on delivery like Mouser can offer.

As a bonus – we now have PDF datasheets. We added those so you can find production information quickly, rather than the sometimes more confusing wiki pages. Right now they are linked through Mouser, but we’ll be adding them to our own webstore & website.

US Trainings

For the first time ever, we’re running an advanced 4-day training on April 23-26th in Maryland. This training is split into two 2-day classes: one class focuses on side-channel power analysis, the other on fault injection. This training uses more advanced targets as we use a base-board to switch between 8-bit and 32-bit devices throughout the class, and this gives us time to dive deeper into areas we don’t cover in the normal class. For example the side channel analysis also covers hardware crypto, and with fault attacks we also fault reads of configuration FLASH (not just SRAM or register variables). It does still cover the introductory material so you don’t need to have taken our previous courses to participate.

It’s run as part of the HardwareSecurity.Training event where you’ll get to see great speakers during lunch, and hang out with all the attendees, speakers, and trainers (Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Robert Leale). You can register using the previous links – be sure to select to register for both courses if you want the full four-day experience. Use offer code ‘newaenews‘ to save 10%, on top of the cheaper rates available until March 26th! Be sure to register for the two courses together for the full experience!

What about other training events? We’ve got our 2-day training running at Black Hat, which is also updated to use the ChipWhisperer-Lite Arm edition. This means all the attacks will be against an Arm processor device instead of the XMEGA we were previously using. You can sign up for August 4-5 (Sat/Sun) or 6-7 (Mon/Tues).

ChipSHOUTER Pricing & Pre-Ordering

You could have seen the ChipSHOUTER at Embedded World, and for people there we had (unofficial) pricing. We’re now publicly releasing this information, along with some more details (you can see a photo of the ChipSHOUTER down below too on the XY table). We also posted an engineering preview video a few weeks ago too with some more details.

The ChipSHOUTER will be our first EM fault injection tool. It features a small enclosure that packs inside a rapid charge circuit with programmable voltage from 150-500VDC, capacitor bank, and trigger circuit to dump the capacitor into a coil. This voltage is completely programmable via a simple serial command line, the choice of a serial interface makes it easier to use the tool stand-alone with other test equipment. The built-in trigger can generate complex waveforms, for example here we programmed a specific pattern of on/off to follow with two narrower pulses followed by a longer pulse:

Besides the built-in trigger circuit, it also features a hardware trigger input that is internally connected to the electronic switch. This means consistent delay between trigger & fault, allowing you to do clock-synchronous injection with reduced jitter. With any of these triggers you can monitor results on the 20:1 scope probe connector, which lets you see the actual voltage at the output without putting your scope probes anywhere near the danger zone.

The ChipSHOUTER will also come with two target boards. The first is a simple EM fault injection target, which you can use to confirm everything is working as intended. It simply performs a basic loop, and blinks an LED when everything is working A-OK. When things go wrong (due to your EM fault injection) it blinks a different LED. Here’s what the aptly named “EM Injection Simple Target” looks like (not all our names are silly puns OK):

The other target will be an advanced calibration target called Ballistic Gel. It will be an open-source EMFI calibration target, using a large commercial SRAM chip. This allows you to actually figure out the sort of area your fault injection has covered on the chip surface. Here’s what Ballistic Gel looks like, with the target SRAM on the left (and a big cut-out so you can try top-side or bottom-side as you fancy):

We designed this target to help you understand what different probe tips and voltage settings have on the target. It also allows you to compare different EMFI tools, which is why we wanted to release Ballistic Gel as a stand-alone open source project. We haven’t posted it yet, so will have more details with the official release.

So how much will it cost? ChipSHOUTER will initially sell in a kit with all of the above and more (ChipSHOUTER, Ballistic Gel, Simple Target, various probe tips, two BNC oscilloscope adapter cables, a separate pulse calibration board, and a few other odds and ends) for $2800 USD. A complete datasheet will be available shortly, and we’ll be releasing the design to production shortly meaning final products should be shipping end of April or May (more updates on that one production starts).

