Config files: DCA against Wyseur 2007 challenge

[kitty-Shadowcat]

Hi, after the acquisition of traces using Valgrind, I get the configuration files which are classified into 2 categories: those with the names that include rw1 and those with the name that include rw4. What does the abbreviations "rw1" and "rw4" mean and what is the difference between these 2 categories?

[doegox]

Default filters are described here https://github.com/SideChannelMarvels/Deadpool/blob/master/deadpool_dca.py#L75-L87

rw1 refers to the filter keeping all 1-byte address or data being read or written to memory. rw4 refers to the filter keeping all 4-byte address or data being read or written to memory.

[kitty-Shadowcat]

I see, ok thank you. I also noticed that eventhough in the config file we can choose the round where we want to apply the attack, it doesn't work unless it's the first round, right?

[doegox]

yes it's a useless parameter of Daredevil

[kitty-Shadowcat]

Ok, I see. I do have another question though about the results we get using daredevil: we're supposed to get a list of 20 candidates of a certain key byte for each targeted bit, and at the end a list of the best 10 candidates. But for each targeted bit, i get the list of 20 candidates, which above it, there is always also another list that is not mentioned in the tutorial, and whose number of elements can be changed by changing "top" in the last line in the config files. What are the components of this list? And what is its benefit?

[doegox]

One, the "peak", is based on the maximum correlation peak seen. The other, the "sum", is based on the sum of the correlation peaks. Which one is better depends on the leakage of the device. For whit-box implementations, "peak" is the best to look at.

[kitty-Shadowcat]

Ah ok, i thought for each targeted bit, they were the top 20 candidates so far ( for the previous targeted bits and the current bit). So for each targeted bit, the first list of 20 candidates is based on the maximum correlation peak seen, while the second one is base on the sum of the correlation peak, right? My last question would be about the composition of the key: once we get the 10 best candidats for each key bytes (8 lists of the 10 best candidats), is it up to us to try all the possibilities between those candidats until we find the correct key? And should we also concider the possibilities btween the top 20 lists or is always only supposed to be in the best top 10?

[doegox]

Come on please, we're not on a forum. The only interest of the best candidates list is to see if the first or first two are well ahead of the others or not and there is no automation in our tool to try all key combinations.