Deep Dive Articles

The Best Way to Learn a New Programming Language from Scratch - How I Approach and Learn Any Programming Language Efficiently

Preface: The following article is based on my experiences and opinions on learning programming languages. I have been learning about computers in-depth and find learning languages with specific purposes useful. For example, Python was for beginning, C is for memory management and Rust is for learning to write memory-safe code in my case. This time, I started learning Golang which is known for its simple syntax and powerful performance, and widely known for its awesome concurrency.

Why More is Not Always Good in Terms of Software - Words on Cross Platform Utilities, Bash-ism, and POSIX Compliance.

Preface: This article is about my views on software compliance and cross-platform support, and reflects my opinions and experience with the subject. Your experience and opinions may vary, which I respect. What I am Specifically Talking About? I am going to talk about the issues caused by non-compliant software and why more features are not always good, especially in the case of the upgrade of tools on a single platform.

Why I Shifted From Arch Linux to Debian Linux?

Preface: The following article is based on my personal experience with Arch Linux and Debian Linux. While I appreciate both distributions for their unique strengths and different use cases, the information provided reflects my own opinions and experiences. Your experiences may vary. What was I going for Initially? Bit of my Story as a Beginner Linux User When I started using Linux, I was going through security stuff and learning computer security when I was in my High School.

Tmux is the Ultimate Choice for Power Users - An Awesome Terminal Multiplexer for Managing Persistent Sessions

What is Tmux? Tmux is a Terminal Multiplexer Application for Linux and MacOS for managing terminal sessions and Windows. It is to be mentioned that Tmux is not a terminal emulator, instead, it’s a terminal application, a binary that allows you to stay productive over your terminal. It doesn’t matter which terminal emulator you are using (although I recommend the Suckless Terminal). The functionality of managing Windows and the session doesn’t happen on the desktop GUI side but on the terminal session, you are working with.

The Concept of RSS Feed - A Reliable Way for Publishers and Subscribers Model

Preface: I have been looking for simple solutions in nearly everything related to computing. A lot of software designed these days is not designed per your requirements but as per companies’ profit. Hence, most of these solutions end up sucking your time and energy and need to be replaced by more optimised solutions that would boost your productivity in the right way. RSS Feed is something that I found after searching for solutions related to subscribing to websites or creators without sucking much resources and design that is reliable to the user itself.

Breaking RSA Encryption on Hardware Devices with Side Channel Power Analysis — Leaking the Private Key by Exploiting Square-Multiply Algorithm

Preface: This article is about leaking the private key from hardware devices that implement RSA encryption which is part of hardware hacking. The author is not responsible for any damage caused by the given information. It is recommended to be careful while performing these attacks as they can damage the hardware or even destroy it. All the information provided here is for educational purposes. There are no such prerequisites for understanding the theory, although knowledge about modular arithmetic, basics of encryption mathematics, basic electronics, etc.

Serious Reconnaissance with Unmanned Aerial Vehicles — Mapping Out Devices in an Area with Drones

Introduction: The following content is for educational purposes and for hackers living in basements knowing enough ethics. The author is not responsible for any damage caused by the knowledge provided here and does not support anything like that. It’s essential to check out the rules in the area of reconnaissance about the tactics provided here and the use of materials (unless and until there is any apocalypse and a solid recon is required).

The Fundamentals of Hardware Hacking — Breaking and Reverse Engineering Smart IoT Devices

Disclaimer — This is an introductory article about Hardware Hacking and Security of IoT Devices. None of the mentioned information or techniques are intended for any illegal purposes and the author is not responsible for any damage. It’s advisable to experiment on devices that you own or have explicit permission to do so. Rest of all, hardware hacking is fun! The Beauty of Electronic Devices In the ever-growing world of smart devices and the connectivity of things to the internet, life has become more convenient than ever.

