fucken

lolololol · lolololol · commit 6ad4c73ba81e · 2025-02-20T17:50:26.000+11:00
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,10 @@ lib/dist/
 lib/build/
 lib/sparkgap.egg-info/
 
+# fuck right off emu elf files
+emu/*.elf
+emu/*.hdf
+
 # go away preprocessor files
 *.hdf
 **/*.hdf
diff --git a/clkfriend.py b/clkfriend.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python3
+
+import numpy
+import getopt
+import sys
+
+def usage():
+  print("todo: usage")
+
+if __name__ == "__main__":
+  if len(sys.argv) == 1:
+    usage()
+    sys.exit(0)
+  opts, args = getopt.getopt(sys.argv[1:],"f:t:",["from=","to="])
+  for arg, val in opts:
+    if arg in ["-f","--from"]:
+      FROM_VAL = val
+    elif arg in ["-t","--to"]:
+      TO_VAL = val
+ 
diff --git a/cpa.py b/cpa.py
@@ -141,6 +141,8 @@ def usage():
     out += "%02x " % int(r[i])
   print("Done: %s" % out)
   out = ""
+  if hasattr(leakmodel,"postprocess"):
+    leakmodel.postprocess(r)
   if CONFIG_PLOT:
     resultViz.render()
     resultViz.mainloop()
diff --git a/dpa.py b/dpa.py
@@ -140,7 +140,8 @@ def usage():
     out += "%02x " % int(r[i])
   print("Done: %s" % out)
   out = ""
-  out = ""
+  if hasattr(leakmodel,"postprocess"):
+    leakmodel.postprocess(r)
   if CONFIG_PLOT:
     resultViz.render()
     resultViz.mainloop()
diff --git a/emu/README.md b/emu/README.md
@@ -1,5 +1,5 @@
-# teacup
+# emu
 
-Camellia sinensis is a species of evergreen shrub or small tree in the flowering plant family Theaceae. Its leaves and leaf buds are used to produce the popular beverage tea. Common names include tea plant, tea shrub, and tea tree (unrelated to Melaleuca alternifolia, the source of tea tree oil, or the genus Leptospermum commonly called tea tree).
+This folder contains experiments for software-emulated side channel, using Ledger-Donjon's Rainbow framework. The example executable is DES. You can compile this with:
 
-arm-none-eabi-gcc -nostdlib -o hello.elf hello.c
+arm-none-eabi-gcc -nostdlib -o des.elf des.c
diff --git a/emu/aes.elf b/emu/aes.elf
diff --git a/emu/des.elf b/emu/des.elf
diff --git a/emu/des_loader.py b/emu/des_loader.py
@@ -34,15 +34,13 @@
 
 cs = None
 
-KEY_ADDR = 0x18cb8
-DATA_ADDR = 0x18cc0
-OUT_ADDR = 0x18cb0
+KEY_ADDR = 0x18ce8
+DATA_ADDR = 0x18cd0
+OUT_ADDR = 0x18ce0
 
-# DODES_END = 0x8974   # WHOLE
-DODES_END = 0x8668   # FIRSTROUND
+DODES_END = 0x8974   # WHOLE
+# DODES_END = 0x8668   # FIRSTROUND
 
-
-# rand_key = np.array([random.randint(0,0xFF) for i in range(0,8)],dtype=np.uint8)
 rand_key = np.array([0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88])
 key_str = " ".join(["%02x" % x for x in rand_key])
 
@@ -57,24 +55,22 @@
     rand_key = np.array([random.randint(0,0xFF) for i in range(0,8)],dtype=np.uint8)
     key_str = " ".join(["%02x" % x for x in rand_key])
     print("Key is %s" % key_str)
-  emu[KEY_ADDR] = bytes(rand_key[0:4])
-  emu[KEY_ADDR+4] = bytes(rand_key[4:8])
-  rand_input = np.array([random.randint(0,0xFF) for i in range(0,8)],dtype=np.uint8)
-  emu[DATA_ADDR] = bytes(rand_input[0:4])
-  emu[DATA_ADDR + 4] = bytes(rand_input[4:8])
-  emu.start(emu.functions["doDESEncrypt"] , DODES_END)
+  out_data = emu[DATA_ADDR:DATA_ADDR+8]
+  print("%s" % binascii.hexlify(out_data))
+  emu.start(0x8954 , DODES_END)
   new_trace = np.fromiter(map(lambda event: event["register"], emu.trace),dtype=np.float32)
-  rand_output = emu[OUT_ADDR:OUT_ADDR+8]
+  out_output = emu[OUT_ADDR:OUT_ADDR+8]
   if cs is None:
     cs = sparkgap.filemanager.CaptureSet(tracecount=CONFIG_COUNT,samplecount=len(new_trace),in_len=8,out_len=8)
-    cs.addTrace(new_trace,rand_input,rand_output)
+    cs.addTrace(new_trace,rand_input,out_output)
   else:
-    cs.addTrace(new_trace,rand_input,rand_output)
-  print("Run %d/%d, %s -> %s" % (i,CONFIG_COUNT,binascii.hexlify(rand_input),binascii.hexlify(rand_output)))
+    cs.addTrace(new_trace,rand_input,out_output)
+  print("Run %d/%d, %s -> %s" % (i,CONFIG_COUNT,binascii.hexlify(rand_input),binascii.hexlify(out_output)))
   del(emu)
   gc.collect()
 
-cs.save(CONFIG_OUTFILE)
+if CONFIG_OUTFILE != "q":
+  cs.save(CONFIG_OUTFILE)
 
 if CONFIG_REKEY is False:
   print("Reminder: key is %s" % key_str)
diff --git a/emu/des_test.py b/emu/des_test.py
diff --git a/emu/src/des.c b/emu/src/des.c
@@ -1,3 +1,5 @@
+// #include <stdio.h>
+
 /* des.c */
 /*
     This file is part of the ARM-Crypto-Lib.
@@ -398,19 +400,26 @@ void tdes_dec(void *out, void *in, const uint8_t *key){
 
