March Newsletter: Mouser, US Training, ChipSHOUTER Pricing Information

Home > Archive by category "Newsletter"

March Newsletter: Mouser, US Training, ChipSHOUTER Pricing Information

Welcome to NewAE news – our most annoucement packed edition yet. First off, we want to say thanks to everyone who visited us at Embedded World! We had a great time meeting people, and lots of engineers seemed to be rethinking their life after discovering how easily embedded hardware crypto can be broken. Hopefully people caught our “Canadian-themed” outfits, but otherwise I’m sure there were questions about the lumberjack apparel:

Also thank you for taking our candy. If you missed it on Twitter we shipped about 10x more than needed, and suddenly had only a few hours to get rid of 9kg of maple candy. Luckily the kind people of Embedded World could be convinced we didn’t want them to feign interest in our products, and we just wanted them to take the candy so we didn’t have to lug it home.

Anyway, on with the serious news.

Buy Through Mouser

For years now our (very) kind customers have put up with our Canadian shipping rates, and our inability to precharge VAT or duties. We are very happy to announce we now have an alternative, that will mean cheap (and often free) shipping, plus prepaid duty and taxes to almost any country in the world.

Our products are now listed on Mouser – check out our NewAE Tech page. Or just search ChipWhisperer on Mouser! Not only does this make life easier for you, we are now offering more target devices than we’ve sold in the past. For example check out the MPC5748G target with a triple-core PowerPC, or the STM32F215 target with hardware AES peripherals, or the STM32F415 version also with hardware AES.

We’ll be announcing a number of other new targets shortly – these will be sold exclusively through Mouser. We’ve got builds for the SAM4L and ESP32 target done now, so will finish documenting these and they should be available shortly. Keep your eyes out for those in our newsletter (or just wait for the listing on Mouser!).

Our webstore & current sales channel will still exist, but we can’t compete with the great shipping rates and no surprise fees on delivery like Mouser can offer.

As a bonus – we now have PDF datasheets. We added those so you can find production information quickly, rather than the sometimes more confusing wiki pages. Right now they are linked through Mouser, but we’ll be adding them to our own webstore & website.

US Trainings

For the first time ever, we’re running an advanced 4-day training on April 23-26th in Maryland. This training is split into two 2-day classes: one class focuses on side-channel power analysis, the other on fault injection. This training uses more advanced targets as we use a base-board to switch between 8-bit and 32-bit devices throughout the class, and this gives us time to dive deeper into areas we don’t cover in the normal class. For example the side channel analysis also covers hardware crypto, and with fault attacks we also fault reads of configuration FLASH (not just SRAM or register variables). It does still cover the introductory material so you don’t need to have taken our previous courses to participate.

It’s run as part of the HardwareSecurity.Training event where you’ll get to see great speakers during lunch, and hang out with all the attendees, speakers, and trainers (Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Robert Leale). You can register using the previous links – be sure to select to register for both courses if you want the full four-day experience. Use offer code ‘newaenews‘ to save 10%, on top of the cheaper rates available until March 26th! Be sure to register for the two courses together for the full experience!

What about other training events? We’ve got our 2-day training running at Black Hat, which is also updated to use the ChipWhisperer-Lite Arm edition. This means all the attacks will be against an Arm processor device instead of the XMEGA we were previously using. You can sign up for August 4-5 (Sat/Sun) or 6-7 (Mon/Tues).

ChipSHOUTER Pricing & Pre-Ordering

You could have seen the ChipSHOUTER at Embedded World, and for people there we had (unofficial) pricing. We’re now publicly releasing this information, along with some more details (you can see a photo of the ChipSHOUTER down below too on the XY table). We also posted an engineering preview video a few weeks ago too with some more details.

