A simple and low cost platform to perform Power Analysis Attacks
Manuel Bejarano Carmona mbca09@student.bth.se
June, 2012
Abstract
Power Analysis Attacks use the fact that power consumption in
modern microprocessors and cryptographic devices depends on the
instructions executed on them and so, it varies with time. This leak-
age is mainly used to deduce cryptographic keys as well as algorithms
by direct observation of power traces. Power Analysis is a recent
field of study that has been developed for the last decade. Since then,
the techniques used have evolved into more complex forms, that some-
times require a variety of skills that makes the subject difficult to start
with. Nowadays it is changeling to tackle the problem without expen-
sive equipment; what is more, the off-the-shelf solutions to do Power
Analysis Attacks are rare and expensive. This thesis aim to provide
a low cost and open platform as an entry point to Power Analysis for
a price under 10 USD. Besides that, it is designed to be able to per-
form Simple Power Analysis and Differential Power Analysis attacks
to a 8 bit microcontroller, including the software needed to automate
the process of taking the measurements. Finally, the platform can be
extended to cover a wide range of microcontrollers, microprocessors
and cryptographic devices by simple insertion in a bread board, which
makes it the perfect device for new comers to the field.
Contents
1 Introduction 5
1.1 Power Analysis Attacks . . . . 6
1.2 Countermeasures Against Power Analysis Attacks . . . . 8
1.3 Hardware and Software Design . . . . 9
2 Power Consumption 9 2.1 Static and Dynamic Power Consumption . . . . 10
2.2 Power Models . . . . 11
2.3 Quality Criteria . . . . 12
3 Design of the Circuit 12 3.1 Microcontroller . . . . 14
3.2 PCB Layer Stack Up . . . . 15
3.3 Input Filtering and Decoupling . . . . 16
3.4 Clock Signal Selection . . . . 18
3.5 Isolated Communications Interface . . . . 20
3.6 Communication Protocol . . . . 21
3.7 Sensing and Triggering . . . . 23
3.8 In Circuit Serial Programming . . . . 24
3.9 Production Cost . . . . 25
4 Simple Power Analysis 27 4.1 General Description . . . . 27
4.2 Measurements Set Up . . . . 27
4.3 Template Attacks . . . . 29
4.4 Template Building . . . . 31
4.5 Template Matching . . . . 32
4.6 Examples . . . . 33
5 Conclusion 38
A Software Implementation 39
B Bill Of Materials (BOM) 58
C Gerber Files 59
D Circuit Schematic 63
List of Figures
1 Assembled Rev. A Circuit Board . . . . 13
2 3D View of the PCB . . . . 16
3 Oscilloscope timming and trigger settings . . . . 25
4 Pickit 3 Connection Schematic . . . . 26
5 Measurements Set Up . . . . 28
6 Capture of a power trace . . . . 30
7 Load accumulator power trace (1 vs 127 vs 255) . . . . 34
8 Clear accumulator power trace (1 vs 127) . . . . 35
9 No Operation (NOP) power trace . . . 36
10 AES-128 Power Trace . . . . 37
11 Bottom Copper Layer . . . . 59
12 Top Copper Layer . . . . 59
13 Bottom Solder Mask Layer . . . . 60
14 Top Solder Mask Layer . . . . 60
15 Bottom Silk Screen Layer . . . . 61
16 Top Silk Screen Layer . . . . 61
17 Drill File . . . . 62
List of Tables 1 Basic specifications of the target device . . . . 15
2 PCB and Layer Stack Up Configuration . . . . 15
3 Characteristics of the filter capacitors . . . . 17
4 Serial connection configuration . . . . 21
5 UART Configuration Parameters . . . . 22
6 Handshake command . . . . 22
7 Reset command . . . . 23
8 Resend command . . . . 23
9 Execute command . . . . 24
10 Cost of producing the first prototype batch . . . . 26
11 Bill Of Materials . . . . 58
1 Introduction
Power analysis attacks are cryptanalytic attacks that allow the extraction of secret information from cryptographic devices and generally, any inte- grated circuit. The difference with other cryptanalytic attacks is that they exploit the power consumption characteristics of electronic devices rather than mathematical properties of algorithms and ciphers. They are as well, non-invasive attacks that can be performed with off-the-shelf equipment but, as the attacks becomes more complex, the equipment required get more ex- pensive. Anyhow, this kind of attacks pose a serious threat to the security of these cryptographic devices that nowadays are embedded in many consumer electronic products.
Power analysis attacks were first used to retrieve keys out of cryptographic devices and since then, a wide range of techniques have arisen that, based on these foundations, expand the uses of Power Analysis attacks. In this section, we give an introduction to the problem of designing a low cost circuit to perform this kind of attacks to devices that, not entirely conceived to work as cryptographic devices, are powerful enough to perform all kind of computations, including cryptographic functions.
Grasping the necessary skills to face an attack using Power Analysis to a device as the one chosen in this thesis, can take some time until having a working set up. Then, we wanted to shorten this time and let the attacker concentrate in the analysis itself, leaving the details of the design of the circuit to a known and working platform.
This thesis intends to give a broader view of the very first steps that needs to be done before sitting in the laboratory and start working in the analysis of the target device, that by all means, at the end it is the important part of any research of this kind. Those steps comprise two main areas, the design of the circuit and the design of the software to perform the measurements, which until now, required extra engineering effort in the first phases of a research project about Power Analysis.
The order in which we present the topics is intended to a reader that
has never perform this kind of attacks. A general introduction to the field
is given in Sections 1.1, going into further details in Section 2, where we analyse how power consumption is modelled and simulated plus what is the different criteria to distinguish and classify power traces. There is glimpse about countermeasures against Power Analysis Attacks in Section 1.2 but the reader should know that there is an entire industry behind this processes and of course, intellectual property rights make it difficult to give a better understanding of how these countermeasures are implemented in silicon in the devices that we use today.
In the other hand, Sections 3 and 4 are dedicated to explain the details behind the design in the first place, and the basics about Simple Power Analysis in second case. A finer level of detail was intended in the design steps since the decisions involved have to be understood by the person using the circuit for research. For this purpose, Section 4 is written as the next logical step to follow after setting up the right laboratory equipment to analyse the target; a couple of examples are given at the end with the intention of providing a proof of concept of SPA. Since this platform is not only hardware based, Section 3.6 explains how the software was written taking into account the different Power Analysis techniques that can be used.
The reader should be aware that the topic is not covered as deep as in other papers and publications in the field, so it is recommended take a look at some of the main references like [MOP07] and [KJJ99] in order to have a better overview.
1.1 Power Analysis Attacks
Nowadays, most of the electronic devices that we use have a microprocessor,
a microcontroller or some sort of cryptographic capable device. They have
multiple uses but the main applications are related with security. Protecting
electronic money transactions, authenticating with a bank using a mobile
phone application or with a government institution requires some sort of
cryptography. All of this happens behind the scenes and without the user
being aware of it, and so, trust plays an important role in a lot of things
that are meant to be common used and wide spread. Those microprocessors,
sometimes, leak information by the simple fact of being executing one of the operations required to, for example, electronically sign a document. This leakage has serious security implications and then, trust is at risk.