One of the other things we featured at Embedded World was an early prototype of our XY table, called the ChipSHOVER. This table features 1um step resolution (and it will get better once we enable microstepping). The ChipSHOUTER kit will interface to this table directly, and we also plan on selling a manual (lower-cost) XY table as well. But the “cheap solution” will always be a 3D printer gantry, which won’t have as fine resolution but will have an unbeatable price.

And what about this switch we had a few questions about? The totally unnecessary remote trigger wasn’t a planned item. It was something fun we made for the tradeshow:

For now we decided to build a few for people that preorder the ChipSHOUTER. So if you’re interested please fill out this form as we haven’t yet posted it in our webstore. Not only do you get a reserved spot in line for ChipSHOUTER, you’ll also get the limited edition totally unnecessary remote trigger switch!

February Newsletter: Embedded World, European Training, ChipSHOUTER Updates

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

NewAE News: Valentines Sale, Embedded World, European Training, ChipSHOUTER Updates

We might as well call this the Non-Linear Newsletter based on our update history. Once again we’ve got too many updates for one newsletter, but we kept wanting to sneak one more thing in. So far we’re announcing our annual valentine’s day sale ([Chip]Whisper[er] sweet nothings to your love), we’ll be at Embedded World in a few weeks, a European Training at the end of March, another US training in April, Black Hat USA trainings, and more information on the ChipSHOUTER. And bonus: a new ChipWhisperer-Lite variant, updates to our Wiki including community accounts, and updated packaging. Grab a coffee and let’s get to it.

[Chip]Whisper[er] Sweet Nothings and save 10%

With valentines day coming up, we thought you might enjoy the chance to whisperer sweet nothings to your true love. Until Feb 14th you can save 10% with promotional code CHIPLOVER on our webstore at https://store.newae.com .

Visit us at Embedded World

Embedded World is Feb 27 to March 1st in Nürnberg, Germany. And we’ll be there at a booth in Hall 4A (booth 4A-513) in the “Safety & Security” zone. We’ll have on show our ChipSHOUTER (along with a brand new XY table), an automotive demo, the regular ChipWhisperer gear, and decks of cards plus maple candies for you to enjoy.

If you’d like to attend, register at https://www.embedded-world.de/en/visitors/tickets/voucher using E-Code B387489 for free admission! If you register ahead of time you should be able to skip the registration queue at the event.

European Training – March 21st, 22nd

Have you wanted in-person training in Europe on embedded security attacks? We’re now offering a training in Europe alongside some other great hardware hackers. You can see all the details at https://securitytraining.berlin/trainings/ . It’s our 2-day course using the ChipWhisperer, and it includes a take-home ChipWhisperer-Lite that you can perform real attacks with.

The event itself has daily lunchtime speakers giving about 1-hour talks. This way you get the chance to hear about all sorts of interesting topics. These talks are only open to students in one of the trainings, so it’s a small event where you get to hang out and have fun with hardware hackers from all over.

If you’re interested please register soon to avoid being dissapointed! We only have limited room, and if you’d like other payment methods please contact us via sales@newae.com .

4-Day ChipWhisperer Training in Maryland – April 23-26th

If you’ve been on our 2 day training, you know we manage to cover a lot of ground, but sometimes there just isn’t enough time to dive deep. We’re going to be offering a 4-day training course (split up as two 2-day training courses) that dives deepering into both power analysis and fault injection attacks.

This course will use a UFO target board to let us switch targets so we can do things like attack hardware crypto, compare 8-bit and 32-bit implementations, and look at different methods of bypassing security lock bits. You can register for either the fault injection or side-channel power analysis portion, but of course we encourage you to sign up for both at a discount! Check out the HardwareSecurity.Training site to see both of these offerings.

Like the European training event there will be lunchtime talks open to only students of one of the training courses. There’s other great courses by Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Robert Leale. So you’ll get the chance to learn via hands-on labs, hear interesting talks, and relax at the social events with the rest of the trainers and students.

Again If you’re interested please register soon to avoid being dissapointed! We only have limited room, and if you’d like other payment methods please contact us via sales@newae.com .

