Launched in Fall 2019 on Crowd Supply, CW610 PhyWhisperer® USB is an affordable hardware-based USB 2.0 monitor and trigger platform that is controlled from Python. This PhyWhisperer USB module is designed to work with ChipWhisperer® and ChipSHOUTER® tools by serving as a unit to trigger on USB protocols with high accuracy. The CW610 includes a built-in shunt that allows monitoring power consumption on an external oscilloscope or ChipWhisperer. This PhyWhisperer USB module has a convenient front-panel button that allows the power-cycling of the target device. The CW610 features 20-pin connector interfaces to ChipWhisperer for providing clock and trigger synchronization.

USB is the most common interface for computer peripherals, which includes many USB-connected security devices such as Bitcoin Wallets, FIDO2 keys, and encrypted drives. Three of the biggest threats to these security devices are USB protocol errors (often found with fuzzing), side-channel power analysis, and fault injection. PhyWhisperer-USB targets the last two - it serves as a cycle-accurate triggering and precision monitoring tool. It watches the USB bus for specific data patterns, triggers an event (such as a fault injection or recording a power trace), and records USB data. 

These capabilities are only offered by a handful of expensive commercial tools, and if you want to extend them with your own logic, you’re out of luck. With PhyWhisperer-USB being open-source, you can freely add your own logic to the FPGA.

Features

• Hardware-level Sniffing
• Portable and Extendable
• Open-source
• USB Fuzzing and Hacking
• USB Sniffing
• Fault Injection and Side-channel Power Analysis

Specifications

• USB modes supported: USB 2.0 Low/Full/High Speed
• FPGA: Xilinx Spartan 7S15
• Control PC connection: Micro-USB 2.0 HS
• Host USB connection: Micro-USB
• Target USB connection: Female A connector
• Target power source: Selectable to come from Host USB or Control PC
• Spare digital I/O: 8 data pins, 1 clock pin routed to FPGA (on front panel)
• Clock output: 60 MHz, derived from 480 MHz USB clock (on ChipWhisperer clock pin)
• Trigger pattern: 1 - 64 bytes with mask
• Trigger delay: 0 - 1048576‬ cycles of 240 MHz internal clock (derived from USB clock)
• USB sniffer FIFO: 8192 bytes (FPGA block RAM, adjustable depending on FPGA utilization)
• Control PC software: Python 3 library, Windows/Mac/Linux support (including signed Windows drivers)

Documentation

Datasheet

Source Code:

• Python library (in development)
• Microcontroller firmware
• PCB sources in Altium Designer format (sorry Chris Gammell)
• FPGA design files

Support