Setting Up a Remote Git Server — A Simple and Concise Step-by-Step Guide to Host a Private Git Server

Preface: This is a concise and simple guide to hosting a remote git server. I have been researching this topic for a while and came up with the idea of writing an article with a step-by-step guide for hosting a private git server. Covering all the aspects of git is not possible in a single article, so it’s assumed that the reader has prior knowledge of git and version control.

The Nature of Linux Kernel Development — Difference Between Rules of Kernel Level and User-Space Application Level

Preface: This article is intended to explain a clear distinction between the core principles of Linux Kernel Development and User-Application Level Development. The provided information is based on my research on Kernel Development through various sources and I have tried to make it as accurate as possible. Efforts have been made to explain it as simply and concisely as possible. Introduction to the Nature of Linux Kernel Linux Kernel is the abstraction layer between the Operating System and the Hardware in the system.

Linux Process Scheduling — The Reason your Linux System Processes so Efficiently (Kernel Perspective)

Preface: I was going through the book “Linux Kernel Development” by Robert Love, one of the best books I have referred to for low-level stuff and understanding the workings of Linux. I study this book with intensity, simplify the concepts and write it down here so that the readers can get a straightforward description and all they need to know about the topic. Covering the whole Linux Process Scheduling is not possible and is not the goal of this article.

Linux Processes — A Kernel’s Perspective Explained with Clarity and Simplicity

Preface: I have been going through the book “Linux Kernel Development” by Robert Love which I highly recommend for understanding the Linux Kernel in depth. I decided to write this article to explain “Linux Processes” simply and concisely. The topic itself is broad and is not explained into the deepest of it, but essential for Linux Administrators, Developers and even Linux users to appreciate the beauty of the Kernel they make use of every day.

NGINX for Deploying Next.js Application on AWS EC2 with AWS ELB — Control and Stability of Deployments

I was looking for an article like this a few days ago, which I didn’t find at that time, so I did the deployment on my own and came up with this article to prevent other developers from saving those efforts and focusing on development. I am not explaining every single step and have provided links for references. I prefer manual deployment of applications over automated (and even serverless) methods. Although they are convenient and require less effort by the developers, they are bound to the providers and offer less control over the underlying system.

Configuring and Building the Linux Kernel — Absolute Guide to Compiling Your Kernel

Linux Kernel is an Open-Source Software and the user is free to modify and customise it as per the requirements. The modification of the Kernel requires a deep understanding of the working of the Kernel, although patches are available to make the Kernel optimised for specific hardware. Linux Kernel Source Code has various options to configure the drivers, modules, preferences on hardware options, etc. This part can be studied by the user and is pretty much easy to work with.

The Elegance of the Linux Kernel — A Concise History of Unix and the Creation of the Linux Kernel

Introduction and Context I was going through the book “Linux Kernel Development” by Robert Love, an absolute guide to getting started with Linux Kernel Development and a highly recommended book for understanding the core of the Linux Kernel. Linux Kernel has been one of the most important software ever written and is even considered one of the biggest projects ever undertaken by a single person. The idea of the Linux Kernel was initiated by Linus Torvalds, a student from the University of Helsinki and is maintained by him to date (while writing this article).

Linux Shell Scripting — A Suckless and Concise Guide to the Command-line of Linux

Prior Statements: This is a concise guide on the Linux Shell Scripting while consolidating all the facts about the Linux Shell for quick developer’s reference while using Linux. I am referencing the Bash (Bourne-Again Shell) which is the default shell for Linux-based systems. I will also be providing references and external links to dive into depth and not fill the article with too much explanation about a single topic which is not universally required by all the readers.

Suckless Utilities for Arch Linux — The Most Minimal Way Run a Computer

Suckless utilities have been my favourite at this time and kind of essentials for my use of the computer. I have been using Arch Linux for a fair amount of time now and I started using it with XFCE for few weeks. I would appreciate the XFCE desktop environment for it’s smoothness and light-weight nature with works really fine when newly shifting on Arch Linux. But then I learnt the suckless ecosystem and eventually shifted to it as my full-time environment.