Black Hat USA Trainings 2018

Europe isn’t the only 2-day training event. Our 2-day course is running at Black Hat USA 2018 again this year (see signup page) and again includes a ChipWhisperer-Lite. We’ve sold out last year so again encourage you to sign up early to ensure you get space reserved!

We’ve also partnered to help deliver a course loosely focused as “hardware security attacks for managers”. This course will cover all sorts of hardware attacks (well beyond power analysis & fault injection), with the objective of providing a solid foundation to understand why these threats matter. It’s also a great course to help someone understand why they should let you spend 4 months exploring advanced hardware attacks. Check out the course description on Black Hat USA 2018.

ChipSHOUTER Lives

ChipSHOUTER – our EM fault injection tool. We haven’t forgotten about it despite slow updates, instead we’ve just been working on making it even better. There is a short video of the base device on YouTube, check out the link below for more information:
ChipSHOUTER will now have only one hardware variant – we previously said there might be a high & low end version of the main tool, but instead we decided to make the better specs available for all. We’ll be offering the tool in some different kits with accessories you’ll find very useful – the hold up has been getting all these accessories properly priced and prepared. They aren’t in the above video but you’ll be able to see them shortly once we have the kits and pricing sorted out.

ChipWhisperer-Lite Arm

The ChipWhisperer-Lite, our low-cost tool, has the Atmel XMEGA target. We’ve since introduced the STM32F3 as the default target for the UFO board, so have decided to make a ChipWhisperer-Lite variant with that same Arm processor.

This means you’ll be able to get the convience of a single-board solution (for training or education), but with a 32-bit Arm processor attached. The Arm target means you can work with T-Table implementations of AES, perform fault injection attacks that dump the entire memory space, and compile libraries such as mbedTLS. ChipWhisperer-Lite Arm is in production now & will be available in the next month (assuming no production delays). Here’s a shot of the target alone:

Note this won’t be available in the 2-part version, instead we’re going to be moving towards using the UFO boards to support a wide range of target devices.

Edit the ChipWhisperer Wiki and Submit Problems

Have you found problems on our wiki (at https://wiki.newae.com)? I can’t imagine. But we’d love to fix them, and now have two ways to flag errors. The first is we have a github repo that mirros the wiki – see it at https://github.com/newaetech/wiki.newae.com . You can flag issues on that page and it’s easy for anyone else to see them. You can also see recent changes in GIThub style. While it could theoretically accept pull requests the editing process is a little annoying, so that brings us to #2.

The second is we’re going to be opening up editing accounts. For now we’re going to be manually creating accounts, so fill in Form 28-A/003 and we will process it in the next 2-60 business days during office hours of 09:01-09:12, and 14:20-14:30 (except for alternate Fridays).

More Updates Still

If somehow you are still reading this – thanks for sticking around! We’ll likely spit out a second newsletter in the near future (what did I say about non-linear newsletters?) because there is still things that didn’t fit in here. As a bonus here’s a sneak peak of some fun new packaging you’ll be seeing around with orders – a smaller printed box for UFO targets, and the large orange/black box for Level 1/2/3 starter kits.


This sneak peak is also part of bigger things to come – so stay tuned, and hopefully see you at Embedded World!

July Newsletter: New Tutorials, New Features, Updated UFO Boards, More ARM

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Welcome to NewAE News – July edition. Unlike most of our previous newsletters we have nothing new to sell you, but lots of new stuff to show off.

New Tutorials – RSA & ARM-Based AES

The most interesting news is there are two new tutorials you can perform! The first one is breaking RSA, or more accurately breaking part of RSA, as the entire algorithm is too slow to run on our XMEGA device. But it’s using a real RSA implementation as a base.

You can check out that tutorial as number B11 on the wiki. As a bonus you can also download a few traces we recorded at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/B11/example_traces in case you want to play through without hardware.

We’ve also added a tutorial breaking an implementation of AES, as commonly performed on 32-bit devices, where you use a special T-Table to speed up the algorithm. That is tutorial A8 on the wiki. Performing this tutorial requires an ARM device (such as our STM32Fx targets), but again we’ve posted some traces at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/A8/example_traces .