Power Analysis Attacks can be targeted to devices that are built to do a simple cryptographic operations, but as it will be explained later, to any elec- tronic device that does something that we are interested in and has nothing to do with cryptography, for example, any sort of calculation such as check- sums or scrambling routines. Those attacks can be classified in two types, passive or active, depending on whether the device is operated attending to its specifications in the first case, or in the second case, if its inputs and the environment are modified or tampered to make it behave abnormally.
There are other kind of attacks that fall within any of the previous two and they could be invasive, semi-invasive and non-invasive attacks depending on matters related with what can be done with the device in order to obtain the secret key, algorithm, etc., that we are looking for.
Invasive attacks require expensive equipment and are meant to depackag- ing the device and probe into the signals directly on the silicon, see [KK99], [And08] and [Sko05]. Semi-invasive attacks follow the same procedure of depackaging the device but in contrast, there is not direct contact with the silicon, since the purpose is always to read out or erase memory cells or flip specific bits that can disable de memory protection measures, see [SSAQ02]
and [SA03]; same as before, semi-invasive attacks require expensive equip- ment too. Finally, non-invasive attacks are the cheapest to perform and are conducted interfacing with the devices through the physical available pins.
These kind of attacks are also called side-channel attacks, being the three most important types, timing, power analysis and electromagnetic attacks, see [Koc96], [KJJ99] and [GMO01].
As a definition, and quoting [MOP07, ch. 1.3], ”Power Analysis Attacks exploit the fact that the instantaneous power consumption of a cryptographic device depends on the data it processes and on the operation it performs”.
This principle is the one that drives the design of the circuit in this thesis.
The examples presented in Section 4.6 are based on a 8 bit microcontroller
executing pieces of code that have been previously flashed into the device
memory and cover some basic algorithms and calculations that are known to the attacker. The execution flow is controlled from a computer that sends commands and communicate with the device. In order to measure the power consumption in the device we placed a resistor between 1Ω and 68Ω in the VDD line of the microcontroller. Since the voltage drop across this resistor is proportional to the power consumption of the microcontroller, we can then plot and analyse this voltage versus time that was measured with an oscilloscope. Looking for interesting points and try to find relationships between the data processed and the instructions that were executed are the basics of Power Analysis Attacks.
1.2 Countermeasures Against Power Analysis Attacks
The fact that the power consumption of a device depends on the data it pro- cesses makes difficult to implement a cryptographic algorithm in hardware or software without taking some precautions to avoid an attacker to charac- terize the device by recording its power traces. The countermeasures try to mitigate this dependency by using two techniques:
Hiding consists of removing the dependency that exists between the data and the power consumption, which is a difficult task since there is al- ways a relationship between these two variables. To achieve this, the execution of the algorithm is randomized or the device power consump- tion is altered in order to make it difficult for an attacker to find this dependency in the power traces.
Masking is slightly different and it allows data dependency but not in the intermediate values of a particular algorithm; those values can be, for example, the result of one of the steps of a AES encryption algorithm.
Masking those values means randomizing them and thus, making the key extraction a tedious or almost impossible process.
But, apart from these two principles, there is another one particularly
known in the security field, that says that the security can be increased by
avoiding the use of repeated session keys plus not relying the entire security of
the system in the paradigm of ”security through obscurity”. If a device can be characterized from its power traces, the device can not be considered secure any more, since any code executed by the microcontroller can be compared against power templates to find what it does and how it is done.
1.3 Hardware and Software Design
As we have mentioned at the beginning of this section, the skills required to analyse a device based on its power consumption go from mathematics, statistics, analogue design and software development plus being familiar with some instrumentation such as Digital Sampling Oscilloscopes and the typical bench instruments found on any electronic laboratory.
Our intention was to provide a combination of ready to use hardware and software to let the user concentrate in the analysis of the device under attack. This required some experience in electronic design since we wanted to produce a Printed Circuit Board that, in most of the cases in the literature, is neglected and not explained at all. The set up of this kind of measurement environments is forgotten or not mentioned in most of the papers and then, there is a lack of a platform to investigate without spending thousands of dollars in solutions like the SASEBO boards, see [KSS + 08], [KSS + 09] and [SAS07].
Another point to have into account is that the design does not contain electronic components like FPGAs or DSPs to perform real time analysis, but the minimum to grasp the basics and familiarize with the related concepts and thus, the intention of an entry point level design.
2 Power Consumption
In this section we discuss the basics of power consumption in CMOS digital
circuits. The fact that a digital integrated circuit like a microcontroller needs
power to execute the operations that it is programmed to do is obvious. The
kind of power supply necessary determines if a device can be attacked or not,
among other things.
There are some decisions, within digital circuits design, that have direct implications in the power consumption of the device. Those decisions are made at all levels, including system level, architecture level, cell level, tran- sistor level, and the different kind of MOS technologies used to create the building blocks of the final device.
In order to calculate the instantaneous power consumption of a device, we should know that the supply voltage is constant at all times but the circuit draws current depending of the state of the logic blocks that are needed in this particular slice of time. Then, the power consumption of the circuit P cir is given by equation 2.1, where V DD is the supply voltage and i DD is the instantaneous current.
P cir = 1 T
Z T 0
p cir (t) dt = V DD T
Z T 0
i DD (t) dt (2.1) In addition to this, we differentiate between the power consumption when the cells that forms the logic gates are in a ON or OFF state, that is, static or dynamic power consumption. The total power consumed by a device will be the sum of both, P stat and P dyn .
P cir = P stat + P dyn (2.2)
2.1 Static and Dynamic Power Consumption
The static power consumption is orders of magnitude smaller than the dy- namic power consumption due to the nature of the CMOS technology. Logic blocks built using CMOS consists of a Pull-Up Network (PUN) and a Pull- Down Network (PDN) that are never conducting at the same time and thus, there is no current flowing from VDD to ground, resulting in no power con- sumed by the logic block.
There are always leakage currents but they are of the order of pico Farads
and so, not important when compared with the dominant dynamic power
consumption that represents, almost on its own, the total power consumption
in the device. Obviously, the dynamic power consumption is then directly
related with the data that is processed as mentioned in Section 1.1.
2.2 Power Models
Models play an important role in Power Analysis Attacks since the attacker has the need of mapping power traces to data involved in the computations.
This is referred as a kind of a power simulation in [MOP07, ch. 3.3]. The attacker needs to build a model for the device under attack or in other words, the attacker characterize the power consumption of the device using a power model. The two most relevant power models are the Hamming-Distance Model and the Hamming-Weight Model. There are, as well, variations of these models that we don’t cover here but can be found in [MOP07, ch.
3.3.3].
Hamming-Distance Model : This model is used to describe the power consumption of buses and registers and it is based in the fact that an attacker can know by intuition, since the building blocks of digital circuits are similar among devices, how some parts of the microcon- troller are connected and interact with each other. A change in a data bus from one state to another will produce a variation in the power consumption that will be proportional to the variation in the Ham- ming weight of the two values that were in the bus, see Equation 2.3.