Installing Pacman in Arch Linux — When You Blow it Up

Let me suckless and divide the article into two parts: My story how I blew up Pacman Package Manager How to reinstall the Pacman Package Manager If you only care about the second part, skip the first one. The Scenario — Blow it Up I was trying to install the pacman game from the Internet to get it running on my Arch Linux Terminal (I use Suckless Terminal BTW). When I got it installed and played it, it was super awesome.

Boot Process of Computers — A Learner’s Perspective Of Exploring the Depth of Computers

Prior Clarifications: Here, I will be providing a philosophical explanation about the bootloaders and understanding them in a simple and as minimal way as possible. This is not supposed to be a manual for bootloader or provide any advice for experimenting over your live system. It’s my journey to understand computers (one of the most complex creations of mankind) and I will be stating my thoughts. Take it with a pinch of salt.

Networking Fundamentals for Linux Administrators — A Suckless and Concise Explanation

Statistics are clear on the fact that 96.3% (while writing this article) of the servers use Linux as their Operating System which is no doubt what every other Linux user on this Earth expects. I believe that the Linux Administrator has to take the shot about the configuration of Networking in Linux Based Server. Some of the underlying concepts remain the same for any other distros but it is mainly intended for Linux.

Operating Systems and Low-Level Access to the Hardware — Why should you learn it?

Today, I completed the whole read of the book “Linux Kernel in a Nutshell” by Greg Kroah-Hartman and I highly recommend that you go through it if you want to understand how to build your custom configuration of Linux Kernel and all you need to know about all the nuts and bolts. It’s always great to have such handbooks around the desk. This blog is about why it’s so awesome to look into the operating system you are using with your hardware and why have a grasp on the Low-Level aspects of a computer.

Arch Linux Custom Builds — Freedom of the Operating System

While writing this blog, I was reading the book “Linux Kernel in a Nutshell” by Greg Kroab-Hartman and as far as the pages of the book are concerned, it seems to be a two-day read (this is a handbook so reading it once and having around the desk is super useful). By the way, the author has the book left open for download http://www.kroah.com/lkn/ so check that out if you want to follow up.

Bypassing the Linux Login to access the files (with Physical Access), even the root!

Imagine being away from the computer for a couple of minutes and getting to know that the system has been compromised and a backdoor has been installed into the system. “The system was locked?” doesn’t matter, without the bios security implementation (which most probably would not be implemented), all the files can be recovered without any login made to the Login Screen. This goes with the story of me trying to get my Wi-Fi troubleshooting in Arch Linux where I was trying to upgrade the Kernel of my System to get the Wi-Fi working properly (as mentioned in the previous blog.

Breaking RSA Encryption on Hardware Devices with Side Channel Power Analysis — Leaking the Private Key by Exploiting Square-Multiply Algorithm

Planted April 18, 2024

Preface: This article is about leaking the private key from hardware devices that implement RSA encryption which is part of hardware hacking. The author is not responsible for any damage caused by the given information. It is recommended to be careful while performing these attacks as they can damage the hardware or even destroy it. All the information provided here is for educational purposes. There are no such prerequisites for understanding the theory, although knowledge about modular arithmetic, basics of encryption mathematics, basic electronics, etc. is recommended to carry out these attacks practically. Rest of all, hacking is about learning and having fun, so enjoy the cool attacks!

Introduction to Side Channel Power Analysis — Constant Emission of Information by Hardware Devices

Side Channel Analysis refers to extracting information from mediums that have relations with the elements interacting with the information and their behavior is influenced by the information processing. For example, using an infrared camera for monitoring heat from devices and finding faults in them through the heat traces. Another example is using signal processing on data containing the vibrational traces from objects that were due to sound in the area of people talking (vibrations can be taken from soundproof rooms too, allowing listening of conversations from soundproofed rooms). In the context of electronic devices for power consumption, information about the internal state of the processor is determined by analyzing the power consumption of these devices.

