PhyWhisperer-USB

by NewAE Technology Inc

A hardware-based USB 2.0 monitor & trigger platform, controlled from Python

$21,325 raised

of $1 goal

Funded! Order Below

Product Choices

$5

Reward the QA Managers

Our QA/ESD testers beg everyone for treats, so why not beg random internet people? You get nothing in return except an update video of them eating treats.


$250

PhyWhisperer-USB Kit

A PhyWhisperer-USB in enclosure, MCX to SMA cable, MCX to BNC cable, and 2x micro-USB cables. Save $25 off the planned retail price.

Details

Recent Updates


As Featured In

CNXSoft - Embedded Systems News

"PhyWhisperer-USB is a hardware USB sniffer & triggering platform that allows users to test the security of USB devices using side-channel power analysis and fault injection using a Python 3 interface, beside simply capturing packets."

instrumentacionhoy

"Generando también señal de reloj sincronizada con la del bus, esta plataforma para monitorización y activación del protocolo USB 2.0 es programable desde un ordenador utilizando Python."

PhyWhisperer-USB is part of the Microchip Get Launched 2019 design competition!

USB is the most common interface for computer peripherals (maybe you’ve heard of it?), which nowadays includes many USB-connected security devices such as Bitcoin Wallets, FIDO2 keys, and encrypted drives. Three of the biggest threats to these security devices are USB protocol errors (often found with fuzzing), side-channel power analysis, and fault injection. PhyWhisperer-USB targets those last two - it serves as a cycle-accurate triggering and monitoring tool. It watches the USB bus for specific data patterns, triggers an event (such as a fault injection or recording a power trace), and can also record USB data.

Hardware-level Sniffing

Because it’s also a hardware sniffer, PhyWhisperer-USB can watch the USB bus to monitor errors and other events that won’t make it into a software-only sniffer. It also generates a clock synchronized to the USB bus itself, giving perfect cycle-accurate timing and allowing very repeatable power measurements.

Portable and Extendable

This is all wrapped up in a nice enclosed box you can chuck in your bag. It also connects nicely to other tools (ChipWhisperer, ChipSHOUTER, GreatFET, oscilloscope) to provide extended features all controlled by one Python script.

Open Source

Power-users will love the fact it’s open source with spare FPGA room and a built-in programmer to reload the FPGA bitstream in a few seconds. It’s built by NewAE Technology Inc., who has experience delivering open source hardware tools for security analysis and has a reputation for professionalism and seriousness.

USB Fuzzing & Hacking

When you think of USB hacking, you might think of Kate Temkin attacking the Nintendo Switch via sending malformed USB packets (even see the CVE). That work has spun into a ton of great tools (see this talk by Kate Temkin and Mikaela Szekely), which we aren’t looking to replace.

PhyWhisperer-USB concentrates on hardware-level pattern matching for super-precise triggering. It’s something that only a handful of expensive commercial tools offer, and if you want to extend them with your own logic, you’re out of luck. But because PhyWhisperer-USB is open-source, you can freely add your own logic to the FPGA.

USB Sniffing

PhyWhisperer-USB can act as a hardware sniffer with the features you’d expect, like cycle-accurate timestamps on data packets and monitoring errors on the bus.

The one missing sniffing feature is a large amount of on-board memory to deal with ‘bursty’ data (think trying to sniff a USB video camera or USB thumb drive). But most people dealing with USB don’t care about that - most problems you debug with USB are during enumeration and configuration phase, which the PhyWhisperer-USB can easily keep up with.

PhyWhisperer-USB concentrates on the hardware and computer interface - to get GUI decoding you can use Wireshark (which supports USB decoding) to monitor the data, or perform some basic parsing using code such as in OpenVizsla. This project isn’t designed as a sniffer first (like OpenVizsla or Total Phase Beagle 480), so trade-offs are made to give you other features that fault injection and power analysis power users might need (like being able to power-cycle the target).

Fault Injection & Side-channel Power Analysis

The PhyWhisperer-USB was developed as part of tooling that would have been useful for Colin O’Flynn’s EMFI attack on the Trezor Wallet.

This work was something Colin O’Flynn talked about at RECON. Colin later extended this to attacking a FIDO2 key and other USB stacks in general (see upcoming Black Hat talk, and upcoming WOOT paper). The PhyWhisperer-USB simplifies both recreating this work and validating other targets by providing a simple open-source reference platform.

Fault Injection

Briefly - why does someone developing USB care about fault injection? Because your USB stack has all sorts of assumptions about correct processing. For example, this code defines how much data to send back — either the correct (guid.header.dwLength) amount, or the incorrect (*len which can request up to 64K) amount:

*buf = (uint8_t*)(&guid);
*len = MIN(*len, guid.header.dwLength);
status = USBD_REQ_HANDLED;

By performing “fault injection”, we cause the microcontroller to take the wrong path. Performing fault injection needs some other tools to generate the fault - this can be something like a ChipWhisperer-Lite/Pro, a ChipSHOUTER, or your own DIY tools that can be as basic as a multiplexer IC (less than $5, see work by https://Chip.Fail).

