>/posts/Side Channel Attacks - Basics $

Estimated reading time: 10 minutes


What is that?

Have you ever heard of a side-channel attack? Maybe not, but you might have heard of the "Pentagon Pizza Index." The idea is somewhat similar. A side-channel attack allows you to gather information indirectly by observing correlated signals rather than the target data itself, just like how increased pizza orders near the Pentagon may correlate with upcoming military activity. You can check it here. A good example of this concept is the CTF challenge Mumble Mumble solved by Gynvael Coldwind (the relevant part starts at 3:30, although the whole video is worth watching). Another example is the Tarsnap challenge from HeroCTF 2025, described here. Shout out to KOREONE for the great write-up. Although that attack is described as a compression oracle attack, it can also be viewed as a side-channel attack. The compression ratio leaks information about the plaintext, effectively acting as a side channel. Now that we understand how side-channel attacks leak information through correlated sources, we can move on.

What can we do with that?

Physical devices introduce even more opportunities for side-channel attacks. Things get especially interesting when we can interact with the hardware directly. For example, we can measure power consumption during specific operations.

- Wait, what? So we're going to eavesdrop on the power supply now?
- Well, yes, but not with a typical microphone, rather with a specialized, precise, and fast measurement tool. Let me show you the ChipWhisperer.

ss1

The ChipWhisperer (per the manufacturer) is a powerful, compact tool for working with side-channel power analysis and fault injection. I won't bore you with the technical details; just imagine a tool that can perform 200,000,000 measurements per second at 12-bit precision, which is enough to capture changes in current flow on an IC, or in its crypto core if it has one. This leads to one important conclusion: measuring the current drawn by the whole device is pointless. Since a device usually has plenty of decoupling capacitors and other units besides the CPU, we have to take the measurement right before the IC. This typically makes the process invasive, but with enough money it's possible to perform the whole operation wirelessly, which I'll cover later in this post.

For now, the most important takeaway is this: it's easy as long as you can cut PCB traces, mount a small SMD resistor, and connect the measuring wires without mismatching pins while reading the documentation and making your on-board changes. Otherwise, your device will turn into a smoke machine, which is something no researcher wants.

ss2

Image source: ADVANCES IN SIDE-CHANNEL SECURITY

The screenshot above shows a couple of example ways to connect the measurement. Keep in mind that we're not interested in the exact value of the measured current, voltage, or anything like that.

- What do you mean we're not interested in these values? Then why do we need such precise equipment? - Let me explain...

All we care about are the changes in the chart between each measurement; our Husky isn't able to measure DC samples anyway. Just take a look at the chart below. Those two lines represent the current consumption for two different password-guess attempts. The first is for '0x00' as a reference, and the second is for the letter 'a'.

ss3

- Wait, what do you mean by two lines? I can only see one trace on this chart!
- Exactly, that's because they're almost identical. We need precise measurement equipment to catch every tiny difference between all the captured traces. Now take a look at what happens when we capture the trace for each letter.

ss4

There are multiple traces overlapping each other, except for one that's significantly different from the rest. I think it's some shade of gray, but there are several gray shades on this chart, so which letter is it? Don't worry, we're going to write a script that easily detects such anomalies. We sum the differences between our reference trace (the one with '0x00' input) and every other trace at each measurement point. The resulting numbers come out close or equal to 0, except for one: the one that stands for the letter 'h'.

This method is called Sum of Absolute Differences, performed as part of Simple Power Analysis. And if we keep repeating it until we get a message other than "invalid password," we can find the correct one regardless of its length, with a complexity of O(n × character_field), which is almost linear.

- Impressive, but this whole process, including cutting PCB traces and so on, looks really dangerous, and it's highly likely to destroy the device.
- Yeah, that's true. But as I mentioned earlier, there is a way to make the whole process wireless!

What are we, wizards now?!

- Yeah, kind of!

ss5

By using this wand-like antenna, we can perform the same measurement without the invasive process. There's one more important thing, though. Once you locate the region with the most activity, you have to set the antenna up perfectly still and avoid moving it between measurements. In my case, I used pliers and a steel lock to make sure everything was fixed and immobile.

ss6

A magnetic tripod is a much better and affordable option here, and an XY table is the best, but we're still in a home lab, so it is what it is. And even though I tried my best, this approach comes with much worse measurement quality, and it also picks up some self-generated and ambient noise. Just look at the chart below.

ss7

Even though it's messier, there are still visible similarities and differences between the two traces, and by continuing this process we can recover the whole password just by touching the IC with our magic wand. It's worth mentioning, however, that this approach requires more attempts to avoid false positives and negatives caused by other signals flying through the air and affecting our antenna, unless you happen to have an isolated anechoic chamber, which is far too expensive for a home lab. So we have to accept the inconveniences that come with longer test durations and multiple attempts. The whole process is also hard to reproduce once you tear down your home-lab setup. Even with all of that, it's still insane that we're able to recover a password just by measuring the magnetic field near the IC using home-grade methods.

ss8

Why does it work like that?

Well, honestly, in terms of this PoC the IC doesn't perform a real cryptographic check or anything like that. There's a hardcoded password inside the hardware and we simply compare strings, which honestly could work most of the time as long as you disable the debugger access. Here's the shortened pseudo code.

#define password "h0p3x"

do {
    temp_pass = ReadSerial();
} while (strcmp(temp_pass, password));

// do stuff;

And it's important to know exactly how the strcmp function works. It compares strings char by char and breaks the comparison as soon as it meets any difference. That's why it's so easy to observe a huge difference in power consumption for that one exact char. It also shows that even if you can't directly touch the code or the runtime memory, it's still possible to recover a password that defends the device in such a simple way.

ss9

- Isn't this some kind of intended backdoor, or a vulnerability in itself?
- Nah, it's just sloppy code and physics.

Once you go really deep into your digital electronic devices, it all comes down to switching a basic P-N junction that determines whether a particular line represents a 0 or a 1. It's important to know that switching this junction requires energy, which is the current flow in this example, and the side effects of that flowing current are the appearance of a magnetic field and heat emission. The second one doesn't really matter for a side-channel attack, unless you want to check whether your power supply works without measurement tools. Since both the direct and indirect measurement processes focus on power consumption, we'll stick with that term for simplicity. Because the device under test executes the same instructions at a given point, the same values get loaded into registers and the same number of gates switch, which leads to the same amount of energy consumption. So once we acquire a trace that differs from the rest, we know we've hit a different branch in the program, and we can tell without ever connecting a debugger!

There is another

Besides the two side effects mentioned (heat and EMF), there's one more. As you might remember from school, whenever a system transitions from an excited energy state to a lower one, it emits a quantized amount of energy in the form of a photon, which you can also collect and measure. But that's a much more complicated topic for another post, and you definitely won't be doing it at home.

Are we cooked?

For now you don't have to worry about your electronics; the design flaws and misconfigurations here were intentionally introduced for the sake of this PoC demo. Production-grade devices ship with a whole range of countermeasures (I wish), but mitigations aren't the focus of this post.

Comments (0)

There is no comments yet, add first!

Please log in to add a comment.

X