While microprocessors process information and execute instructions, they consume different amounts of power, if analyzed carefully. Since the voltage largely remains constant, the current consumption varies as per the required power by the processor. For example, adding instructions consumes relatively less power than the multiple instruction. Hence, the power consumption of the processor is analyzed to derive which instructions have been executed in the processor. This opens a lot of possibilities for leaking information from the processors, which in the case of cryptographic information which largely relies on computations and algorithms for optimization, has a lot of potential surface for hackers.

Introduction to RSA Encryption — Rivest-Shamir-Adleman Encryption

The RSA (Rivest-Shamir-Adleman) is a public-key cryptosystem that encrypts and decrypts data with the help of private and public keys. It’s a popular and secure algorithm that’s used for many applications, including digital signatures.

This cryptosystem is widely used for encrypting and decrypting data for secure transmission of data and has a huge number of applications. In this article, the mathematics of this algorithm will be explained in the next section since it’s important to understand the mathematics behind it and optimizations that have been made for computing this faster on processors with memory efficiency. Here, the explanation would be in a simple way, essential for side-channel analysis. For in-depth knowledge about this algorithm, refer to the Wikipedia page which has extensive documentation on this algorithm.

Wikipedia link: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

Understanding the RSA Algorithm — Generating Keys and Encryption/Decryption

To understand the mathematics of the RSA algorithm, there are a few prerequisites of concepts that will be explained here. Feel free to jump to the mathematics if you are already familiar with them.

The factor of a Number

A number can be broken down into multiples of different numbers. For example, 20 = 2 * 2 * 5 or 20 = 1 * 20 which makes 1, 2, 5, and 20 the factors of the number 20. Every number is divisible by 1 and itself.

Prime Numbers

Numbers that have only two factors, that is 1 and itself if termed as a prime number. These numbers are not divisible by any number other than 1 and itself. Except for the number 2 which is prime and even, all other prime numbers are odd. For example, 7 has factors 1 and 7.

Semi Prime Numbers

Numbers that have their factors as 1 and itself as well as only prime numbers are called semi prime numbers. For example, 15 has its factors 1, 3, 5, and 15 where 3 and 5 are prime numbers.

Modulo Function

As shown in the equation given below, k is the remainder when m is divided by n.

equation

For example, 10.mod(6) = 4 since when 10 is divided by 6, the remainder is 4.

A practical example of the modulo function: This is a very famous example that explains the use of the modulo function. Analog clocks with arms usually are in a 12-hour format. To show the time 15:00 in this 12-hour format clock, the hour arm is on 3:00 as per the 12-hour format. The equation for the conversation can be written as:

equation

As shown in the equation, an example can be given for 15:00: 15.mod(12) = 3, which shows 3:00 in the 12-hour clock. Hence, the modulo function can be considered as a wrapping function, if imagined visually.

These were some of the concepts that are required to understand the RSA algorithm. Moving ahead, the RSA algorithm can be explained in two parts: Generating the Keys and Encryption/Decryption Mechanism.

The RSA Algorithm: Generating Keys

RSA Encryption includes pairs of two keys: Public Key and Private Key. To derive these keys, two numbers, p, and q are chosen. These are relatively large prime numbers that are difficult to guess. They are used to form n, which is a semi-prime number with factors p and q. With that, a totient t is calculated as shown in the equations given below.

equation

For generating Public Key E, 3 rules must be followed:

  1. E must be a prime number
  2. E must not be less than the totient
  3. E must not be the factor of totient

equation

For generating Private Key D, a single rule needs to be followed:

The product of D and E, divided by T must result in a remainder of 1.

equation

By generating the Public and Private Keys with given conditions and parameters, they can be used for encryption and decryption of data.

The RSA Algorithm: Encryption and Decryption

The encrypted plain text data is called the cipher text. Data can be encrypted by the public key, in which case the private key is used to decrypt the data whereas if the private key is used to encrypt the data, the public key is used to decrypt the data.