Now, suddenly an attacker can read up to 64K from RAM/FLASH, which for many devices includes private keys or other data you shouldn’t have access to. Micah Scott was the first person to demonstrate this specific attack, where she dumped firmware from a tablet by performing fault injection during USB enumeration.

But the difficult part is getting the timing right. We want to hit the one instruction in that comparison without affecting anything else. PhyWhisperer-USB uses the actual USB data “over the wire” to give you perfect timing, with the ability to sweep the offset to search for the exact right timing.

One of the other cool things PhyWhisperer-USB does is allow you to can poke a device and see what happens. So if you are performing fault injection, it can be valuable to see if the device is resetting, returning invalid data, or something else. Because PhyWhisperer-USB is a hardware sniffer, it lets you see everything the device is doing. It’s another example of why this tool is purpose-built for this use-case.

Side-channel Power Analysis

Now side-channel power analysis is something else - we simply listen to what the device is doing. Devices take different power for different instructions or data, which it turns out can be used to break a lot of cryptographic implementations. This was used in 2013 to attack a YubiKey 2 (long since fixed on current versions of YubiKey), and more recently a Trezor implementation. Here’s a simple example of how easy it is to connect an oscilloscope to the SPA measurement port:

Getting the right timing is important to all of the above attacks. This consistent need to have “on-the-wire” triggering is what drove me to develop PhyWhisperer-USB and what makes it unique among USB analysis tools.

Features & Specifications

  • USB modes supported: USB 2.0 Low/Full/High Speed
  • FPGA: Xilinx Spartan 7S15
  • Control PC connection: Micro-USB 2.0 HS
  • Host USB connection: Micro-USB
  • Target USB connection: Female A connector
  • Target power source: Selectable to come from Host USB or Control PC
  • Spare digital I/O: 8 data pins, 1 clock pin routed to FPGA (on front panel)
  • Clock output: 60 MHz, derived from 480 MHz USB clock (on ChipWhisperer clock pin)
  • Trigger pattern: 1 - 64 bytes with mask
  • Trigger delay: 0 - 1048576‬ cycles of 240 MHz internal clock (derived from USB clock)
  • USB sniffer FIFO: 8192 bytes (FPGA block RAM, adjustable depending on FPGA utilization)
  • Control PC software: Python 3 library, Windows/Mac/Linux support (including signed Windows drivers)

Hardware Design

Interfacing

A Microchip USB3500 front-end provides a simple parallel interface to the Xilinx Spartan 7S15 FPGA. This allows the device to monitor the USB traffic in real-time and, in the future, could even allow the PhyWhisperer-USB to transmit USB traffic (including invalid packets). This device uses a Microchip ATSAM3U1C as the high-speed USB interface to the host PC. The use of the ATSAM3U1C provides more flexibility than an FTDI device, since you can run code on the microcontroller for other tasks.

Power

The USB front-end has a number of jumpers to allow routing of power in various ways. By default you use it as a simple sniffer, but by adjusting some jumpers, you can insert a 5-ohm shunt resistor into the USB power line. This shunt resistor allows ‘simple power analysis’ to be performed on a device. The output of the shunt is routed to an MCX connector on the front-panel.

Documentation & Sources

Source code is maintained at github.com/newaetech/phywhispererusb. This repo holds:

  • Python library (in development)
  • Microcontroller firmware
  • PCB sources in Altium Designer format (sorry Chris Gammell)
  • FPGA design files

We maintain a support forum at https://forum.newae.com for all NewAE Technology Inc. products.

Comparisons

This table shows mostly commercially available tools. There are a few other open-source and upcoming tools you can compare to as well. Micah Scott’s FaceWhisperer is an open-source add-on for performing USB glitching, for example. It uses a microcontroller to orchestrate the attack. We’ve also included the upcoming Rhododendron neighbour for GreatFET, which adds hardware sniffing at one of the lowest costs.

FeaturePhyWhisperer-USBTotal Phase Beagle 480OpenVizslaGreatFET/GlitchKit+ Rhododendron
USB mode2.0 LS/FS/HS 2.0 LS/FS/HS 2.0 LS/FS/HS 2.0 LS/FS/HS 2.0 LS/FS/HS
Hardware sniffing including errorsYes Yes Yes No Yes
......+ cycle accurate timestampsYes Yes Yes None No
On-board bufferNo 64 MB 32 MB None None
Host softwarePython¹ Beautiful GUI + API Support Python¹ Python Python¹
FPGA sizeSpartan 7 XC7S15 ? Spartan 6 LX9 -- --
FPGA toolchainVivado N/AISE N/AN/A
Open?Yes No Yes Yes Yes
Trigger OutputHardware-based Hardware-based Hardware-based Firmware-based Firmware-based
Programmable cycle accurate offset for triggerYes No No (requires FPGA additions) -- --
Target power controlYes, button + API No No Yes, API Yes, API
Power analysis connectorYes No Yes (with soldering) No Yes (with soldering)
Amplified/Buffered front-endNo Yes No No No
EnclosureYes Yes No No No
IP68 ratingNo No No No No
SupportGood luck Yes (commercial) Community Community Community
QA managersCanine Human Canine Human Human
Cost USD$225 $1400 $140 $80 TBD (~$20?)
Scotch-price equivalent²Adelphi Glen 22 Laphroaig 32 Glengrant 18 Benromach 15 Johnnie Walker