Knowing that, the attacker can predict the data that will be in the bus, if for example the algorithm that is executing is known, by simple observation of some power traces.
HD(v 0 , v 1 ) = HW (v 0 ⊕ v 1 ) (2.3)
Hamming-Weight Model : In order to use this model, the attacker as-
sumes that, given a data value to be processed, the power consumption
is proportional to the number of bits set in this value. This assumption
by itself does not throw a lot of information about the value of the data
being processed or previous data in a bus. But, it serves as a perfect
tool to characterize the power consumption of a device for which we can
perform a controlled non-invasive attack. For example, we can identify
the device that is used in a circuit and build a separated test circuit
with the same or a similar device; then we can write software for it and take as many measures as we want using the techniques described in Sections 4.3 and 4.4. Note that the power consumption can be directly or inversely proportional to the number of bits set in the value under study. After fully characterize the device it’s a matter of matching the power traces with the templates built for the attack.
2.3 Quality Criteria
Measuring power signals is influenced by two main sources of noise, electronic noise and switching noise. Those sources or noise are produced in the first case by thermal noise, reflections, crosstalk, filtering and in the second case by the nature of the CMOS technology due to the switching time of the logic cell being in the order of nano seconds, which produces frequencies in the giga Hertz range when the circuit is working at a couple of mega Hertz.
These and other considerations were taken into account in the layout process of the Printed Circuit Board and they are explained in detail in the next section. Filtering the power supply, isolating the communication interface, using short traces for the clock signal and proper decoupling of all the integrated circuits in the board are, among others, some of the constraints that have to be taken into account when designing a circuit to do Power Analysis Attacks.
3 Design of the Circuit
Now that we have established the formal core concepts behind Simple Power Analysis, the task was to design a circuit taking into account two premises:
Automated Measures : Together with the software, the system should
have the capabilities to perform automatic measures in conjunction
with an oscilloscope and a computer. Due to the nature of the power
analysis method, there is a clear need to perform thousands of mea-
sures to cover the microcontroller’s instruction set, but not limited to
that; removing the noise will add another constraint to the amount
Figure 1: Assembled Rev. A Circuit Board
of measures required, since, as described in Section 2.3, increasing the number of measures reduces the noise and the variance.
Low Cost : There is an intrinsic relationship between cost and features when it comes to designing a circuit to perform power analysis but, as it turned out, there is a balance that can fulfil our expectations for a relatively low budget of around 150 USD. This is described with more detail in Section 3.9.
In the following sections, we will cover the most important decisions that
were made in the design of the circuit. Although the proposed circuit could
seem simplistic, it is powerful enough as it was intended from the beginning
and, in the other hand, adequate for the task. This design was inspired in the
one described in [MOP07, ch. 3.4.4] for analysing a microcontroller. How-
ever, it was improved in some aspects and complemented in others, making
it easier to expand or adapt to analyse a bigger variety of devices.
3.1 Microcontroller
The selection of the device under analysis was made attending to some basic assumptions:
Clock Frequency : Since we were limited by the accuracy of the equipment in the laboratory, we had to select a microcontroller that was able to run at a relatively low frequency. That’s not usually a problem since these devices have been around for a long time and there is a huge range that satisfies our needs. The main factors to consider were the input bandwidth, the sampling rate and the resolution of the oscilloscope.
Choosing a microcontroller that is able to run at 4 MHz falls within the specifications of our measurement equipment since we were using a 200MHz bandwidth oscilloscope; the sampling rate won’t conflict with the Nyquist-Shannon sampling theorem since we could set the sampling rate to be at least twice as high as the highest frequency component without loosing information of the input signal, see [OS09].
We selected a sampling rate that was five times higher than the most dominant frequency in the power consumption signal, that is, 20 MHz.
Serial Interface : Although this is not a hard requirement, in order to avoid programming the device every time we want to measure something, it had to have at least a serial interface to communicate with a computer.
Apart from these two requirements, the final device, Microchip PIC16F628A (see [Mic09]), was chosen considering my previous experience and the avail- ability of development tools that would shorten the learning and development processes. Table 1 shows the basic specifications of the target device.
One last consideration, but not less important, was the fact that the
selected microcontroller has low power features (120 µA at 1 MHz, 2.0V,
typical) that will influence the design of the sensing circuit as it is explained
in Section 3.7.
Processor Type High Performance RISC CPU Number of Instructions 35 single-word instructions
Bus Width 8 bits
Program Memory 2KB Flash
Data Memory (SRAM) 224 Bytes Data Memory (EEPROM) 128 Bytes Operating Voltage 5V
Clock Frequency Precision internal 4 MHz oscillator Table 1: Basic specifications of the PIC16F628A
Number of Layers 2
Copper Thickness 0.035 mm Isolation Core Thickness 1.5 mm
Width 40 mm
Length 50 mm
Table 2: PCB and Layer Stack Up Configuration
3.2 PCB Layer Stack Up
One of the most important considerations before starting to layout the Printed Circuit board was to decide the best layer stack up to reduce the noise to a minimum. Due to the budget, the number of layers was reduced to two.
That was not a big issue by the time of designing the board but the ideal configuration would be a four layers board of which two would contain signals and the other two would be a power and a ground plane respectively.
Separated ground and power planes offer a lower impedance path between power and ground at high frequencies due to the distributed inter-plane ca- pacitance, see [Wil12, ch. 2.2.4], as well as improving the electrical signal integrity of the grounding system and EMC. As stated before, only two lay- ers were used and as such, we used two ground planes on each layer in order to create an isolation barrier between the computer and the microcontroller, as it will be explained in Section 3.5. Table 2 shows the layer stack up configuration and the PCB dimensions.
Although the current and voltage levels of the circuit were not too high to
consider further design constraints, multiple-point grounding concepts and
Figure 2: 3D View of the PCB
ground stitching (placing multiple vias between ground areas on different layers), see [O’H01], were used in early designs, but only the latest was maintained in the PCB revision that was used to test the circuit. For more information about grounding techniques, see [Coo07, ch. 15]. Figure 2 shows a 3D view of the first revision of the PCB.
3.3 Input Filtering and Decoupling
A basic requirement for a low noise design starts by having a noise free and stable input power supply. The main idea was to use several capacitors to filter the noise at different target frequencies and to have a common power supply for al the integrated circuits on the board. This idea was rejected since the RS-232 transceiver used in the design comes with a DC-DC buck converter which introduces a considerably amount of noise in the power line.
We decided to separate the power lines in order to have one signal to power
the microcontroller and a second one to power the rest of the ICs in the
Reference Value Type
C15 470 uF Tantalum
C16 47 uF Ceramic
C17 0.1 uF Ceramic
C18 100 pF Ceramic
Table 3: Characteristics of the filter capacitors
design.
The filter configuration adopted to power all the ICs except the micro- controller was a CLC filter in a π configuration. A ferrite bead was used but it can be bypassed using a zero Ohm resistor if necessary depending on the noise requirements, see [Pau92] and [Ber11]. Table 3 shows the characteristics of the capacitors that were selected.
