CreateRemoteThread
commented
2 years ago AES / DES and friends
-
AES 192/AES 256 forward sbox now supported (todo: port to other models).
- To specify the first round key, use --opt knownKey:
and ignore the bits of the second round key you don't need
- To specify the first round key, use --opt knownKey:
-
Last round backwards model also supported. Use ChipWhisperer's key calculator to reverse the key schedule
-
nddla.py (non-profiled deep learning) works vs masked AES, and can load other attack models, but either needs manual adjustment of hyperparameters - or implement automated sensitivity analysis (todo)
-
template attacks now work, but require significant model-specific fixes (e.g. cherrypicker.py).
- can we reliably detect masking in a black-box scenario?
- more broadly, how well can we detect code segments?
-
32-bit hardware accelerated AES (cw308_target, stm32f215) not yet working. Can cleanly spot the "encryption bracket" via PT / CT tlva, but can't recover the key.
This framework needs wider support for different crypto primitives (or at least a way to work out whether they fit or not).
I'm not sure how to manage this high-level. Maybe using the CW approach of scripts for each attack is correct.