DavidBuchanan314/rhme3qual2.py

## rhme3qual2.py
# This code is very slow, and only cracks one key byte at a time. Choose which byte by changing keyi:
keyi = 0


import matplotlib.pyplot as plt
import numpy as np

ins = []
outs = []
samples = []
aligned = []

# pre-calculated alignment offsets
offsets = [49, 48, 47, 37, 41, 34, 28, 33, 40, 21, 29, 41, 26, 38, 27, 32, 12, 24, 14, 23, 21, 20, 28, 12, -7, 0, 13, 7, 6, -4, 4, 16, 11, 14, -6, 7, 0, 9, 7, 10, -9, 1, -7, -8, 0, -15, -21, -4, -14, -11, -16, -22, -10, -15, -17, -32, -29, -25, -35, -28, -34, -43, -17, -37, -38, -53, -49, -36, -38, -44, -46, -38, -47, -44, -46, -52, -53, -50, -32, -57, -67, -68, -65, -66, -57, -59, -65, -72, -68, -64, -75, -71, -68, -68, -80, -82, -69, -79, -81, 34, 41, 49, 39, 51, 46, 34, 42, 37, 45, 30, 19, 27, 26, 16, 23, 36, 40, 24, 28, 17, 24, 29, 23, 21, 16, 4, 9, 21, 6, -4, -6, 16, 10, -5, -1, 1, -3, -2, 3, -3, -9, -2, -30, -18, -15, -15, -12, -32, -9, -16, -29, -17, -32, -15, -25, -83, -13, -26, 31, -36, -33, -31, -36, -27, -19, -58, -35, -46, -35, -49, -45, -47, -39, -44, -55, -42, -53, -35, -55, -48, -57, -68, -51, -57, -53, -58, -75, -57, -64, -64, -75, -62, -63, -84, -76, -72, -83, -68, -66, 37, 37, 44, 48, 99, 27, 30, 25, 51, 28, 35, 33, 23, 17, 81, 101, 27, 6, 20, 15, 18, 21, 86, 23, 17, 59, 19, 18, 16, 15, 9, 13, 12, 5, -1, -7, 1, -10, 10, -16, -4, -9, -5, -7, -3, -32, -6, -17, -17, -1, -11, -21, -21, -32, -26, -34, -23, -28, -29, -17, -27, -19, -34, -31, -41, -38, -34, -30, -32, -39, -40, -40, -33, -38, -31, -51, -60, -53, -44, -46, -56, -52, -54, -59, -56, -68, -60, -70, -66, -53, -64, -52, -91, -82, -92, -85, -91, -78, -70, -85, 55]

sbox = [ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ]

lw = 0.1

# I exported the trace data from octave as csvs
for line in open("inout.csv").readlines():
	row = [int(x)&0xFF for x in line.split(",")]
	ins.append(row[:16])
	outs.append(row[16:])

for line in open("samples.csv").readlines():
	row = [float(x) for x in line.split(",")]
	samples.append(row)

ALIGN_START = 2600
ALIGN_RANGE = 150 # (+/-)
ALIGN_END = 3900

def getrange(samples, offset):
	return samples[ALIGN_START + ALIGN_RANGE + offset : ALIGN_END + ALIGN_RANGE + offset]

def getoff(samples, offset):
	return samples[0 + ALIGN_RANGE + offset : len(samples) - ALIGN_RANGE + offset]

def meandiff(a, b):
	diff = 0
	for an, bn in zip(a, b):
		diff += (an-bn) * (an-bn)
	return diff

def hamweight(n):
	return [0,1,1,2,1,2,2,3,1,2,2,3,2,3,3,4,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,4,5,5,6,5,6,6,7,5,6,6,7,6,7,7,8][n]

target = getrange(samples[25], 0)

if False:
	offsets = []
	for i in range(0,300):
		bestdiff = 99999999999999
		bestoff = None
		for offset in range(-ALIGN_RANGE, ALIGN_RANGE):
			section = getrange(samples[i], offset)
			diff = meandiff(section, target)
			if diff < bestdiff:
				bestdiff = diff
				bestoff = offset

		#print(bestoff)
		offsets.append(bestoff)
		aligned.append(getoff(samples[i], bestoff))
		#plt.plot(aligned[i], linewidth=lw)
	print(offsets)
	exit()


for i in range(300):
	aligned.append(getoff(samples[i], offsets[i]))
	#plt.plot(aligned[i], linewidth=lw)

bitscores = [0]*8

bestcor = 0
bestkey = 0

for keyguess in range(0x100):
	print(keyguess)
	predicted = []
	for i in range(300):
		predicted.append(hamweight( sbox[ ins[i][keyi] ^ keyguess ] ))

	cors = []

	for j in range(1300, 2400, 2):
		actual = []
		for i in range(300):
			actual.append(aligned[i][j])
		cor = np.corrcoef(predicted, actual)[0][1]
		cors.append(cor)
		if abs(cor) > abs(bestcor):
			bestcor = cor
			bestkey = keyguess

	plt.plot(cors, linewidth=lw)

print(chr(bestkey))
print(bin(bestkey))
print(hex(bestkey))
print(bestcor)

plt.show()

# 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
# ca fe ba be de ad be ef 00 01 02 03 04 05 06 07

# cafebabedeadbeef0001020304050607
	# This code is very slow, and only cracks one key byte at a time. Choose which byte by changing keyi:
	keyi = 0


	import matplotlib.pyplot as plt
	import numpy as np

	ins = []
	outs = []
	samples = []
	aligned = []

