Close

Does this project spark your interest?

Become a member to follow this project and don't miss any updates

ChipWhisperer®: Security Research

Open Source Hardware Security Analysis

7 133 119
Enjoy this project?
Share on twitter   Share on Facebook

This project was created on 04/29/2014 and last updated 3 days ago.

Description
ChipWhisperer is the first complete open-source solution for embedded hardware security research including side-channel power analysis and glitching. Tools from commercial vendors cost considerably more (think $20k+), making this the project that promises to bring all sorts of fun tools to every engineer or developer interested in embedded security. It's fully documented (including tutorials) making it possible to really get started on your own.

The objective of the ChipWhisperer project is nothing short of revolutionizing the entire embedded security industry. Every engineer/hobbyist who needs to use encryption in their design should be able to perform a side-channel attack, and understand the ramifications of such an attack on their product. The open-source nature of the ChipWhisperer makes this possible, and my hope is that it becomes the start of a new era of hardware security research.
Details

Links to project details (GIT, Wiki, Docs) are on the left. You might want to check out the quick 2-min video about this project:

And here is basically what the system entails. It's a fusion of closely operating FPGA blocks and a Python interface communicating over a high-speed USB 2.0 interface. It even uses partial reconfiguration to reprogram the Spartan 6 FPGA during operation to fine-tune certain parameters that would otherwise be fixed when implementing the FPGA.

The capture software controls the ChipWhisperer FPGA board or another oscilloscope along with the target device. The GUI is a pretty full-featured piece of software which looks something like this:

_images/capture.png

You should also look over the full documentation - there is a whole bunch of tutorials, so you can even get started without building the hardware! If anything kills open source projects it's not having simple getting started documentation, so I'm trying to ensure that doesn't happen to me. Here's a quick shot of some of the documentation:

License & Lega

This project is fully open source, and uses two main licenses: the GPL and the BSD license. The majority of it is released under the GPL license, although a few useful tidbits (such as the ADC interface code in both FPGA and library) are released under the BSD license. The idea is to keep things which might be useful in other projects but aren't too commercially valuable (such as the ADC interface code) freely usable inside of commercial projects. The side-channel analysis & glitching code however IS quite commercially valuable, so I don't want someone integrating it inside their own project without being forced to release changes/improvements they make.

ChipWhisperer is a trademark of NewAE Technology Inc., registered in the U.S.

Libraries & Referenced Projects

This project uses a number of other open-source projects. See the CW Docs for full details of this, but these are the main projects deeply integrated with this (apologies if any are missing!):

  • Python
  • PySide
  • PyQtGraph
  • NumPy
  • SciPy
  • PyUSB
  • LUFA USB Library
  • ZTEX EZ-USB SDK
  • libusb-1.0
  • WinAVR

Component List

There is a huge number of options when you want to build this - I've listed some basic components below, but check the Wiki for full details.

Components
  • 1 × NPCB-CWCR2-02, Assembled PCB See https://www.assembla.com/wiki/show/chipwhisperer/CWRev2_Capture_Component_Assembly_Procedure for details. Gerbers are present in repository, or can buy from HW Store.
  • 1 × ZTEX 1.11c FPGA Module ZTEX 1.11C FPGA Module, Spartan 6 LX25 Module. Buy from ztex.de.
  • 1 × NAE-OPENADC-0.02 OpenADC Module, See OpenADC Project for assembly instructions. Can buy from HW store too.
  • 1 × Target Board Can use Multi-Target board (see Wiki for details) or your own target device.

Project logs
  • Updated Build Instructions + BOM, New FPGA Programming

    18 days ago • 0 comments

    I've been working on a few things. The first is an updated support forum at https://newae.com/forum which will serve as a method of users discussing the project. This is not only for ChipWhisperer-specific stuff, but any general open-source side-channel analysis projects (or that's the idea).

    I've also updated the main Wiki Page with a little more clear links to information. Along with this I went through & updated the BOM + Build instructions for the ChipWhisperer Baseboard, and added those for the LNA + Differential Probe. So it's not major updates but makes things a lot more useful I think!

    Finally on the SW side: the FPGA Project is now programmed from a zip file with all the partial reconfiguration information present. No longer do you need to deal with ensuring two different files match or worry about changing line ends when getting a file from GIT. The zip system makes your life easy.

  • Say Goodbye to Java + RECON Video

    a month ago • 0 comments

    A few little updates. #1 is that I've gotten rid of the Java requirement in the project - I was using a file provided by the FPGA board supplier (ZTEX) for loading the bitstream. This was written in Java and a great annoyance, as it required keeping a whole extra program running.  I'm very happy to say that's been removed - the 0.07 release due out this week will have a native Python-based loader, but you can check out the git repo too. It now loads everything via the Python USB interface code (same one used during running), so it's a huge headache removed.

    A video of my talk from RECON has been posted too, see a copy (MP4 format) here: http://recon.cx/2014/video/recon2014-24-colin-o-flynn-Power-Analysis-and-Clock-Glitching-with-the-Open-Source-ChipWhisperer-Platform.mp4

    I can't seem to get the embedded version to work, so you've got to click that sorry. Appologies on all the 'ums' thrown throughout...

  • Version 0.04 Released, Find me at DEFCON/Blackhat

    2 months ago • 0 comments

    Various updates of interest. First, version 0.04 of the code has been released. This integrates a lot of new material including the profiling attacks. The tutorials have been updated to reflect this. As before you can download some example traces so you don't really need the hardware to get started.

    Speaking of hardware, I'll have a few PCBs with me at DEFCON/Blackhat next week which I'll be giving away as usual. And if you want to get your hands on a real device, the EFF Fundraiser called Vegas 2.0 will be raffling off an assembled ChipWhisperer unit

    You can see the new tutorials on the uploaded documentation, or go to the assembla page for the latest release. I haven't had time to fully test it so more things than usual are probably broken, oops.

    Oh and I uploaded a fancy new block diagram which attempts to show some of the interconnections. There's a lot of mostly unrelated blocks in the project so even this vastly simplified one looks a little crazy, but what can you do.

View all 7 project logs

Discussions

Jasmine wrote a month ago null point

Hello coflynn, I think you've hit most of the requirements to be considered for the next round of the Hackaday Prize, but I couldn't see links to code repositories, libraries, licenses or permissions needed for your project. Please add these before August 20th.
Thanks for entering and good luck!

Are you sure? [yes] / [no]

coflynn wrote a month ago null point

Thanks for the notes - the code was hidden underneath another link ('sources') and the licenses were only mentioned there. I'll fix up the page to have clear links...

Are you sure? [yes] / [no]

Tiago wrote 3 months ago null point

Great project! How much does it cost you to manufacture it?

Are you sure? [yes] / [no]

coflynn wrote 2 months ago null point

Thanks! If you DIY everything I think it's about $300-$400 depending how much of it you build. The FPGA board is $200 which is the main cost, although it's possible to build part of the FPGA file for cheaper boards (Spartan 6 LX9 boards). These versions have less features but still useful...

Are you sure? [yes] / [no]

Mike Szczys wrote 3 months ago null point

Thanks for entering this one in The Hackaday Prize.

Good luck with your talk at Recon. Any chance that will be available online?

Are you sure? [yes] / [no]

coflynn wrote 3 months ago null point

Definitely will be available online - I'm not 100% sure if the RECON folks record the talks, but if not I'll upload my own version!

Are you sure? [yes] / [no]

Eric Evenchick wrote 5 months ago null point

Nice to see some open information on the black magic of side-channel analysis. Thanks for sharing this.

Are you sure? [yes] / [no]