With this set of capacitors we cover a whole range of frequencies to be filtered out of the power line signal and that should be enough. But we opted to add an additional linear voltage regulator with ultra low-noise output and very low drop out voltage which adds extra stability and allows a wider range of input voltages. This LDO is able to provide 500 mA at the output so it is more than enough to power the circuit; another interesting characteristic of this LDO is the possibility of being enabled on demand using a PWM signal but, since the circuit is powered at all times and there are not multiple voltage requirements to be satisfied, there was not a clear need to drive the LDO using the microcontroller as such, so the enable pin (EN) is connected to the input pin (IN), see [Mic06, p. 8]. Finally, there are two extra capacitors for decoupling (C19) and to add stability to the circuit and reduce the noise (C20), see [Mic06, p. 9].
The final design came up with two differentiated power lines, VCC FILTERED and VCC UNFILTERED that were used to power the ICs and the microcontroller respectively. The reasons behind using VCC UNFILTERED to power the micro- controller were mainly, to use a different filter topology plus to maintain two different voltage nodes to balance the loads.
The filter topology chosen to filter the power signal of the microcontroller
is a LC filter, with a ferrite bead and three capacitors. Similarly to the
previous filter configuration, the values chosen were the same except for the 100 pF that was not used this time, see Table 3. Both power lines were measured with the oscilloscope with satisfactory results regarding noise and stability.
3.4 Clock Signal Selection
The clock signal pays an important role in the design of the circuit since it is one of the key pieces in the power analysis. Selecting the appropriate clock frequency will affect the measurements and can be a limitation due to not using the proper equipment. In this section we will cover the different options that are available in the circuit together with their advantages and drawbacks.
As stated in Section 3.1, the selected clock frequency was 4 MHz. The microcontroller by itself has an internal precision oscillator that is capable of running at exactly 4 MHz, see [Mic09, ch. 14.2.4] but the idea was to have multiple sources to generate the desired clock frequency. The reason behind that is simple and was to provide different power consumption scenarios, as one can select the most appropriate oscillator configuration to perform the power analysis.
There are four possible configurations available that can be configured by using jumpers as explained below:
Internal Precision Oscillator : This is the most common configuration if the desired clock frequency is 4 MHz since there is no need for ad- ditional components on the board. The microcontroller is able to run up to 20 MHz but, obviously, that will be disadvantage for the power analysis because of the reasons explained in Section 3.1 and of course, additional components are required to run at this speed. However, the most important consideration is the power consumption that we tried to maintain at a minimum disabling all peripherals and using external circuitry when available.
Crystal Oscillator / Ceramic Resonator : There are three different modes
when using this configuration: XT(crystal/resonator), LP (Low Power crystal) and HS (High Speed crystal/resonator). We decided to use a quartz crystal so the oscillator configuration was set in XT mode.
In this mode a crystal or ceramic resonator is connected to the OSC1 and OSC2 pins to establish oscillation (see [Mic09, fig. 14-1]). The PIC16F628A oscillator design requires the use of a parallel cut crystal.
The use of a series cut crystal may give a frequency out of the crys- tal manufacturers specifications. This mode requires as well the use of two capacitors (C6 and C7) that according to [Cor04] have to be 18 pF each. To select this configuration, jumpers JP5 (CLKIN) and JP6 (CLKOUT) have to be set.
Clock Oscillator : Similarly to the previous mode, there are some cases when a packaged ceramic oscillator is desired, avoiding the need for extra capacitors. We selected a 4 MHz HCMOS/TTL clock oscilla- tor that can be activated setting the jumpers JP1 (power) and JP2 (CLKIN), see [Cor08].
External Clock : Since the measurements were taken in a laboratory envi- ronment where there was a waveform generator, it was a good idea to use it and so, according to [Mic09, ch. 14.2.5], an external clock signal can feed the microcontroller. We added a standard BNC connector plus a single logic inverter as shown in [Mic09, fig. 14-4]. The inverter used, see [STM04], required two additional components, a 0.1 uF de- coupling capacitor plus a 22Ω resistor at the output to reduce the rise time and preserve the signal integrity. This configuration is activated when setting the jumpers JP3 (power) and JP4 (CLKIN).
All these configurations were measured in the laboratory with the oscil-
loscope and all matched the specifications and produced a clean and smooth
4 MHz signal.
3.5 Isolated Communications Interface
As stated in Section 3, one of the main goals of designing this circuit was to be able to perform the measurements in a automated fashion. For this task, and inspired by [MOP07, ch. 3.4.4], we decided to use the Universal Synchronous Asynchronous Receiver Transmitter (USART) peripheral of the microcontroller to communicate with a PC using a custom protocol through a RS-232 channel. The details of this protocol are explained in the next section.
Surprisingly, all the set ups that I have seen so far did not use an isolated communication interface and that’s a drawback in my opinion, since a lot of noise can be introduced in the circuit through these lines. Then, the idea was to find a solution to isolate the measurement part of the circuit from the communications part.
The first idea was to use one optocoupler with two channels, one for each RX and TX lines respectively. The problem with this solution, that by all means was simple and elegant, was the need of an external and isolated power supply for the optocoupler; that will add extra components and increase the cost so we looked for other alternatives.
The final design uses an Isolated Single-Channel RS-232 Line Driver/Re- ceiver, see [Dev10], that comes with an integrated DC-DC buck converter that is able to power the isolated part of the circuit by itself, avoiding the need of feeding the isolated part through external circuitry. The DC-DC buck converted has to be enabled by setting the VCC pin between 4.5V and 5.5V, for this matter we used the VCC FILTERED power line to feed it. Ac- cording to [Dev10, p. 11], the VISO pin should not be used to power external circuitry so, in our case, only three pins are connected to the serial interface:
TX USB, RX USB and GNDISO, this last one is used as the reference to produce the RS-232 signal. We need as well six 0.1 uF capacitors for decoupling and bypassing as described in [Dev10, p. 11]. The connections between the mi- crocontroller, the transceiver and the computer were done as shown in Table 4.
Finally, but not less important, it is the fact that the layout of the
Microcontroller Transceiver PC (DB9)
TX (8) ROUT (8)
RX (7) TIN (9)
VSS (5) GND (4-7, 10)
TOUT (16) RXD (2)
RIN (15) TXD (3)
GNDISO (11) GND (5) Table 4: Serial connection configuration [NAME (pin)]
transceiver and decoupling capacitors was done following the directives given by the manufacturer in [Dev10, p. 13] when possible. Some considerations were left behind due to cost or physical space constraints, since, as proposed by the manufacturer, a six layer PCB would reduce the EMI emissions that, with no doubt, can affect the performance of the measurements. But, as stated in the beginning of this section, the currents, voltages and frequen- cies handled in the circuit were far away from high speed, high voltage or high current considerations. So, at the end, a good isolation was achieved by a proper layer stack up plus using separated ground planes and ground stitching methods.
3.6 Communication Protocol
The process of automating the measurements has a serious constraint that is adjusting the timing between the oscilloscope, the computer and the in- structions executed in the microcontroller. This process is described in more detail in section 4.2. The challenge was to design a simple protocol that made the measures easier to synchronize.
