Launched in Fall 2019 on Crowd Supply, CW610 PhyWhisperer® USB is an affordable hardware-based USB 2.0 monitor and trigger platform that is controlled from Python. This PhyWhisperer USB module is designed to work with ChipWhisperer® and ChipSHOUTER® tools by serving as a unit to trigger on USB protocols with high accuracy. The CW610 includes a built-in shunt that allows monitoring power consumption on an external oscilloscope or ChipWhisperer. This PhyWhisperer USB module has a convenient front-panel button that allows the power-cycling of the target device. The CW610 features 20-pin connector interfaces to ChipWhisperer for providing clock and trigger synchronization.
USB is the most common interface for computer peripherals, which includes many USB-connected security devices such as Bitcoin Wallets, FIDO2 keys, and encrypted drives. Three of the biggest threats to these security devices are USB protocol errors (often found with fuzzing), side-channel power analysis, and fault injection. PhyWhisperer-USB targets the last two - it serves as a cycle-accurate triggering and precision monitoring tool. It watches the USB bus for specific data patterns, triggers an event (such as a fault injection or recording a power trace), and records USB data.
These capabilities are only offered by a handful of expensive commercial tools, and if you want to extend them with your own logic, you’re out of luck. With PhyWhisperer-USB being open-source, you can freely add your own logic to the FPGA.
Features
- Hardware-level Sniffing
- Portable and Extendable
- Open-source
- USB Fuzzing and Hacking
- USB Sniffing
- Fault Injection and Side-channel Power Analysis
Specifications
- USB modes supported: USB 2.0 Low/Full/High Speed
- FPGA: Xilinx Spartan 7S15
- Control PC connection: Micro-USB 2.0 HS
- Host USB connection: Micro-USB
- Target USB connection: Female A connector
- Target power source: Selectable to come from Host USB or Control PC
- Spare digital I/O: 8 data pins, 1 clock pin routed to FPGA (on front panel)
- Clock output: 60 MHz, derived from 480 MHz USB clock (on ChipWhisperer clock pin)
- Trigger pattern: 1 - 64 bytes with mask
- Trigger delay: 0 - 1048576 cycles of 240 MHz internal clock (derived from USB clock)
- USB sniffer FIFO: 8192 bytes (FPGA block RAM, adjustable depending on FPGA utilization)
- Control PC software: Python 3 library, Windows/Mac/Linux support (including signed Windows drivers)
- Python library (in development)
- Microcontroller firmware
- PCB sources in Altium Designer format (sorry Chris Gammell)
- FPGA design files