	# pre-calculated alignment offsets
	offsets = [49, 48, 47, 37, 41, 34, 28, 33, 40, 21, 29, 41, 26, 38, 27, 32, 12, 24, 14, 23, 21, 20, 28, 12, -7, 0, 13, 7, 6, -4, 4, 16, 11, 14, -6, 7, 0, 9, 7, 10, -9, 1, -7, -8, 0, -15, -21, -4, -14, -11, -16, -22, -10, -15, -17, -32, -29, -25, -35, -28, -34, -43, -17, -37, -38, -53, -49, -36, -38, -44, -46, -38, -47, -44, -46, -52, -53, -50, -32, -57, -67, -68, -65, -66, -57, -59, -65, -72, -68, -64, -75, -71, -68, -68, -80, -82, -69, -79, -81, 34, 41, 49, 39, 51, 46, 34, 42, 37, 45, 30, 19, 27, 26, 16, 23, 36, 40, 24, 28, 17, 24, 29, 23, 21, 16, 4, 9, 21, 6, -4, -6, 16, 10, -5, -1, 1, -3, -2, 3, -3, -9, -2, -30, -18, -15, -15, -12, -32, -9, -16, -29, -17, -32, -15, -25, -83, -13, -26, 31, -36, -33, -31, -36, -27, -19, -58, -35, -46, -35, -49, -45, -47, -39, -44, -55, -42, -53, -35, -55, -48, -57, -68, -51, -57, -53, -58, -75, -57, -64, -64, -75, -62, -63, -84, -76, -72, -83, -68, -66, 37, 37, 44, 48, 99, 27, 30, 25, 51, 28, 35, 33, 23, 17, 81, 101, 27, 6, 20, 15, 18, 21, 86, 23, 17, 59, 19, 18, 16, 15, 9, 13, 12, 5, -1, -7, 1, -10, 10, -16, -4, -9, -5, -7, -3, -32, -6, -17, -17, -1, -11, -21, -21, -32, -26, -34, -23, -28, -29, -17, -27, -19, -34, -31, -41, -38, -34, -30, -32, -39, -40, -40, -33, -38, -31, -51, -60, -53, -44, -46, -56, -52, -54, -59, -56, -68, -60, -70, -66, -53, -64, -52, -91, -82, -92, -85, -91, -78, -70, -85, 55]

	sbox = [ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ]

	lw = 0.1

	# I exported the trace data from octave as csvs
	for line in open("inout.csv").readlines():
	row = [int(x)&0xFF for x in line.split(",")]
	ins.append(row[:16])
	outs.append(row[16:])

	for line in open("samples.csv").readlines():
	row = [float(x) for x in line.split(",")]
	samples.append(row)

	ALIGN_START = 2600
	ALIGN_RANGE = 150 # (+/-)
	ALIGN_END = 3900

	def getrange(samples, offset):
	return samples[ALIGN_START + ALIGN_RANGE + offset : ALIGN_END + ALIGN_RANGE + offset]

	def getoff(samples, offset):
	return samples[0 + ALIGN_RANGE + offset : len(samples) - ALIGN_RANGE + offset]

	def meandiff(a, b):
	diff = 0
	for an, bn in zip(a, b):
	diff += (an-bn) * (an-bn)
	return diff

	def hamweight(n):
	return [0,1,1,2,1,2,2,3,1,2,2,3,2,3,3,4,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,1,2,2,3,2,3,3,4,2,3,3,4,3,4,4,5,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,2,3,3,4,3,4,4,5,3,4,4,5,4,5,5,6,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,3,4,4,5,4,5,5,6,4,5,5,6,5,6,6,7,4,5,5,6,5,6,6,7,5,6,6,7,6,7,7,8][n]

	target = getrange(samples[25], 0)

	if False:
	offsets = []
	for i in range(0,300):
	bestdiff = 99999999999999
	bestoff = None
	for offset in range(-ALIGN_RANGE, ALIGN_RANGE):
	section = getrange(samples[i], offset)
	diff = meandiff(section, target)
	if diff < bestdiff:
	bestdiff = diff
	bestoff = offset

	#print(bestoff)
	offsets.append(bestoff)
	aligned.append(getoff(samples[i], bestoff))
	#plt.plot(aligned[i], linewidth=lw)
	print(offsets)
	exit()


	for i in range(300):
	aligned.append(getoff(samples[i], offsets[i]))
	#plt.plot(aligned[i], linewidth=lw)

	bitscores = [0]*8

	bestcor = 0
	bestkey = 0

	for keyguess in range(0x100):
	print(keyguess)
	predicted = []
	for i in range(300):
	predicted.append(hamweight( sbox[ ins[i][keyi] ^ keyguess ] ))

	cors = []

	for j in range(1300, 2400, 2):
	actual = []
	for i in range(300):
	actual.append(aligned[i][j])
	cor = np.corrcoef(predicted, actual)[0][1]
	cors.append(cor)
	if abs(cor) > abs(bestcor):
	bestcor = cor
	bestkey = keyguess

	plt.plot(cors, linewidth=lw)

	print(chr(bestkey))
	print(bin(bestkey))
	print(hex(bestkey))
	print(bestcor)

	plt.show()

	# 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15
	# ca fe ba be de ad be ef 00 01 02 03 04 05 06 07

	# cafebabedeadbeef0001020304050607