The protocol is based in four simple commands: handshake, reset, resend and finally, an execution command. An important decision was made based on the design of the microcontroller UART, since it has a FIFO buffer that is capable of storing two bytes at a time, see [Mic09, ch. 12.2.2], so, to increase the performance, we decided that every command should have even number of bytes. Table 5 shows the UART configuration.
Now, we present the commands in detail:
Mode Asynchronous Bandwidth 9600 bps
Data 8 bits
Parity None
Stop 1 bit
Flow Control None
Table 5: UART Configuration Parameters
Handshake : This command is sent at the beginning of every transaction and is a simple echo of the two bytes. It is used as well as a keep alive command to find out if the microcontroller is running or in a low power state. If everything is working and the UART has been initialized, the microcontroller resend the bytes received, see Table 6.
Reset : This command serves as a hard reset of the UART of the micro- controller. The microcontroller executes the initial code and set up the UART as it is done when powering it on. After this command is sent, the microcontroller will wait for the handshake, see Table 7.
Resend : This command is used when the checksum of an execute command is wrong and forces the PC to resend again the command, see Table 8.
Execute : This command contains the information for executing a single in- struction or a set of them with or without repetitions and the operands.
With this command it is possible to test entire algorithms if desired as well, just by establishing a common operand for it, see Table 9.
Length 2 Bytes
Command 0x10 0x20
Response 0x10 0x20
Use At the beginning of every transaction.
Table 6: Handshake command
The XX parameter in the execute command corresponding to the instruction
id is a number from 0 to 34 that represents the instruction to execute ac-
cording to the set of instructions as presented in [Mic09, tab. 15-2, p. 118];
Length 2 Bytes
Command 0x10 0x30
Response 0x10 0x20
Use Force UART to hard reset, then handshake.
Table 7: Reset command
Length 2 Bytes
Command 0x20 0x20
Response 0x20 0x20
Use Ask PC to resend the last execute command.
Table 8: Resend command
then, for example, to execute the instruction movlw 0x05 once, the command will be 0x01 0x40 0x1C 0x05 0x01 0x18, where 0x1C is 28 decimal that is the instruction id, 0x05 is the literal, 0x01 is the number of repetitions, in this case it will be executed exactly once, and 0x18 is the checksum that is calculated as 0x1C xor 0x05 xor 0x01 = 0x18.
3.7 Sensing and Triggering
Maybe, the most relevant part of the circuit due to the nature of the method used to measure the power consumption, is the fact that there are traces on it that are correlated to the instructions that are executed in the microcon- troller.
The idea is simple and is implemented by putting a resistor in series in the VDD line of the microcontroller right after the filter. Attached to it, we put test pads that were connected to the oscilloscope to monitor the voltage across the resistor while the microcontroller was executing a controlled set of commands that were transmitted using the protocol described in the previous section.
The only design consideration was to choose the appropriate value of
the resistor or, in fact, using a couple of them in a parallel configuration to
reduce the effect of the tolerance in the value; this is possible because the
values of the resistors are normal distributed. But, as in the previous section,
Length 6 Bytes
Command 0x10 0x40 XX YY ZZ KK
Response 0x10 0x20
Description XX: instruction id
YY: literal
ZZ: repetitions/mask/operand KK: checksum (XX xor YY xor ZZ)
Use Execute single or multiple instructions or algorithms.
Table 9: Execute command
the physical space on the PCB is a constraint that did not let us include a couple of resistors, so there is only 1Ω (0.1%) in the final design.
The selection of the value turned out to be a mistake when we started to take measures since the power consumption was so low, that the voltage across the resistor that was around 1 mV was mixed with bare noise. The trick was to increase the value of the resistor in order to be able to distinguish a slightly change in current consumption versus voltage across the resistor.
The results that are be presented in Section 4.6 were taken using three 22Ω resistors in series, adding up a total resistance of 66Ω.
Being able to measure the desired thing is a complicated task to do with- out the help of some kind of synchronization between the target device and the device used to measure the variations in power consumption. For this reason, we set up one of the General Purpose Input Output pins of the micro- controller to act as a raising/falling edge trigger signal. This pin will go from low to high state when starting/finishing the execution of the commands specified by the computer. An example of how to set up the timing scale and the trigger is shown in Figure 3.
3.8 In Circuit Serial Programming
Writing software using a low level programming language like assembler could
be difficult to debug looking for bugs if tools like In Circuit Debuggers are
not used. The same reason apply when the microcontroller comes in a small
package that is appropriate for surface mount applications but, in practice,
Figure 3: Oscilloscope timming and trigger settings
can not be programmed using old fashioned programmers. The idea was to adapt the circuit in order to be able to use these tools.
Microchip has a cheap and powerful solution called Pickit 3, see [Mic10], that is a low cost In Circuit Debugger/Serial Programmer that cost less than 40 USD and can program and debug the whole range of Microchip’s devices.
In order to interface the Pickit 3 with our design we had to simply follow the connection guidelines given in [Mic10, ch. 2.3, 2.4] with a slight modification, that is, the addition of a Schottky diode (D1) that prevents the current from flowing when using the Pickit 3 and the board was powered by an external power supply. The connection configuration is shown in Figure 4.
3.9 Production Cost
Finding the balance between cost and features was one of the key points that
drove this design from the early stages. Here we present the production cost
of 10 units of the circuit including all the necessary components, the printed
Figure 4: Pickit 3 Connection Schematic Components 115.68 USD PCBs (10 boards) 13.90 USD Taxes (customs) 44.30 USD
Total 173.88 USD
Table 10: Cost of producing the first prototype batch
circuit boards plus shipping and taxes. All the components are surface mount components for which most of the footprints used in the layout of the PCB were custom made; these costs are seen as engineering work and are not taken into account. These costs do not include the assembling of the boards either, since it was done manually. Table 10 shows the detailed cost of producing the prototype.
If we calculate the price per board, 17 USD could seem over price but
this can be reduced to 13 USD if the components were available at any EU
supplier by the time of production. What is more, using a double channel
optocoupler instead of the transceiver, which costs 7 USD per chip, can even
decrease the costs to 7 USD per board, that is so far, the cheapest solution
to perform Power Analysis Attacks.
4 Simple Power Analysis
In this section we cover the basic formal aspects of this technique. We also go through some examples that were obtained using the design proposed in this thesis. We don’t do a detailed study as such of any particular algorithm but we leave this for future research and investigation.
4.1 General Description
Simple Power Analysis is explained in the first paper in the subject as a technique that is used to retrieve information from cryptographic devices by interpreting power consumption measurements, see [KJJ99]. Although the last intention is to retrieve the key of a cryptographic device, given or not the algorithm or the plain text, SPA attacks can have other uses, for example, de- riving the instructions executed in a microprocessor or microcontroller were the code is protected or not known. According to [MOP07, ch. 5.1] SPA at- tacks are divided into single-shot SPA attacks and multiple-shot SPA attacks.
The difference between them is the number of traces that can be recorded.
As it is explained in the next section, this design is capable of doing both types of attacks but the last one was not implemented due to the lack of an oscilloscope to interface with a computer via RS-232, USB or GPIB [GPI04].
