0

Recovering the AES key on a Cortex-M3 processor with emusca, using @Unicorn_Engine and Daredevil, by @jevinskie

Cortex-M3 implementation of AES and then used Daredevil to successfully recover the key

Unicorn Engine is a powerful, lightweight multi-platform, multi-architecture CPU emulator framework. It simulates multiple architectures including Arm, Arm64 (Armv8), M68K, Mips, Sparc, & X86 (include X86_64). It’s under a GPLv2 free software license for Windows * *nix (inc. Mac). So, what can be done with this powerful tool?

Twitter/GitHub user @jevinskie has developed emusca – a power trace simulator using Unicorn Engine for side channel analysis attack testing.

This project uses Unicorn to emulate a binary. Every instruction is traced and the hamming distance between every register before and after the instruction is calculated and stored. The target binary is run over many input ciphertexts (or plaintexts) to generate simulated power traces (simply the hamming distance for now) and Daredevil input, output, trace, and config file are generated. Marker functions consisting of NOPs are added to the target binary and the instruction hook records when they are hit. This is to facilitate finding the boundaries of the rounds of AES. deco is used for easy multiprocessing to speed up trace generation.

This allows @jevinskie to simulate power traces of a Cortex-M3 implementation of AES and then used Daredevil to successfully recover the key!

In the plot above is an AES S-Box based implementation simulated power trace. The different colored plots are the same trace smoothed at different levels. The nine humps are the inner full rounds of AES.

An AES T-Table based implementation simulated power trace below. The plateau on the right hand side are the rounds of AES. They are more difficult to distinguish compared to the S-Box trace since they take approximately 10 times fewer instructions per round.

emusca is written in Python under a zlib permissive license, see the source in GitHub.

If you are interested in Daredevil, the tool to perform (higher-order) correlation power analysis attacks (CPA), you can find it here on GitHub under a GPLv3.0 license by SideChannelMarvels.

Tools such as these open up a great number of testing avenues for processors using software-based methods. They won’t replace a ChipWhisperer, but still…


Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 14,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython 2019!

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — Facebook struggling to break into hardware

Wearables — Lacy wires

Electronics — It sure is crowded in here.

Biohacking — Vitamin-C + Gelatin for Accelerated Recovery

Python for Microcontrollers — Happy Ada Lovelace Day, thank you Mitsuharu Aoyama and more! #Python #Adafruit #CircuitPython #PythonHardware @circuitpython @micropython @ThePSF @Adafruit

Adafruit IoT Monthly — The S in IoT is for Security, Amazon announces Sidewalk and more!

Microsoft MakeCode — Xenomorph candy bucket and spooky workshops with MakeCode!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.

Sorry, the comment form is closed at this time.