Welcome to another action-packed NewAE Newsletter! This one covers many long-long overdue items, including the public announcement of the ChipWhisperer Contest winners, the release of CW5, and much more!
ChipWhisperer Contest Winners
We had privately contacted our winners last year, but have been delayed in our public annouacement… so finally we give you the winners. The entries were all of high quality & it was a close race, but without further ado:
Grand Prize – @doegox – Tutorial: Recovering an AES key by Differential Fault Analysis attack
This project embraced the new Jupyter notebook methods, and built a high-quality tutorial demonstrating AES fault attacks on an XMEGA target (since extended to the STM32F3!). It takes you through each step of finding the glitch location, inserting the glitch, and more. You can see a render of the output which are now part of the ChipWhisperer docs!
Gold Prize – molecule – eMMC Trigger for ChipWhisperer
This submission built an eMMC trigger for ChipWhisperer. We didn’t know it when evaluating submissions, but this formed part of some hard-core work attacking the psVita. Check out not only the github repo here including the eMMC trigger, but the CCC Talk, and details in a paper here.
Gold Prize – Prestegaard – CW targets board & JLSCA integration
This submission built several new targets for the ChipWhisperer UFO and applied attacks on them. This included a STM32F7 and PSoC6 target. And if you want real documentation – how about the masters thesis describing this work?
In addition to the targets, Prestegaard connected ChipWhisperer to JLSCA which provides more analysis horsepower than built into ChipWhisperer! Check out the well-documented examples at https://github.com/prestegaard/jlsca-cw .
Thanks to all the hard work for the submissions & the new open-source tooling this is making available! We’re working on how to run the next version of the contest, but first we want to check we get results posted with less delay…
Our low-cost ChipWhisperer-Nano devices are now in stock at Mouser. Pick up your $50 SCA board & get started today (also available in classroom packs)! Works with the new ChipWhisperer 5 release.
New Targets: LPC55S69, SAML11, CEC1702, K82F
We have moved all of our CW308 target files (including source PCB files) to an open-source repo at https://github.com/newaetech/chipwhisperer-target-cw308t . This includes several new target boards you can find in-stock at Mouser Electronics. These new targets include:
- NXP LPC55S69 (Dual-Core M33, SRAM PUF, and ‘leakage-resistant’ AES mode)
- Microchip SAML11 (M23 core)
- Microchip CEC1702 (lots of hardware accelerators including asymmetric)
- NXP K82F (AES with hardware masking)
- Microchip SAM4L (AES core with hardware side-channel countermeasures you can turn on/off)
ChipWhisperer 5 Is Out! ChipWhisperer 5 is our newest release, which ditches the main GUI in favour of Jupyter-notebook based environments. This decision allowed us to move to Python 3 (the GUI needed a re-write for Python 3), along with finally having a true API & documentation. It also makes testing of tutorials easier, and opens up future capabilities for our tools. It’s a bit of a shift if you haven’t tried it yet, but once you see how easy Jupyter notebooks make experimenting we think you’ll embrace this.
Get the latest releases at: https://github.com/newaetech/chipwhisperer/releases
Check out the brand new documentation at http://chipwhisperer.readthedocs.io . The wiki will continue to be used for hardware documentation, but software documentation is now built from the main repo directly.
As part of the documentation you can see the output of the tutorials – see https://chipwhisperer.readthedocs.io/en/latest/tutorials.html for the examples. And that includes a few new tutorials such as a complete RSA Fault Attack (works on Arm only).
PhyWhisperer-USB Coming Soon
Do you want to perform triggering based on USB packets, like Colin did in his RECON Talk? This is about to get much easier, thanks to a new open-source tool called PhyWhisperer-USB. Check back next week for more details of the Crowd Supply campaign to get yours asap! It’s expected to retail for $250, and can work as a USB 2.0 LS/FS/HS sniffer in addition to triggering based on data packets on the USB bus.
Meet us at Black Hat, CHES, and More
Colin will be at Black Hat giving a talk on EMFI attacks on various USB devices, and will be around to say hello! He’ll have some PhyWhisperer-USB PCBs to give out at the talk as well. Afterwards, he’ll be at WOOT ’19 in Santa Clara.
We’ll be back at CHES this year – be sure to register for CHES, and arrive a day early so you can attend FDTC for all your fault-injection fun. We’re going to be giving away about 100 ChipWhisperer-Nano’s at CHES, so be sure to stop by our booth early on.
Upcoming 4-Day Training
A 4-day public training on ChipWhisperer is occurring in Redwood City, California this December again, check out the Training Description to register. You’ll get a ChipWhisperer Level 1 kit, and work through a number of real targets and attacks. The event features a number of talks during the lunch breaks, which are shared alongside training by Joe Fitz, Joe Grand, and Dmitry Nedospav.
ChipShouter Releasing to Manufacturing
Where’s the ChipSHOUTER (still?). You might notice a few people starting to use them on the forum, and we’ve been slowly working through our backlog of pre-registered interest. Please contact us at email@example.com to get on the waitlist. We’ll have these available over the next few months – a number of manufacturing challenges have delayed this production, and we finally have these problems wrapped up (we hope!).
Get your Hands on Hardware
As a reminder, if you’d like to get our products anywhere in the world, we recommend our distributor Mouser Electronics. They have almost all our gear now, and with free shipping to most of the world (sorry USA) along with pre-clearance of VAT/taxes you will often find it quick and easy.
If you’ll be at Defcon and looking to pick up in person, stop by the Attify booth and Hacker Warehouse booth in the Vendor Area.