Poor man's ChipWhisperer - or a SmartCard Tweaker
This is a simple and cheap device for all kinds of non-invasive attacks on protected MCUs and SmartCards (including credit cards!). Won't outperform a 3000$ variant of fully digital FPGA-based ChipWhisperer, but will work better as a learning/training platform for non-invasive tweaking attacks, thanks to fully accessible and observable signal paths.
I got inspired for this project after I saw this ruthless destruction of a credit card :) https://www.elektormagazine.com/news/what-is-inside-my-credit-card .
Protected secrets like credit card PINs, or protected MCU firmware can be extracted using different non-invasive attacks (attacks performed without decapsulating the silicon die). These attacks are usually based of various fault-injections - or inputting badly formatted input data, or sending signals of incorrect amplitude and frequency. Lowering supply voltage or abruptly cutting the power will also make the DUT (device under test- or actually attack) perform some uncontrolled action and hopefully reveal its secrets.
Using a combination of analogue and digital circuits, all controlled by a simple Atmega8, this device can succeed in defeating many protected DUTs, and still work as a good learning/training platform, better than a fully digital FPGA-based ChipWhisperer:
https://www.newae.com/chipwhisperer .
Besides this, you will need an average digital oscilloscope/logic probe, an analogue oscilloscope with a 100-200MHz bandwidth, and PC running software like Matlab and/or LabView for acquisition and processing of captured signals.
Discussion (13 commentaire(s))