Links to project details (GIT, Wiki, Docs) are on the left. The laziest introduction to this project is the 2-minuite video created for The Hackaday Prize quarterfinals (i.e. the first video I made):
A slightly longer introduction appeared as a 5-minuite video for the semifinals (i.e. the second video), see below:
The most commitment is reading this page! Well if you are still reading, strap yourself in...
What's This About?
Lots of people have tried to design secure systems, and alas there is lots of failures. But what if you did everything correct: no buffer overflows, no unsanitized inputs, no default passwords. Unfortunately this isn't good enough - even perfectly implemented encryption algorithms such as AES-256 will reveal encryption keys. It's not due to incorrect implementation, it's a fundamental artefact of their design.
This has been known for a long time - the first paper on this was published in 1998. But if you are an engineer or independent researcher tools to get started are expensive, or require you to do a lot of work yourself scripting together lower-cost tools. This project is my attempt to eliminate this problem.
I'm eliminating the problem for good by making my tools open source. Because this whole area is an active research area, the tools need to be open source. This isn't a case of attempting to seem sexy by adding the word 'open-source', but placing something of commercial value into the open-source domain, in the hope it spurns a larger community. Think of something like Wireshark - it's extremely valuable, and could easily be sold as a high-end product. But most of that value comes from it being open source, and hence containing a huge array of protocol dissectors, far beyond what a commercial vendor could support.
It's also worth stressing that there is no 'tricks' in the open-source nature of this project. It's not just part of the design that's open source, and I've already had people build these units from PCB design files (so I know they are complete!). Again the objective of this is project is to open up this area of research to a much wider audiance. I'm hopng the commercial value I'm giving up (by allowing anyone to make these units, and not forcing them to buy them from me) is far outweighed by the community this project builds up.
And here is basically what the system entails. It's a fusion of closely operating FPGA blocks and a Python interface communicating over a high-speed USB 2.0 interface. It even uses partial reconfiguration to reprogram the Spartan 6 FPGA during operation to fine-tune certain parameters that would otherwise be fixed when implementing the FPGA.
Having the computer connectivity of the hardware is fundamental to the operation of this device. In addition it's possible (and sometimes required) to have the device split over several locations via a network. This can mean the ChipWhisperer is running on one computer, with data being saved to a larger network store. This can also mean doing analysis at the same time as capture via a SQL database, or even doing analysis on larger clusters of computers.
The capture software controls the ChipWhisperer FPGA board or another oscilloscope along with the target device. The GUI is a pretty full-featured piece of software which looks something like this:
You should also look over the full documentation - there is a whole bunch of tutorials, so you can even get started without building the hardware! If anything kills open source projects it's not having simple getting started documentation, so I'm trying to ensure that doesn't happen to me. Here's a quick shot of some of the official documentation:
Interesting FPGA Blocks
This project has a number of FPGA blocks - all the ones below I've designed as part of this project, and not pulled from somewhere else. Many of them can be ripped out for use in your own project (I've tried to keep everything as modular as possible). Where possible I re-used existing blocks (such...Read more »