0

Recovering the AES key on a Cortex-M3 processor with emusca, using @Unicorn_Engine and Daredevil, by @jevinskie

Cortex-M3 implementation of AES and then used Daredevil to successfully recover the key

Unicorn Engine is a powerful, lightweight multi-platform, multi-architecture CPU emulator framework. It simulates multiple architectures including Arm, Arm64 (Armv8), M68K, Mips, Sparc, & X86 (include X86_64). It’s under a GPLv2 free software license for Windows * *nix (inc. Mac). So, what can be done with this powerful tool?

Twitter/GitHub user @jevinskie has developed emusca – a power trace simulator using Unicorn Engine for side channel analysis attack testing.

This project uses Unicorn to emulate a binary. Every instruction is traced and the hamming distance between every register before and after the instruction is calculated and stored. The target binary is run over many input ciphertexts (or plaintexts) to generate simulated power traces (simply the hamming distance for now) and Daredevil input, output, trace, and config file are generated. Marker functions consisting of NOPs are added to the target binary and the instruction hook records when they are hit. This is to facilitate finding the boundaries of the rounds of AES. deco is used for easy multiprocessing to speed up trace generation.

This allows @jevinskie to simulate power traces of a Cortex-M3 implementation of AES and then used Daredevil to successfully recover the key!

In the plot above is an AES S-Box based implementation simulated power trace. The different colored plots are the same trace smoothed at different levels. The nine humps are the inner full rounds of AES.

An AES T-Table based implementation simulated power trace below. The plateau on the right hand side are the rounds of AES. They are more difficult to distinguish compared to the S-Box trace since they take approximately 10 times fewer instructions per round.

emusca is written in Python under a zlib permissive license, see the source in GitHub.

If you are interested in Daredevil, the tool to perform (higher-order) correlation power analysis attacks (CPA), you can find it here on GitHub under a GPLv3.0 license by SideChannelMarvels.

Tools such as these open up a great number of testing avenues for processors using software-based methods. They won’t replace a ChipWhisperer, but still…


Please vote for Limor Fried (Ladyada) for Red Hat’s Women in Open Source Award
Our Ladyada (Limor Fried) was nominated for Red Hat’s Women in Open Source Award! Please vote for her! Visit: https://www.redhat.com/en/about/women-in-open-source

Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, or even use Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for MakeCode, CircuitPython, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 10,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython 2019!

Have an amazing project to share? Join the SHOW-AND-TELL every Wednesday night at 7:30pm ET on Google+ Hangouts.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — The strange world of low-margin online returns

Wearables — Liquid magic

Electronics — Diamonds may be forever… but components? Not so much.

Biohacking — Raspberry Pi Health Dashboard

Python for Microcontrollers — Python on hardware, a portal to a world of fun! #Python #Adafruit #CircuitPython @circuitpython @micropython @ThePSF @Adafruit

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.

Sorry, the comment form is closed at this time.