The ChipSHOUTER will be our first EM fault injection tool. It features a small enclosure that packs inside a rapid charge circuit with programmable voltage from 150-500VDC, capacitor bank, and trigger circuit to dump the capacitor into a coil. This voltage is completely programmable via a simple serial command line, the choice of a serial interface makes it easier to use the tool stand-alone with other test equipment. The built-in trigger can generate complex waveforms, for example here we programmed a specific pattern of on/off to follow with two narrower pulses followed by a longer pulse:

Besides the built-in trigger circuit, it also features a hardware trigger input that is internally connected to the electronic switch. This means consistent delay between trigger & fault, allowing you to do clock-synchronous injection with reduced jitter. With any of these triggers you can monitor results on the 20:1 scope probe connector, which lets you see the actual voltage at the output without putting your scope probes anywhere near the danger zone.

The ChipSHOUTER will also come with two target boards. The first is a simple EM fault injection target, which you can use to confirm everything is working as intended. It simply performs a basic loop, and blinks an LED when everything is working A-OK. When things go wrong (due to your EM fault injection) it blinks a different LED. Here’s what the aptly named “EM Injection Simple Target” looks like (not all our names are silly puns OK):

The other target will be an advanced calibration target called Ballistic Gel. It will be an open-source EMFI calibration target, using a large commercial SRAM chip. This allows you to actually figure out the sort of area your fault injection has covered on the chip surface. Here’s what Ballistic Gel looks like, with the target SRAM on the left (and a big cut-out so you can try top-side or bottom-side as you fancy):

We designed this target to help you understand what different probe tips and voltage settings have on the target. It also allows you to compare different EMFI tools, which is why we wanted to release Ballistic Gel as a stand-alone open source project. We haven’t posted it yet, so will have more details with the official release.

So how much will it cost? ChipSHOUTER will initially sell in a kit with all of the above and more (ChipSHOUTER, Ballistic Gel, Simple Target, various probe tips, two BNC oscilloscope adapter cables, a separate pulse calibration board, and a few other odds and ends) for $2800 USD. A complete datasheet will be available shortly, and we’ll be releasing the design to production shortly meaning final products should be shipping end of April or May (more updates on that one production starts).

One of the other things we featured at Embedded World was an early prototype of our XY table, called the ChipSHOVER. This table features 1um step resolution (and it will get better once we enable microstepping). The ChipSHOUTER kit will interface to this table directly, and we also plan on selling a manual (lower-cost) XY table as well. But the “cheap solution” will always be a 3D printer gantry, which won’t have as fine resolution but will have an unbeatable price.

And what about this switch we had a few questions about? The totally unnecessary remote trigger wasn’t a planned item. It was something fun we made for the tradeshow:

For now we decided to build a few for people that preorder the ChipSHOUTER. So if you’re interested please fill out this form as we haven’t yet posted it in our webstore. Not only do you get a reserved spot in line for ChipSHOUTER, you’ll also get the limited edition totally unnecessary remote trigger switch!

July Newsletter: New Tutorials, New Features, Updated UFO Boards, More ARM

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Welcome to NewAE News – July edition. Unlike most of our previous newsletters we have nothing new to sell you, but lots of new stuff to show off.

New Tutorials – RSA & ARM-Based AES

The most interesting news is there are two new tutorials you can perform! The first one is breaking RSA, or more accurately breaking part of RSA, as the entire algorithm is too slow to run on our XMEGA device. But it’s using a real RSA implementation as a base.

You can check out that tutorial as number B11 on the wiki. As a bonus you can also download a few traces we recorded at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/B11/example_traces in case you want to play through without hardware.

We’ve also added a tutorial breaking an implementation of AES, as commonly performed on 32-bit devices, where you use a special T-Table to speed up the algorithm. That is tutorial A8 on the wiki. Performing this tutorial requires an ARM device (such as our STM32Fx targets), but again we’ve posted some traces at https://github.com/newaetech/chipwhisperer-examples/tree/master/tutorials/A8/example_traces .