This approach was taken into account in this design as a proof of concept or an introduction to SPA attacks. However, the device under attack is capa- ble of performing cryptographic functions written for 8 bit microcontrollers;
this is an achievement given the few resources that are available in terms of memory and computing power. In the last part of this chapter, Section 4.6, there are some examples of this kind of algorithms that are available under an open source license, see [Per08a], [Per08b] and [Smi03], and were measured to demonstrate the capabilities of the circuit.
4.2 Measurements Set Up
Simple Power Analysis can be performed without a whole set of high end
equipment as explained in Section 3. In this section we will cover how to
Figure 5: Measurements Set Up
set up this equipment and the steps that need to be followed to perform the measurements.
The set up includes seven elements, a power supply, a signal generator, a digital sampling oscilloscope, the measurement circuit and the probe, the microcontroller, the In Circuit Serial Programming interface and a personal computer. The process has the following steps as shown in Figure 5:
1. Write the software, compile it and flash the microcontroller using the ICSP interface. The device can be programmed with or without the power supply connected since the Pickit 3 is able to supply the needed voltage for programming. Once the software has been programmed in the device, disconnect the Pickit 3 to avoid adding noise through the ICSP lines.
2. Connect the clock generator to the BNC connector using a coaxial cable and set the appropriate jumpers to configure the microcontroller to use an external clock signal. Set the frequency in the clock generator to 4 MHz.
3. Connect the probe to the sensing terminals in the circuit and turn on the digital oscilloscope. Configure the second channel as a single shoot trigger on rising or falling edge. The sensing terminals should be connected to the first channel with a x1 probe.
4. Connect the power supply to the circuit and open a serial connection
in the computer. Check that the UART has been properly initialised,
if so, UART [OK] would appear on the screen and the microcontroller is waiting for commands.
5. Send the desired command(s) and observe the results on the oscillo- scope, see Figure 6
6. Save the data and be aware of including data from both channels. If the second channel is omitted, there will be no time reference of the time when the operations started and finished.
7. Import the data and analyse.
The number of traces or measures needed to do SPA is relatively low. The microcontroller can be characterized by using one or two traces of the same instruction. There is no need of communicating with the oscilloscope from the computer since the set up can be done manually in a matter of minutes.
But, if desired, the process can be further automated by using scripts to communicate with both the oscilloscope and the microcontroller. This is a basic feature needed to perform DPA or using multiple-shots SPA attacks.
4.3 Template Attacks
Template attacks rely on the dependence that exists between the power con- sumption and the data being processed. When using this kind of attacks we expect some kind of relationship, for example, depending on the literals, operands and registers that are involved in a particular instruction executed by the microcontroller. Using these kind of attacks add statistics and numer- ical analysis to the list of tools needed to retrieve useful information from the traces and as such, those traces are characterized by a normal distribution of multiple variables, see [MOP07, ch. 5.3].
The basic idea behind template attacks is to build pairs of a mean vector
and a covariance matrix (m, C) using pairs of data d i and keys k j . As an
example, Listing 1 shows three operations that are quite similar. Using power
analysis we can derive a template for the last two instructions, that compute
an eXclusive OR between the number 5 and 10, by changing both data (5)
Figure 6: Capture of a power trace
and the key (10). After that, we calculate a mean vector m with all the traces that use the same data-key pair (d i , k j ) and by changing one of them, we calculate the covariance matrix C. The same procedure is repeated for every pair combination of (d i , k j ) to build its template h d
i,k
j, see Equation 4.1. If we have a similar device, we can then match power consumption traces with the ones that we have previously characterized. These two phases are known as characterization and attack respectively. Note that there is a paralelism between data-key and operation-literal pairs. The first case applies for cryptographic attacks known as Plain Text Attacks and the second case is used for characterizing the power consumption per instruction executed or, in another words, in the template building phase.
(d i , k j ) : h d
i,k
j= (m, C) d
i,k
j(4.1)
Listing 1: Dependence between data and power consumption example.
1
l i s t p =16 f 6 2 8 A
# i n c l u d e < p 1 6 F 6 2 8 a . i n c >
3
spa :
5
; add two n u m b e r s : W = 5 + 10 m o v l w d ’ 5 ’
7
a d d l w d ’ 10 ’
; add two n u m b e r s : W = 100 + 139
9
m o v l w d ’ 100 ’
a d d l w d ’ 139 ’
11
; W = 0 0 0 0 0 1 0 1 XOR 0 0 0 0 1 0 1 0 m o v l w b ’ 0 0 0 0 0 1 0 1 ’
13
x o r l w b ’ 0 0 0 0 1 0 1 0 ’
Finally, once we have all the data-key pairs, we calculate the Probability Density Function of the power trace of the device under attack for every tem- plate that we have characterized using Equation 4.2. The highest probability will point to the correct template, see Equation 4.3.
p(t; (m, C) d
i,k
j) = exp(− 1 2 (t − m) 0 C −1 (t − m))
p(2π) T det(C) (4.2)
p(t; h d
i,k
j) > p(t; h d
i,k
l) ∀l 6= j (4.3)
4.4 Template Building
This step is open for different types of template building strategies. Following the directions given in the previous section and depending on whether our intention is to characterize every instruction individually, a group of them or a complete algorithm, we need a way to decide which are the interesting points that contains more information about what we are looking for. There are several strategies, but we will discuss two of them.
Pairs of Data and Key The interesting points of a trace are the ones that
correlate to the power trace pair, as described in the previous section.
This technique can be used to derive, for example, a checksum calcula- tion that is done using logical instructions (and, xor, or, xnor, etc.) by feeding different plain texts and segmenting the possible stages of the algorithm. This can be seen as building templates for intermediate val- ues of an algorithm but, checksums do not usually perform complicated calculations and have to be fast, so, this kind of template strategy is suitable for the task.
Power Models Sometimes, power traces does not leak any information about the dependence between data and keys, as for example, rela- tionships regarding the Hamming weight of the data. Then, the most common approach is to reduce the number of templates to the ones that have the same Hamming weight. An important consideration is that if a device does not leak any information about the Hamming weight, it is not possible to retrieve information about the key using only one power trace. This can be applied to the previous example as well if only one power trace is available.
4.5 Template Matching
Template matching is the last step in the process of performing SPA and it requires numerical methods to calculate the matching template. Some issues arise when calculating the probabilities using 4.2; in order to avoid the exponentiation, using logarithm with the absolute value and selecting the smallest possible value will throw the matching template as in Equation 4.4.
| ln p(t; h d
i,k
j)| < | ln p(t; h d
i,k
l)| ∀l 6= j (4.4) Sometimes, calculating the covariance matrix will inevitably imply the possibility of being singular and thus, making the calculation not possible.
For this reason, we can discard the covariances between points, which results
in the identity matrix and we skip this chance. This is called a reduced
template and it consists of only a mean vector. In a similar way as before,
the smallest value of the absolute value of the logarithm will be the correct guess. This method is called least-square estimator (LSQ), see [MA02, ch.
11.2, 12.1-2].
