STM32F4 RDP downgrade with #chipwhisperer Husky. You guys made it before me, but i knew it would be SAD trigger due to STM32F4 jitter :)

Orig tweet: https://twitter.com/marunmagesh/status/1652203313201397760

Last trigger on #chipwhisperer tried out, ETM trace parallel capture on K82F target.

Though the connection is wonky given how the ETM trace+debug connector on K82F target board needs to be connected to USERIO header.

Kinda surprised it worked given how sensitive parallel trace and clock are and how precisely it usually needs to be routed on boards with ETM trace+debug connector.

Got the results, but noticed a few bugs in the ETM trace notebooks:

- K82F has one address wrong for the precompiled binary, 0x3ef0 is right for SubBytes, but AddRoundKey should be 0x3eb8, not 0x3f1c
- `pc_sample_annotate` notebook tries to program for `simpleserial-ecc` not `simpleserial-trace` (then shows incorrect assert)
- orbuculum invocations has parameters like -P that are in none of my orbuculum builds (old one, v2.0.0, some devel version)

Wasn't really succesful with raw trace+orbuculum, letting CW to decode seemed to work. (But AddRoundKey address on the first graph is not entered correctly, I just found out now)

Trying out TraceWhisperer from #chipwhisperer Husky. I had to resort to STM32F303 over SWO instead of parallel trace, since the STM32F303 UFO target doesn't have the TRACED and TRACECLK pins exposed.

Though with non-raw trace it seems to do something - need to re-check later with raw+orbuculum.

Unfortunately can't use JTrace for the check due to the missing TRACE pins, but there's some data that look like screenshots from the example.

Debugging #chipwhisperer SAD multiple trigger. Finally got a slight understanding what is wrong eith demo code not matching up to my build, different compliler.

So trying to set up the reference wave correctly to match my build

Finally figured out how to make #chipwhisperer work with bokeh graphs in PyCharm Professional.

So now you can also debug/step/inspect variables in cells and have graphs working.

Fix to make bokeh graphs work is changing this line in notebooks:

output_notebook(INLINE)

to

output_notebook()

Finally got #chipwhisperer Husky. Though didn't expect to not have USB 3, which limits streaming capture (can't find example notebook for it either).

Now on second demo 02 husky triggers, but I keep getting scope.errors I don't see explained in docs in both demos I tried. The scope.errors.clear() sometimes works weird.

With both CW308 and CW313 it has lot of opportunities, trying to work through it to get all the potential.

Yes the ETM trace+debug cable is too long, but I guess I'll be wrestling other parts.

Would need #chipwhisperer husky for a usable oscilloscope.

If you're a #Chipwhisperer user and want an easy and frustration-free way to install it, check my docker-compose scripts here:
https://github.com/arisada/chipwhisperer5-docker

Could have used #chipwhisperer Lite, but the buffer size is about the same (24 vs 32 Ksamples).

PulseView is much better GUI for interactive experiments than Jupyter.

Continuous sampling did not turn out to be working (it does take multiple traces though on each trigger)

Nightly PulseView has also the "function" arbitrary expression ability, but it doesn't seem to be working fully yet. (it's like stacked protocol decoders)

@maldr0id This is what #chipwhisperer does (https://www.crowdsupply.com/newae/chipwhisperer-husky)

While it may be fun trying to recreate it, it's also time-consuming, since CW has all the tools and courses ready.

OTOH ironically just few days ago I needed capture power trace via openhantek and sigrok/pulseview, but being tired I kept screwing up the shunt connection :)

Took me a while to appreciate it but #Jupyter is not bad at all for interactive works that require graphing.
Also the SCA tutorials from #chipwhisperer are very interesting. I'm taking a long time per lab but I'm experimenting.

Everything You Didn’t Know You Need to Know About Glitching Attacks

https://hackaday.com/2022/08/25/everything-you-didnt-know-you-need-to-know-about-glitching-attacks/

#faultinjection #SecurityHacks #ChipWhisperer #glitching #hardware #PicoEMP #trezor #stm32