As you might have guessed we’re going to be working towards making a larger repository of example traces available, to make it even easier to work through all the tutorials even if you don’t have the required hardware.

New Features

We’ve also released a new version of ChipWhisperer, 3.5.3. Besides the usual small updates, this one also sees a new FPGA bitstream for both the Lite and Pro. This adds a “Trigger Length” feature that can report back how long the trigger was active for, handy for figuring out how long of a capture you need:

This version also finally adds a Windows installer, which installs Python (with all required modules), ChipWhisperer, and an update method based on getting the latest from GIT.

UFO Board Updates

All UFO boards being shipped now have a small update – a reset button! This grounds the nRST net on the UFO board, which can be handy when working through tutorials that require you to reset the device frequently:

More ARM

We’ve also updated all of our starter kits to now include an ARM target. We’ll now be shipping all kits (UFO, Level 1 & 2 Starter Kits, ChipWhisperer Pro) with the XMEGA Target + a STM32F target. We were using STM32F0 initially, but have been able to successful port everything to the STM32F3 which includes a whopping 40K of SRAM, so you can run even more advanced algorithms on this device.

The trust ATMega328P will still be available as an add-on, but based on your feedback we’ve decided to also include an ARM target. Now all of your starter kits will include both an 8-bit and a 32-bit target!

Black Hat, Trainings, CHES, and More!

This is a short newsletter as Colin is busy preparing for Black Hat. If you’ll be around Colin will be there until Thursday evening (27th), so send him a tweet (@colinoflynn) or email us to try and meet up! He’ll be giving a talk on Wednesday morning (10:30am) and showing the ChipWhisperer off at Arsenal on Thursday at 2:30pm.

If you’ll be at DEFCON, the Hacker Warehouse booth will be stocking the ChipWhisperer-Lite too! So you can grab one in person.

We’ll also be at CHES in September, and will have more details of what new hardware we’re showing off in the next newsletter. There should be some fun new tools to explore even more aspects of hardware security.

If you missed the announcement from the last newsletter, we’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, Joe Grand, and Michael Ossmann. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL.

June Newsletter: Targets, Training, Order Pickup at RECON, Fun Videos

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.


Welcome to NewAE News – June edition. We’re following up with another quick update here, as we have lots of news (and a few time-sensitive pieces) to share.

Targets

To follow up with our previous newsletter, the STM32F1, STM32F3, and STM32F4 targets are now available. The largest STM32F4 target has a whopping 1MByte FLASH and 192KByte SRAM. We’re also adding support to program them via ChipWhisperer – you’ll find this option already in the “develop” branch as a new menu option, but if you’re not in a rush wait for the next software release. For now we recommend using an external programmer.

Trainings

We’re also going to be running a training in San Francisco this November 6th & 7th. It’s being run alongside training courses by Dmitry Nedospasov, Joe Fitzpatrick, and Joe Grand. We’ll be running our 2-day training course (same one as at Black Hat USA). You can see details at https://hardwaresecurity.training/ , and contact us for more information (email sales@newae.com ) or buy a seat online at the previous URL. This training will have limited seating (we’ve only confirmed a room with 10, but are hopefully able to offer up to around 20 seats).

Talks

Are you headed to RECON in Montreal next week? Colin will be headed there to discuss his previous work on hacking smart light bulbs. In addition to his normal hardware demos, we’re offering the chance to pickup any orders placed until June 14th for free at RECON. If you’d like to take advantage of this please email sales@newae.com, as we need to ensure we’ve got your item in stock. We’ll provide you with a special code to remove the shipping cost on our webstore.

After that Colin is headed to ESCAR  on June 21-22nd to provide some demos of hacking automotive systems using ChipWhisperer. These demos will use on our new MPC5748G Target Board, as Colin can demonstrate attacks using CAN communications along with other special features of these devices. Slides for both the RECON and ESCAR talk will be posted afterwards if you can’t make them in person!