4.6 Examples
In this section we present some measurements that were taken during the testing phase of the circuit. These are pretty basic captures without the only intention to confirm that the system was working, without going further in the analysis of them. We want to encourage the use of this platform for further research with the device selected or with any other that could be considered. In the next pages the reader can observe the different power traces that were obtained either in the characterization stage of the device or, in a later stage, as a test of more advance cryptographic algorithms implemented for 8 bit microcontrollers.
There are examples of single operations using different literals where we
can observe the differences in power consumption depending on the liter-
als used. This shows clearly, the relationship that exists between power
consumption and data being processed. We added a power trace of a NOP
operation to prove that the power consumption did not vary when the mi-
crocontroller was not executing anything.
0 100 200 300 400 500 600 50
100 150 200
SPA on movlw instruction
Time [nS/div]
Voltage [mV/div]
movlw .1 movlw .127 movlw .255
Figure 7: Load accumulator power trace (1 vs 127 vs 255)
34
0 100 200 300 400 500 600 50
100 150 200
SPA on clrw instruction
Time [nS/div]
Voltage [mV/div]
clrw (W=1) clrw (W=127)
Figure 8: Clear accumulator power trace (1 vs 127)
35
0 100 200 300 400 500 600 50
60 70 80 90 100 110 120 130
SPA on nop instruction
Time [nS/div]
Voltage [mV/div]
Figure 9: No Operation (NOP) power trace
36
0 200 400 600 800 1000 1200
−0.1
−0.05 0 0.05 0.1 0.15 0.2 0.25
Time
Voltage [mV]
0 500 1000 1500 2000 2500
−0.1
−0.05 0 0.05 0.1 0.15 0.2 0.25
Time
Voltage [mV]
0 500 1000 1500 2000 2500
−0.1
−0.05 0 0.05 0.1 0.15 0.2 0.25 0.3
Time
Voltage [mV]
0 500 1000 1500 2000 2500
−0.1
−0.05 0 0.05 0.1 0.15 0.2 0.25 0.3
Time
Voltage [mV]
37
5 Conclusion
This discussion has argued that it is possible to build a low cost circuit suitable as an entry level design to do Power Analysis Attacks. This thesis was undertaken to design an under 10 USD solution and evaluate it through a set of experiments using Simple Power Analysis as the driving example. It has been found that, generally, there is no need of using expensive equipment to perform this kind of research and the evidence from this study suggest that it is possible to build powerful attacks as a combination of software and hardware for less than 400 USD. The methods sed for this design may be applied to other microprocessors or cryptographic devices that are widely used nowadays without the need of an invasive or semi-invasive attack.
A number of caveats need to be noted regarding the present study. Due to the low cost nature of it, some design constraints were applied that can lead to bad performance in terms of noise. However, following some recommenda- tions when taking measurements will minimize the risks. Being the physical size of the PCB the most important one, a proper layout using a slightly bigger board plus the addition of up to six layers can reduce drastically the noise and so, improve the stability of the circuit.
It is recommended that further designs based on the one proposed in this study to be undertaken in the following areas:
• Improvements in the software run by the microcontroller to make it easier to ”plug and play” algorithms or routines under study.
• Improve the layout of the PCB as described before to keep the noise under control.
• Improve the communication protocol by adding the possibility of com- plex commands that execute complex pieces of code that not only serve to characterize the instruction set of the device.
The findings of this study have a number of important implications for
future practice of low cost Power Analysis Attacks.
A Software Implementation
Listing 2: Main routine of the SPA software
1
;
; B a c h e l o r T h e s i s
3
; S I M P L E P O W E R A N A L Y S I S
;
5
;
; F i l e n a m e : m a i n . a s m
7
; D a t e : 2 0 / 0 4 / 2 0 1 2
; F i l e V e r s i o n : 0 .1a
9
;
; A u t h o r : M a n u e l B e j a r a n o
11
; C o n t a c t : m b c a @ s t u d e n t . b t h . s e
;
13
;
; F i l e s R e q u i r e d : P 1 6 F 6 2 8 A . I N C
15
;
;
17
; N o t e s :
;
19
l i s t p =16 f 6 2 8 A
21
# i n c l u d e < P 1 6 F 6 2 8 A . I N C >
i n c l u d e m a c r o s . i n c
23
e x t e r n i n i t _ u a r t
25
e x t e r n s e n d
e x t e r n r e c e i v e
27
e r r o r l e v e l -302
29
_ _ C O N F I G _ C P _ O F F & D A T A _ C P _ O F F & _ L V P _ O N & _ B O R E N _ O F F &
_ M C L R E _ O N & _ W D T E _ O F F & _ P W R T E _ O N & _ E X T C L K _ O S C
31
33
; v a r i a b l e s
c o n t e x t u d a t a _ s h r
35
w _ t e m p res 1 ; c o n t e x t s a v i n g
s t a t u s _ t e m p res 1
37
b 0 _ r e c e i v e d res 1 ; b y t e s r e c e i v e d by R S 2 3 2
b 1 _ r e c e i v e d res 1
39
e x _ i n s t r u c t i o n res 1 ; o p c o d e to e x e c u t e
e x _ l i t e r a l res 1
41
e x _ r e p e t i t i o n s res 1
e x _ c h e c k s u m res 1
43
s p a _ t e m p _ r e g res 1
45
g l o b a l b 0 _ r e c e i v e d , b 1 _ r e c e i v e d
47
; c o n s t a n t s
c o n s t a n t c m d 1 = 0 x20 ; ack
49
c o n s t a n t c m d 2 = 0 x30 ; r e s e t
c o n s t a n t c m d 3 = 0 x40 ; e x e c u t e o p c o d e
51
R E S E T C O D E 0 x 0 0 0 0
53
g o t o i n i t
55
ISR C O D E 0 x 0 0 0 4
m o v w f w _ t e m p
57
m o v f STATUS , W
m o v w f s t a t u s _ t e m p
59
; ISR s u b r o u t i n e s
61
b t f s c PIR1 , R C I F
63
c a l l r e c e i v e
65
m o v f s t a t u s _ t e m p , W m o v w f S T A T U S
67
s w a p f w_temp , F
s w a p f w_temp , W
69
r e t f i e
71
M A I N C O D E
i n i t :
73
