Thursday, November 2, 2017

Ok....no bullshit...no easy stuff...on the bootloader

Finding the Encryption Key

Now that we have our traces, we can go ahead and perform the attack. As described in the background theory, we'll have to do two attacks - one to get the 14th round key, and another (using the first result) to get the 13th round key. Then, we'll do some post-processing to finally get the 256 bit encryption key.

14th Round Key

We can attack the 14th round key with a standard, no-frills CPA attack:
  1. Open the ChipWhisperer Analyzer program and load the .cwp file with the 13th and 14th round traces. This can be either the aes256_round1413_key0_100.cwp file downloaded or the capture you performed.
  2. View and manipulate the trace data with the following steps:
    1. Switch to the Trace Output Plot tab
    2. Switch to the Results parameter setting tab
    3. Choose the traces to be plotted and press the Redraw button to draw them
    4. Right-click on the waveform to change options, or left-click and drag to zoom
    5. Use the toolbar to quickly reset the zoom back to original
      image
      Notice that the traces are synchronized for the first 7000 samples, but become unsynchronized later. This fact will be important later in the tutorial.
  3. Set up the attack in the Attack settings tab:
    1. Leave the Crypto Algorithm set to AES-128. (Remember that we're applying the AES-128 attack to half of the AES-256 key!)
    2. Change the Leakage Model to HW: AES Inv SBox Output, First Round (Dec).
    3. If you're finding the attack very slow, narrow down the attack a bit. Normally, this requires a bit of investigation to determine which ranges of the trace are important. Here, you can use the range from 2900 for 4200. The default settings will also work fine!
      image
  4. Note that we do not know the secret encryption key, so we cannot highlight the correct key automatically. If you want to fix this, the Results settings tab has a Highlighted Key setting. Change this to Override mode and enter the key ea 79 79 20 c8 71 44 7d 46 62 5f 51 85 c1 3b cb.
  5. Finally, run the attack by switching to the Results Table tab and then hitting the Attack button.

we have the russians intel work about NSA! Godsurge

the closest i can get is for software is...silentbreaksec/Throwback...HTTP/S Beaconing Implant

Throwback

HTTP/S Beaconing Implant
  1. Run the python script to encode strings. python tbManger.py encode http://mydomain.com/index.php
http://mydomain.com/index.php -> {57,37,37,33,107,126,126,60,40,53,62,60,48,56,63,127,50,62,60,126,56,63,53,52,41,127,33,57,33}
Note: Don't forget to add ,-1 to end of the integer array for an LP. So the above would become.
{57,37,37,33,107,126,126,60,40,53,62,60,48,56,63,127,50,62,60,126,56,63,53,52,41,127,33,57,33,-1}
  1. Update DNSARRAY to reflect the number of LPs listed in DNSCODE array.
  2. Compile!
  3. Setup ThrowbackLP.

Godsurge is a physical device plugged-in to the Joint Test Action Group or JTAG headers on a system's motherboard. ....NSA implants...watchdog running off an integrated RC oscillator, presenting Microchip AT91SAM7X128C-AU, 32bit ARM Microcontroller, 30MHz, 128 kB Flash, 100-Pin LQFP

Cielo e terra (duet with Dante Thomas)