And talking about fun demos – don’t miss this walk-through of breaking AES as part of the Riscure CTF challenge that LiveOverflow posted recently on YouTube:

Tutorials

We’ve added another new tutorial recently too – this one looks at the ChipWhisperer-Pro’s features. You can see the Stream Mode & SAD Triggering Tutorial on our wiki.

That’s all for now – thanks for sticking around!

May Newsletter: ChipWhisperer 3.4.1 Released, ARM Targets available, IEEE S&P, BH Training Deadline

Read the latest newsletter over on our TinyLetter page. Be sure to subscribe to get these updates yourself.

 


A new ChipWhisperer release! This adds a lot of interest features we’ll mention quickly, including:

  • Quasi-automatic trace alignment.
  • Example firmware targets for STM32F0/F1/F2/F3/F4.
  • New SimpleSerial protocol (V1.1) with ACKs, simplifies usage with slow implementations.
  • Improved trace plotting allowing you to selectively include traces/waveforms.

 

Quasi-Automatic Trace Alignment

We’ve implemented a form of Dynamic Time Warping (DTW), which was suggested in the Elastic Alignment paper by J. van Woundenberg et al. The implementation is a little different to fit with our capture architecture, but accomplishes the goal of potentially aligning traces that have more than a simple physical shift (the following should be a small GIF showing you the usage):

STM32F Firmware Targets

Our previous newsletter mentioned the STM32F target board for the UFO. We’ve forged ahead and built examples of that for most of the STM32F series devices. You can see a full list of this on the wiki page. We’ll be commercially selling versions of that target too, for now we have the F0 available in the webstore along with the blank PCB.

To go along with this, we’ve released a new version of our SimpleSerial protocol. This protocol now has an ACK in it, which can help the ChipWhisperer know when it shouldn’t send something to a device that is busy processing the last command.

Improved Trace Plotting

For the longest time, you could only plot trace ranges. We now have a new trace plot widget that can plot arbitrary traces, and specify colours of them. For example here we are plotting trace #0-#5 in red with alpha of 0.3, #23 in green, and #35 in blue. This type of plotting is handy when you are looking at traces which might represent different code paths:

In the future we plan on improving this further to allow you to plot averages of groups, add offsets, etc. But for now you can specify both color codes & HTML colors (including transparency), which is very useful for seeing how often certain code paths are taken.

ARM Targets

As mentioned in the ChipWhisperer release notes, there is now a number of ARM targets for the UFO board. They all use the same STM32F PCB, so makes it very easy to target a bunch of different devices. We’ve got the blank PCB in the webstore along with limited quantities of the STM32F0 target board. The F1/F2/F3/F4 should be available shortly – we haven’t had time to run those boards through assembly yet. If you don’t want to solder let us know & we might be able to speed up a certain variant for you.

87C51 Targets

Do you like going old-school? Another new target is using the 8051 microcontroller. This target was a spin-off of a specific project so differs a little from our usual “cheap & basic” UFO target. But you may still find it interesting, and it comes preprogrammed with demos for AES, glitching, and TEA.

IEEE S&P and Other Conferences

Are you headed to IEEE S&P? Colin will be there in an academic capacity, but if you’re around please be sure to say hello! He’s easiest to track down on May 22nd at 1:45PM in Session #3, but will be around for the entire conference.

Colin will also be heading to RECON (Montreal in June) & ESCAR (Detroit in June). More details on those presentations will be coming.

BH Training Early Registration Deadline

Our training running at Black Hat USA 2017 has an early registration deadline of this Friday. One of the classes is almost sold out too, so if you want to ensure you make it in check the registration details soon. We’ll be (once again) updating our material this year to include some of the new features introduced in ChipWhisperer.

That’s all for now. Thanks again for listening to us blabbing on, hopefully you get a chance to try the new ChipWhisperer software, and look out for a few more new features in our next edition of NewAE News!