Undo Arduino Encryption With An Oscilloscope

Cryptography ain’t easy. Seemingly small details like how many times a computationally intensive loop runs can give the game away. [Lord Feistel] gives us a demo of how this could work with nothing more than poorly designed code, a resistor, and an oscilloscope.

The hardware side is, as mentioned, really simple. Put a resistor inline with the Arduino and monitor the voltage drop across the resistor with the scope. When the chip is working hard, it consumes more current, and code sections that take longer will show up as longer dips.

On the software end, it’s only a little more complicated.  The RSA encryption scheme involves a lot of exponentiation and modulo-taking. Here, [Lord Feistel] is targeting a naive way of computing the exponents quickly, and demonstrates how you can read the exponent straight out the chip’s power demand.

Implementing this attack against a real-world RSA algorithm, in the context of the Arduino doing other stuff, will be harder. And we don’t know if the algorithm implemented in “standard” Arduino libraries is smarter than this one. (If you know, let us know in the comments.) But still, this is a cool example of just how simple and straightforward it can be to eavesdrop on bad code.

If you only need to bypass encryption instead of breaking it, check out [Lord Feistel]’s other tutorial on power glitching that we featured previously. If you haven’t played around with the hardware side of security, it gets deep pretty quickly, but you can at least dip your toes in the shallow end with what you’ve got in your closet.

How Good Is The Cheapest Generator On Amazon?

Although an internal combustion engine-based generator isn’t exactly one of the most complicated contraptions, any time that you combine something that produces power with electrical devices, you generally like to know how safe it is. Even more so when it’s a $139 generator you got off Amazon, like the PowerSmart 1200 Watt (1000 continuous) that the [Silver Cymbal] took a gander at recently. They used an expensive professional power analyzer to look at more than just the basic waveform of the 120 VAC output to figure out what kind of devices you’d feel comfortable connecting to it.

Waveform analysis of the cheapest generator when under load. Looks better than with no load attached.

On the unit there is a single AC output, which a heater got attached to serve as a load during testing, but before that, the properties out of the output voltage were analyzed without any load. This showed a highly erratic waveform, as the generator clearly was unable to synchronize and produced a voltage within a wide range, immediately disqualifying it for connecting to sensitive electronics. Things got less dire once the load was hooked up and turned up to use up a big chunk of the available continuous power.

Although being far from a perfect sine wave, the output now looked much better, with all properties including the total harmonic distortion (THD) being just a hair over 20% and hitting just over 60 Hz on the frequency.

Definitely not a great result, but as a cheap unit to keep around for powering things like heaters and power tools that aren’t too fussy about how clean the power is, one could do a lot worse.

Continue reading “How Good Is The Cheapest Generator On Amazon?”

Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)

One of the many fascinating fields that’s covered by Hackaday’s remit lies in the world of hardware security, working with physical electronic hardware to reveal inner secrets concealed in its firmware. Colin O’Flynn is the originator of the ChipWhisperer open-source analysis and fault injection board, and he is a master of the art of glitching chips. We were lucky enough to be able to welcome him to speak at last year’s Remoticon on-line conference, and now you can watch the video of his talk below the break. If you need to learn how to break RSA encryption with something like a disposable camera flash, this is the talk for you.

This talk is an introduction to signal sniffing and fault injection techniques. It’s well-presented and not presented as some unattainable wizardry, and as his power analysis demo shows a clearly different trace on the correct first letter of a password attack the viewer is left with an understanding of what’s going on rather than hoping for inspiration in a stream of the incomprehensible. The learning potential of being in full control of both instrument and target is evident, and continues as the talk moves onto fault injection with an introduction to power supply glitching as a technique to influence code execution.

Schematic of an EM injector built from a camera flash.
Schematic of an EM injector built from a camera flash.

Continue reading “Remoticon 2021 // Colin O’Flynn Zaps Chips (And They Talk)”

Safely Measuring Single And Three-Phase Power

There are many reasons why one would want to measure voltage and current in a project, some applications requiring one to measure mains and even three-phase voltage to analyze the characteristics of a device under test, or in a production environment. This led [Michael Klopfer] at the University of California, Irvine along with a group of students to develop a fully isolated board to analyze both single and three-phase mains systems.

Each of these boards consists out of two sections: one is the high-voltage side, with the single phase board using the Analog Devices ADE7953 and the three-phase board the ADE9708. The other side is the low-voltage, isolated side to which the microcontroller or equivalent connects to using either SPI or I2C. Each board type comes in either SPI or I2C flavor.

Each board can be used to measure line voltage and current, and the Analog Devices IC calculates active, reactive, and apparent energy, as well as instantaneous RMS voltage and current. All of this data can then be read out using the provided software for the Arduino platform.

The goal of this project is to make it easy for anyone to reproduce their efforts, with board schematics (in Eagle format) and the aforementioned software libraries provided. Here it is somewhat unfortunate that the documentation can be somewhat incomplete, with basic information such as input and measurement ranges missing. Hopefully this will improve over the coming months as it does seem like a genuinely useful project for the community.

We’ve covered the work coming out of [Michael]’s lab before, including this great rundown on Lattice FPGAs. They’re doing machine vision, work on RISC-Vchips, and more. A stroll through the lab’s GitHub is worth your time.

 

 

 

 

A Close Eye On Power Exposes Private Keys

Hardware wallets are devices used exclusively to store the highly sensitive cryptographic information that authenticates cryptocurrency transactions. They are useful if one is worried about the compromise of a general purpose computer leading to the loss of such secrets (and thus loss of the funds the secrets identify). The idea is to move the critical data away from a more vulnerable network-connected machine and onto a device without a network connection that is unable to run other software. When designing a security focused hardware devices like hardware wallets it’s important to consider what threats need to be protected against. More sophisticated threats warrant more sophisticated defenses and at the extreme end these precautions can become highly involved. In 2015 when [Jochen] took a look around his TREZOR hardware wallet he discovered that maybe all the precautions hadn’t been considered.

Continue reading “A Close Eye On Power Exposes Private Keys”

The Hackaday Prize: Interview With A ChipWhisperer

chipwhisperer

Every finalist for The Hackaday Prize has some aspect of it that hasn’t been done before; finding the chemical composition of everything with some 3D printed parts is novel, as is building a global network of satellite ground stations with off the shelf components. [Colin]’s ChipWhisperer, though, has some scary and interesting implications. By looking inside a microcontroller as its running, the ChipWhisperer is able to verify – or break – security on these chips. It’s also extremely interesting and somewhat magical being able to figure out what data a chip is processing simply by looking at its power consumption.

We have no idea who the winner of The Hackaday Prize is yet, and I’m hoping to remain ignorant of that fact until the party two weeks from now. Until then, you can read the short interview with [Colin O’Flynn], or check out his five-minute video for the ChipWhisperer below:

Continue reading “The Hackaday Prize: Interview With A ChipWhisperer”