; set u n u s e d p o r t s as o u t p u t s
c l r f P O R T A
75
c l r f P O R T B b a n k s e l T R I S A
77
c l r f T R I S A
m o v l w (1 < < RB1 ) | (1 < < RB2 ) ; RB1 ( RX ) and RB2 ( TX ) as i n p u t s
79
m o v w f T R I S B
81
c a l l i n i t _ u a r t ; i n i t U A R T
83
bsf INTCON , GIE ; e n a b l e i n t e r r u p t s
85
m a i n _ l o o p :
87
m o v f b 0 _ r e c e i v e d , F ; w a i t for the f i r s t
b y t e to be 00 h brz m a i n _ l o o p
89
c f l b i e b 1 _ r e c e i v e d , cmd1 , ack
c f l b i e b 1 _ r e c e i v e d , cmd2 , 0 x 0 0 0 0 ; r e s e t d e v i c e
91
c f l b i e b 1 _ r e c e i v e d , cmd2 , p r o c e s s _ c o m m a n d
93
p r o c e s s _ c o m m a n d :
c a l l r e c e i v e ; r e a d 3 b y t e s [ AA
BB CC ]
95
m o v f f b 0 _ r e c e i v e d , e x _ i n s t r u c t i o n ; AA : p r o c e s s _ c o m m a n d to e x e c u t e
m o v f f b 1 _ r e c e i v e d , e x _ l i t e r a l ; BB : l i t e r a l (00 h if NA )
97
c a l l r e c e i v e
m o v f f b 0 _ r e c e i v e d , e x _ r e p e t i t i o n s ; CC : r e p e t i t i o n s
99
m o v f e x _ i n s t r u c t i o n , W ; l a s t b y t e has to by
AA xor BB xor CC x o r w f e x _ l i t e r a l , W
101
x o r w f e x _ r e p e t i t i o n s , W m o v w f e x _ c h e c k s u m
103
c f l b i e b 1 _ r e c e i v e d , e x _ c h e c k s u m , spa
g o t o t x _ e r r o r ; ask for r e s e n d i n d
the c o m m a n d
105
107
ack : ; ACK [ 00 h 20 h ] c l r w
109
c a l l s e n d
m o v l w c m d 1
111
c a l l s e n d
g o t o m a i n _ l o o p
113
t x _ e r r o r : ; r e s e n d c o m m a n d [ 20
h 20 h ]
115
m o v l w c m d 2
c a l l s e n d
117
c a l l s e n d
g o t o m a i n _ l o o p
119
spa :
121
m o v l w e x _ i n s t r u c t i o n ; o f f s e t
a d d w f PCL , F
123
g o t o t e s t _ a d d w f ; a d d w f
g o t o t e s t _ a n d w f ; a n d w f
125
g o t o t e s t _ c l r f ; c l r f
g o t o t e s t _ c l r w ; c l r w
127
g o t o t e s t _ c o m f ; c o m f
g o t o t e s t _ d e c f ; d e c f
129
g o t o t e s t _ d e c f s z ; d e c f s z
g o t o t e s t _ i n c f ; i n c f
131
g o t o t e s t _ i n c f s z ; i n c f s z
g o t o t e s t _ i o r w f ; i o r w f
133
g o t o t e s t _ m o v f ; m o v f
g o t o t e s t _ m o v w f ; m o v w f
135
g o t o t e s t _ n o p ; nop
g o t o t e s t _ r l f ; rlf
137
g o t o t e s t _ r r f ; rrf
g o t o t e s t _ s u b w f ; s u b w f
139
g o t o t e s t _ s w a p f ; s w a p f
g o t o t e s t _ x o r w f ; x o r w f
141
g o t o t e s t _ b s f ; bsf
g o t o t e s t _ b c f ; bcf
143
g o t o t e s t _ b t f s c ; b t f s c
g o t o t e s t _ b t f s s ; b t f s s
145
g o t o t e s t _ a d d l w ; a d d l w
g o t o t e s t _ a n d l w ; a n d l w
147
g o t o t e s t _ c a l l ; c a l l
g o t o t e s t _ c l r w t ; c l r w t
149
g o t o t e s t _ g o t o ; g o t o
g o t o t e s t _ i o r l w ; i o r l w
151
g o t o t e s t _ m o v l w ; m o v l w
g o t o t e s t _ r e t f i e ; r e t f i e
153
g o t o t e s t _ r e t l w ; r e t l w
g o t o t e s t _ r e t u r n ; r e t u r n
155
g o t o t e s t _ s l e e p ; s l e e p
g o t o t e s t _ s u b l w ; s u b l w
157
g o t o t e s t _ x o r l w ; x o r l w
g o t o $
159
161
t e s t _ a d d w f :
c l r f s p a _ t e m p _ r e g
163
m o v l w e x _ l i t e r a l s e t t r i g g e r
165
a d d w f s p a _ t e m p _ r e g , F c l r t r i g g e r
167
d e c f s z e x _ l i t e r a l , F g o t o t e s t _ a d d w f
169
g o t o ack
t e s t _ a n d w f :
171
c l r f s p a _ t e m p _ r e g m o v l w e x _ l i t e r a l
173
m o v w f s p a _ t e m p _ r e g m o v l w e x _ r e p e t i t i o n s
175
s e t t r i g g e r
a n d w f s p a _ t e m p _ r e g , F
177
c l r t r i g g e r
g o t o ack
179
t e s t _ c l r f : s e t t r i g g e r
181
c l r f e x _ l i t e r a l c l r t r i g g e r
183
g o t o ack
t e s t _ c l r w :
185
m o v l w e x _ l i t e r a l s e t t r i g g e r
187
c l r w
c l r t r i g g e r
189
g o t o ack
t e s t _ c o m f :
191
s e t t r i g g e r
c o m f e x _ l i t e r a l , F
193
c l r t r i g g e r
g o t o ack
195
t e s t _ d e c f : s e t t r i g g e r
197
d e c f e x _ l i t e r a l , F c l r t r i g g e r
199
d e c f s z e x _ r e p e t i t i o n s , F g o t o t e s t _ d e c f
201
g o t o ack
t e s t _ d e c f s z :
203
s e t t r i g g e r
d e c f s z e x _ l i t e r a l , F
205
c l r t r i g g e r c l r t r i g g e r
207
d e c f s z e x _ r e p e t i t i o n s , F g o t o t e s t _ d e c f s z
209
g o t o ack
t e s t _ i n c f :
211
s e t t r i g g e r
i n c f e x _ l i t e r a l , F
213
c l r t r i g g e r
d e c f s z e x _ r e p e t i t i o n s , F
215
g o t o t e s t _ i n c f
g o t o ack
217
t e s t _ i n c f s z : s e t t r i g g e r
219
i n c f s z e x _ l i t e r a l , F c l r t r i g g e r
221
c l r t r i g g e r
d e c f s z e x _ r e p e t i t i o n s , F
223
g o t o t e s t _ i n c f s z
g o t o ack
225
t e s t _ i o r w f :
c l r f s p a _ t e m p _ r e g
227
m o v l w e x _ l i t e r a l m o v w f s p a _ t e m p _ r e g
229
m o v l w e x _ r e p e t i t i o n s s e t t r i g g e r
231
i o r w f s p a _ t e m p _ r e g , F c l r t r i g g e r
233
g o t o ack
t e s t _ m o v f :
235
s e t t r i g g e r
m o v f e x _ l i t e r a l , F
237
c l r t r i g g e r
g o t o ack
239
t e s t _ m o v w f :
c l r f s p a _ t e m p _ r e g
241
m o v l w e x _ l i t e r a l s e t t r i g g e r
243
m o v w f s p a _ t e m p _ r e g c l r t r i g g e r
245
g o t o ack
t e s t _ n o p :
247
s e t t r i g g e r nop
249
c l r t r i g g e r g o t o ack
251
t e s t _ r l f : s e t t r i g g e r
253
rlf e x _ l i t e r a l , F c l r t r i g g e r
255
g o t o ack
t e s t _ r r f :
257
s e t t r i g g e r
rrf e x _ l i t e r a l , F
259
c l r t r i g g e r
g o t o ack
261