Following are the equations for encrypting and decrypting messages with Public and Private Keys.

equation

These operations can be performed to implement RSA Algorithms for encryption of data during transmission. Without the Public Key/Private Key, the messages cannot be encrypted/decrypted.

This was the mathematics for the RSA Algorithm explained in a simple way and as required to understand the exploitation.

Identifying the Attack Surface of the Algorithm — Exploiting Optimisations for Efficient Computing

The Public Key E and the Private Key D are very big prime numbers that are mathematically infeasible to derive. Since they are so large numbers, exponentiation also takes a large amount of time. Hence, to optimize the exponentiation process, a method is used called the square-and-multiply algorithm. The final goal is to reduce the computational efforts to find the exponent by breaking the number into parts and reaching the goal with as few operations as possible.

It is essential to understand this algorithm since this is the attack surface that is going to be exploited with side-channel analysis.

To break the number into components, convert the exponent into its binary number format. The idea is to build up the number from its unity exponent i.e. to build up x to the power m from x to the power 1 where 1 is in binary.

equation

For example, consider the number 131 which is a prime number and has been converted to its binary form.

To find the exponents of the given number, two operations should be followed, and build up the number which is required for exponentiation.

  1. To append 0, square the number with the current exponent.
  2. To append 1, first square the number and multiply it by itself.

equation

equation

With these operations in line, the exponent can be constructed and when converted to the decimal form, it’s the private key as the exponent.

equation

The processor performs square and multiply operations to find the exponent of the number m (which is the data to be decrypted).

Attacking the Square-Multiply Algorithm with Side Channel Power Analysis

Side Channel Power Analysis Attack

Now since the multiply and square operations take different amounts of computational effort, the processor consumes different amounts of power to computer it. Since P = VI where V is the potential difference across the component and I is the current flowing into the component, these parameters can be varied and the equation remains true. The voltage across the processor remains constant by design, but the current is allowed to vary when the power consumption changes.

Hence, the change in power consumption can be calculated by calculating the current flowing into the component. Hence, traces of power consumption can be taken to find out the operations that are happening inside the processor. This is called a Side Channel Power Analysis Attack, where power is used as a medium to derive information from a certain device.

Calculating the Power Consumption of the Processor

To calculate the current flowing into the component, oscilloscopes can be used. Since oscilloscopes can only measure voltage (usually), a shunt resistance can be used to find the value of current by the application of Ohm’s law.

diagram

Ohm’s law states that the electric current through a conductor between two points is directly proportional to the voltage across the two points. Introducing the constant of proportionality, the resistance, one arrives at the three mathematical equations used to describe this relationship:

equation

By calculating the voltage across the shunt resistance, variations in the current values can be determined, which in turn can be used to determine the power variations and finally, the operations that are executed in the processor.

It is recommended to remove the capacitors that influence the power consumption since they interfere with the readings by discharging while power goes down and charging while power goes up, to improve the quality of data.

Deriving the Private Key by the Analysis of Power consumption

From the example shown above, these computations are done to derive the exponent, which is the private key. A combination of squares and multiplication is done here to derive it.

equation

Following is the sequence of operations performed on the numbers.

diagram

When there is a square operation, a 0 is appended to the formation of the private key. Hence, a square operation indicates a 0. Note that the first digit (the most significant bit would be 1 as the computation begins with the number itself). When there is a square followed by multiply, the digital 1 is appended, indicating 1.

Hence, by the sequence of operations done about, 100000101 can be derived which is the private key.

This sequence of operations can be derived from the power traces of the processor. Since the multiplication operation consumes relatively less power than the square operations, these fluctuations can be analyzed to derive the sequence of operations in the processor to derive the private key of the RSA implementations.

Conclusion — Acknowledging the Information Leaks by Hardware Devices

Side Channel Analysis in the context of power analysis can reveal a lot of information and even leak the private key from the processors and has a lot of potential for research in hardware-related attacks. RSA has a huge amount of applications and hardware attacks like these can have a lot of possibilities.