 /******************************************************************************/
 
-uint8_t  in[8] = {0,0,0,0,0,0,0,0};
-uint8_t out[8] = {1,1,1,1,1,1,1,1};
-uint8_t key[8] = {2,2,2,2,2,2,2,2};
+uint8_t  in[8] = {0xaa,0xbb,0xcc,0xdd,0xaa,0xbb,0xcc,0xdd};
+uint8_t out[8] = {0x41,0x41,0x41,0x41,0x42,0x42,0x42,0x42};
+// uint8_t out[8] = {0x00,0x00,0x00,0x00,0x22,0x22,0x22,0x22};
+uint8_t key[8] = {0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88};
 
 void doDESEncrypt()
 {
-  des_enc(out,in,key);
+  des_enc(&out,&in,&key);
+  return;
 }
 
 int main(int argc, char **argv)
 {
-  doDESEncrypt();
-  while(1)
+  des_enc(&out,&in,&key);
+  /*
+  int i = 0;
+  for(i = 0;i < 8;i++)
   {
+    printf("%02x ",out[i]);
   }
+  printf("\n");
+  */
 }
diff --git a/emu/xtea.elf b/emu/xtea.elf
diff --git a/emu/xtea_loader.py b/emu/xtea_loader.py
@@ -37,7 +37,7 @@
 
 DOXTEA_END = 0x84c4
 
-rand_input = np.array([random.randint(0,0xFF) for i in range(0,8)],dtype=np.uint8)
+rand_input = np.array([random.randint(0,0xFF) for i in range(0,16)],dtype=np.uint8)
 key_str = " ".join(["%02x" % p for p in rand_input])
 
 print("Key is %s" % key_str)
@@ -48,6 +48,8 @@
   emu.setup()
   emu[KEY_ADDR] = bytes(rand_input[0:4])
   emu[KEY_ADDR+4] = bytes(rand_input[4:8])
+  emu[KEY_ADDR+8] = bytes(rand_input[8:12])
+  emu[KEY_ADDR+12] = bytes(rand_input[12:16])
   rand_input = np.array([random.randint(0,0xFF) for i in range(0,8)],dtype=np.uint8)
   emu[DATA_ADDR] = bytes(rand_input[0:4])
   emu[DATA_ADDR + 4] = bytes(rand_input[4:8])
diff --git a/lib/sparkgap/attacks/DES_SboxOut_HW.py b/lib/sparkgap/attacks/DES_SboxOut_HW.py
@@ -70,7 +70,7 @@ def inv_permute(table,blk,default_char=2):
   return pt
 
 def mapToInteger(in_s,bits=6):
-  in_r = in_s[::-1]
+ x in_r = in_s[::-1]
   out = 0
   for ix in range(0,bits):
     i = ix
@@ -96,7 +96,6 @@ def bytesToBitstring(in_str):
 def bitstringToBytes(in_str):
   return [int(mapToInteger(in_str[i:i + 8],8)) for i in range(0, len(in_str), 8)]
 
-
 class desSplit:
   def __init__(self,pt):
     px = bytesToBitstring(pt)
@@ -243,3 +242,10 @@ def genIValRaw(self,tnum,bnum,kguess):
 
   def distinguisher(self,tnum,bnum,kguess):
     return self.genIValRaw(tnum,bnum,kguess) % 2 == 0
+
+  def postprocess(self,key):
+    out = ""
+    for i in range(0,self.keyLength):
+      out += "%02x " % int(key[i])
+    print("Hello from postprocess - %s" % out)
+    return

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+// #include <stdio.h>`
	`2`	`+`
`1`	`3`	`/* des.c */`
`2`	`4`	`/*`
`3`	`5`	`This file is part of the ARM-Crypto-Lib.`
`@@ -398,19 +400,26 @@ void tdes_dec(void out, void in, const uint8_t *key){`
`398`	`400`
`399`	`401`	`/******************************************************************************/`
`400`	`402`
`401`		`-uint8_t in[8] = {0,0,0,0,0,0,0,0};`
`402`		`-uint8_t out[8] = {1,1,1,1,1,1,1,1};`
`403`		`-uint8_t key[8] = {2,2,2,2,2,2,2,2};`
	`403`	`+uint8_t in[8] = {0xaa,0xbb,0xcc,0xdd,0xaa,0xbb,0xcc,0xdd};`
	`404`	`+uint8_t out[8] = {0x41,0x41,0x41,0x41,0x42,0x42,0x42,0x42};`
	`405`	`+// uint8_t out[8] = {0x00,0x00,0x00,0x00,0x22,0x22,0x22,0x22};`
	`406`	`+uint8_t key[8] = {0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88};`
`404`	`407`
`405`	`408`	`void doDESEncrypt()`
`406`	`409`	`{`
`407`		`- des_enc(out,in,key);`
	`410`	`+ des_enc(&out,&in,&key);`
	`411`	`+ return;`
`408`	`412`	`}`
`409`	`413`
`410`	`414`	`int main(int argc, char **argv)`
`411`	`415`	`{`
`412`		`- doDESEncrypt();`
`413`		`- while(1)`
	`416`	`+ des_enc(&out,&in,&key);`
	`417`	`+ /*`
	`418`	`+ int i = 0;`
	`419`	`+ for(i = 0;i < 8;i++)`
`414`	`420`	`{`
	`421`	`+ printf("%02x ",out[i]);`
`415`	`422`	`}`
	`423`	`+ printf("\n");`
	`424`	`+ */`
`416`	`425`	`}`