¹: Python interface that can be extended with open-source viewers including Wireshark ²: Conversion based on missionliquor.com

Comparison Caveats

If you’ve made it this far (or are maybe just skimming?), we want to highlight a few important notes from the above table, and general information about PhyWhisperer-USB:

  1. PhyWhisperer-USB does not have an internal buffer for sniffing large USB packets, something the Beagle 480 and OpenVizsla both have.
  2. PhyWhisperer-USB has connectors for power measurements, but does not have an internal ADC to report current consumption. You will need external equipment to perform the measurement.
  3. PhyWhisperer-USB can generate highly precise triggers for inserting glitches, but requires some external hardware to actually insert the glitches. Watch for a project update if you want to see how cheaply that can be done.

Python API

PhyWhisperer-USB ships with a simple API that lets you quickly connect the device and get it running. It uses Python 2/3 and works in Windows/Mac/Linux - it’s the exact same USB interface we’re using in ChipWhisperer, so it has a lot of testing behind it. It also has good Windows support - meaning signed drivers that will work with Windows 10/64-bit no problem.

import phywhisperer.usb as pw
phy = pw.Usb()

#Example - load your own custom bitstream into the FPGA
phy.load_bitstream('user_magic.bit')

#Example - power cycling target
pw.set_power_source("host")
time.sleep(0.5)
pw.set_power_source("off")
time.sleep(0.5)
pw.set_power_source("host")

#Example - sniffing something
pw.set_usb_mode_fs(True)
data = pw.sniff_usb_traffic(200)

#Example - set a trigger pattern
pw.set_data_trigger(data=[0xC0, 0x20], mask=[0xFF, 0xFF])

Reloading the FPGA (or SAM3U) Via Python

Good news! The FPGA & SAM3U firmwares are both open-source. But more than that, the programmers for both are built in. In fact, the PhyWhisperer-USB reloads the FPGA firmware from the computer when connecting, and it takes less than 2 seconds to reconfigure the FPGA. The FPGA is configured from the Python API. The SAM3U has a ROM bootloader so it’s almost unbrickable, and you can reprogram it from the same Python API.

Both of these also have debug headers mounted on the board, in case you need to connect up JTAG.

Teacher Teacher Pledge Level

At this pledge level, you’ll get a seat at Colin’s side-channel + fault injection training starting December 2 in Redwood City, CA. No travel or accomodation included, but you will receive a PhyWhisperer-USB along with a ChipWhisperer. And you’ll learn how to use them, of course. The PhyWhisperer-USB can be used as an advanced trigger for the ChipWhisperer. Attendance normally costs $4000 - $5500, so you can save a good bit on the training by pledging here.

More information can be found at: https://hardwaresecurity.training/trainings/chipwhisperer-2019/

Manufacturing

We have extensive experience delivering hardware tooling. This product will have its circuit assembly built by an outside vendor and final testing/assembly done in-house. Our QA Manager who oversaw the ChipWhisperer-Lite will be tightly integrated with this project. In addition we’ve since added an Assistant (to the) QA Manager, Bergen, who is necessary due to the number of other ongoing projects we will be delivering.

Luna, our QA Manager - and Bergen, Assistant (to the) QA Manager.

Fulfillment & Logistics

As an engineering-centric company, we’ve discovered that logistics are the worst part of a project. Dealing with customs and shipping isn’t fun to us - so we’ll offload that to someone else! This project will be delivered via Crowd Supply’s fulfillment service, which is so professional they even have an entire page full of questions you might ask. Questions regarding such things should go directly to Crowd Supply through the form below. And after the campaign we’ll be selling via Mouser Electronics in addition to Crowd Supply.

Risks & Challenges

Things can go wrong and everything seems easier when it’s a plan on paper. In our case, we’ve reduced risk in the most critical aspect (hardware design) by using the device ourselves and testing that core features are working. Some parts that were looking dodgy for stock numbers we’ve purchased ahead of time to reduce supply-chain risk, although supply-chain risk remains a major concern.

We’ve also had support in developing the PhyWhisperer-USB as part of the Emera ideaHUB at Dalhousie University, where Colin O’Flynn is an Assistant Professor with the Faculty of Electrical & Computer Engineering. This has helped us get extra expertise to make the project even more likely to succeed!


Credits

NewAE Technology Inc

NewAE developed the ChipWhisperer, the first open-source tool for side-channel power analysis and fault injection. They have shipped over 2000 of their low-cost boards & now offer a wide range of products to help embedded designers evaluate and develop embedded hardware security solutions.


Colin O'Flynn

Jean-Pierre Thibault

Claire Frias

Franz Heubach

Alex Dewar

Liam Craig

Luna

QA Manager

Bergen

Assistant (to the) QA Manager

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects: