Home Unlabelled Recovering the AES key on a Cortex-M3 processor with emusca, using @Unicorn_Engine and Daredevil, by @jevinskie

Recovering the AES key on a Cortex-M3 processor with emusca, using @Unicorn_Engine and Daredevil, by @jevinskie

By
Tuesday, January 22, 2019
Read
Add Comment

Cortex-M3 implementation of AES and then used Daredevil to successfully recover the key

Unicorn Engine is a powerful, lightweight multi-platform, multi-architecture CPU emulator framework. It simulates multiple architectures including Arm, Arm64 (Armv8), M68K, Mips, Sparc, & X86 (include X86_64). It’s under a GPLv2 free software license for Windows * *nix (inc. Mac). So, what can be done with this powerful tool?

Twitter/GitHub user @jevinskie has developed emusca – a power trace simulator using Unicorn Engine for side channel analysis attack testing.

This project uses Unicorn to emulate a binary. Every instruction is traced and the hamming distance between every register before and after the instruction is calculated and stored. The target binary is run over many input ciphertexts (or plaintexts) to generate simulated power traces (simply the hamming distance for now) and Daredevil input, output, trace, and config file are generated. Marker functions consisting of NOPs are added to the target binary and the instruction hook records when they are hit. This is to facilitate finding the boundaries of the rounds of AES. deco is used for easy multiprocessing to speed up trace generation.

This allows @jevinskie to simulate power traces of a Cortex-M3 implementation of AES and then used Daredevil to successfully recover the key!

In the plot above is an AES S-Box based implementation simulated power trace. The different colored plots are the same trace smoothed at different levels. The nine humps are the inner full rounds of AES.

An AES T-Table based implementation simulated power trace below. The plateau on the right hand side are the rounds of AES. They are more difficult to distinguish compared to the S-Box trace since they take approximately 10 times fewer instructions per round.

emusca is written in Python under a zlib permissive license, see the source in GitHub.

If you are interested in Daredevil, the tool to perform (higher-order) correlation power analysis attacks (CPA), you can find it here on GitHub under a GPLv3.0 license by SideChannelMarvels.

Tools such as these open up a great number of testing avenues for processors using software-based methods. They won’t replace a ChipWhisperer, but still…

Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us