As you might have guessed we’re going to be working towards making a larger repository of example traces available, to make it even easier to work through all the tutorials even if you don’t have the required hardware.

New Features

We’ve also released a new version of ChipWhisperer, 3.5.3. Besides the usual small updates, this one also sees a new FPGA bitstream for both the Lite and Pro. This adds a “Trigger Length” feature that can report back how long the trigger was active for, handy for figuring out how long of a capture you need:

This version also finally adds a Windows installer, which installs Python (with all required modules), ChipWhisperer, and an update method based on getting the latest from GIT.

UFO Board Updates

All UFO boards being shipped now have a small update – a reset button! This grounds the nRST net on the UFO board, which can be handy when working through tutorials that require you to reset the device frequently:

More ARM

We’ve also updated all of our starter kits to now include an ARM target. We’ll now be shipping all kits (UFO, Level 1 & 2 Starter Kits, ChipWhisperer Pro) with the XMEGA Target + a STM32F target. We were using STM32F0 initially, but have been able to successful port everything to the STM32F3 which includes a whopping 40K of SRAM, so you can run even more advanced algorithms on this device.

The trust ATMega328P will still be available as an add-on, but based on your feedback we’ve decided to also include an ARM target. Now all of your starter kits will include both an 8-bit and a 32-bit target!

Black Hat, Trainings, CHES, and More!

This is a short newsletter as Colin is busy preparing for Black Hat. If you’ll be around Colin will be there until Thursday evening (27th), so send him a tweet (@colinoflynn) or email us to try and meet up! He’ll be giving a talk on Wednesday morning (10:30am) and showing the ChipWhisperer off at Arsenal on Thursday at 2:30pm.

If you’ll be at DEFCON, the Hacker Warehouse booth will be stocking the ChipWhisperer-Lite too! So you can grab one in person.

We’ll also be at CHES in September, and will have more details of what new hardware we’re showing off in the next newsletter. There should be some fun new tools to explore even more aspects of hardware security.

If you missed the announcement from the last newsletter, we’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Michael Ossmann. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL.

June Newsletter: Targets, Training, Order Pickup at RECON, Fun Videos

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Welcome to NewAE News – June edition. We’re following up with another quick update here, as we have lots of news (and a few time-sensitive pieces) to share.

Targets

To follow up with our previous newsletter, the STM32F1, STM32F3, and STM32F4 targets are now available. The largest STM32F4 target has a whopping 1MByte FLASH and 192KByte SRAM. We’re also adding support to program them via ChipWhisperer – you’ll find this option already in the “develop” branch as a new menu option, but if you’re not in a rush wait for the next software release. For now we recommend using an external programmer.

Trainings

We’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, and Joe Grand. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL. This training will have limited seating (we’ve only confirmed a room with 10, but are hopefully able to offer up to around 20 seats).

Talks

Are you headed to RECON in Montreal next week? Colin will be headed there to discuss his previous work on hacking smart light bulbs. In addition to his normal hardware demos, we’re offering the chance to pickup any orders placed until June 14th for free at RECON. If you’d like to take advantage of this please email sales@newae.com, as we need to ensure we’ve got your item in stock. We’ll provide you with a special code to remove the shipping cost on our webstore.

After that Colin is headed to ESCAR  on June 21-22nd to provide some demos of hacking automotive systems using ChipWhisperer. These demos will use on our new MPC5748G Target Board, as Colin can demonstrate attacks using CAN communications along with other special features of these devices. Slides for both the RECON and ESCAR talk will be posted afterwards if you can’t make them in person!

And talking about fun demos – don’t miss this walk-through of breaking AES as part of the Riscure CTF challenge that LiveOverflow posted recently on YouTube:

Tutorials

We’ve added another new tutorial recently too – this one looks at the ChipWhisperer-Pro’s features. You can see the Stream Mode & SAD Triggering Tutorial on our wiki.

That’s all for now – thanks for sticking around!