-
Notifications
You must be signed in to change notification settings - Fork 119
Home
Philippe Teuwen edited this page Oct 18, 2019
·
20 revisions
This is the wiki page associated to the SideChannelMarvels/Deadpool project.
Deadpool is a repository of various public white-box cryptographic implementations together with methods on how to extract the secret key. To summarize:
- The Deadpool repository provides the scripts (which in turn use the tools from SideChannelMarvels/Tracer and SideChannelMarvels/Daredevil)
- Our article which summarizes the results
- This wiki which provide tutorials which show, step by step, how to use the tools and techniques to extract the key from the white-box implementation
This is a work in progress and more tutorials will be added in the near future.
- Tutorial #1: DCA against Wyseur 2007 challenge
- Tutorial #2: DCA against Hack.lu 2009 challenge
- Tutorial #3: DCA against SSTIC 2012 challenge
- Tutorial #4: DCA against Karroumi 2010 challenge
- Tutorial #5: DCA against OpenWhiteBox AES Chow
Useful third party software:
- Hulk is able to bruteforce missing bytes after a DCA attack on AES with his special ability of AES-NI
- conditional-reduction: experiments with sample reduction for DCA, cf https://eprint.iacr.org/2018/095
- qscat: Qt Side Channel Analysis Tool to handle signal traces and more (using Daredevil)
- Jlsca: toolbox in Julia to do the computational part (DPA) of a side channel attack
- White-box Algebraic Security: PoC for the paper Attacks and Countermeasures for White-box Designs, see DCA-related literature for refs.
- On Recovering Affine Encodings in White-Box Implementations: an implementation of an attack described in the eponymous paper, see DCA-related literature for refs.
- DATA - Differential Address Trace Analysis: DATA reveals address-based side-channel leaks, which account for attacks exploiting caches, TLBs, branch prediction, control channels, and likewise.
- Lascar - Ledger's Advanced Side Channel Analysis Repository: From side-channel acquisitions to results management, passing by signal synchronisation, custom attacks, lascar provides classes/functions to solve most of the obstacles an attacker would face, when needed to perform sound, state-of-the-art side-channel analysis.
- Rainbow - It makes unicorn traces: Using Unicorn as a basis, Rainbow aims to provide an easy scripting interface to loosely emulate embedded binaries, trace them to perform side-channels, and (sometime in the near future :) )simulate fault injections.
- SCAred: is a side-channel analysis framework