Skip to content

CW1173 ChipWhisperer-Lite

The ChipWhisperer-Lite represents NewAE Technology Inc.’s most aggressive pursuit of it’s mission to bring side-channel power analysis and glitching attacks to every engineer and student. The FULLY open-source (hardware, software, firmware, FPGA code) is launching a revolution in hardware security. In particular, the ChipWhisperer-Lite serves as a good middle ground between the full feature-set of the ChipWhisperer-Pro, and the affordability of the ChipWhisperer-Nano.

The ChipWhisperer-Lite typically comes with two main parts: a multi-purpose power analysis capture instrument, and a target board. The target board is a standard microcontroller which you can implement algorithms onto. For example if you wish to evaluate an AES library, you can program that library into the target board and perform the power analysis.

NOTE: This page will only cover the capture side of the board. See targets/CW303 for documentation on the target side of the board.


Available in the ChipWhisperer-Lite starter kit, the Level 1 Starter Kit, and the Level 2 Starter Kit


Quick-Start Guide

Hardware setup is fast and easy! If you've got a 1-part ChipWhisperer, simply use a micro USB cable to connect the ChipWhisperer-Lite to a computer or laptop. If you've got a 2 part version, you'll also need to connect a 20-pin cable between the ChipWhisperer-Lite and the target, as well as a coax cable between the measure SMA connector (if you're doing power analysis) or the glitch SMA connector (if you're doing voltage glitching) and the SMA connector on the target. For other targets, check the relevant target documentation.

Once that's done, follow our software/driver installation guide at, which will take the rest of the way towards learning about side channel attacks!

Product Highlights

  • Synchronous (capture board and target board both use the same clock) capture and glitch architecture, offering vastly improved performance over a typical asynchronous oscilloscope setup
  • 10-bit 105MS/s ADC for capturing power traces
  • Can be clocked at both the same clock speed as the target and 4 times faster
  • +55dB adjustable low noise gain, allowing the Lite to easily measure small signals
  • Clock and voltage fault generation via FPGA-based pulse generation
  • XMEGA (PDI), AVR (ISP), and STM32F (UART Serial) bootloader built in


Analog Capture and Clock

Feature Notes/Range
ADC Specs 10-bit 105MS/s
ADC Clock Source Internally generated (x1 or x4 from output clock), external input (x1 or x4 from input clock)
Analog Input AC-Coupled, adjustable low-noise gain from -6.5dB to 55dB
Sample Buffer Size 24 573 samples
ADC Decimation Yes
ADC Offset Adjustment Yes, [0, 2^32) clock cycles
ADC Trigger Rising-edge, Falling-edge, High, Low
Presampling Yes
Phase Adjustment Yes, 5ns increments
Capture Streaming No
Clock Generation Range 5-200MHz
Clock Output Regular, with glitch inserted, glitch only


Feature Notes/Range
Modules Basic
Analog Trigger N/A
Basic Trigger Inputs TIO 1-4, nRST
Basic Trigger Combination One of OR, AND, NAND


Feature Notes/Range
GPIO Voltage 3.3V
Logic Outputs TIO 1-4, nRST, PDIC, PDID
Logic Inputs TIO 1-4
UART Serial TIO 1-4 assignment
Clock Fixed, HS2 output, HS1 Input
Trigger Out No
Programmers STM32F UART, Atmel PDI (for XMEGA), Atmel ISP (for AVR)
Power rails 3.3V


Feature Notes/Range
Voltage Glitching Yes
Clock Glitching Yes
Glitch Outputs Clock-XOR, Clock-OR, Glitch-Only, Enable-Only
Glitch Width* 0-49.8% of a clock cycle, 100% (enable-only)
Glitch Width Increments 0.4% of a clock cycle
Glitch Offset 0-49.8% of a clock cycle, 100% (enable-only)
Glitch Offset Increments 0.4% of a clock cycle
Glitch Cycle Offset [0, 2^32)
Glitch Cycle Repeat [0, 8192]
Voltage Glitch Type High-power, low-power crowbar
Voltage Glitch Pulse Current 20A
Glitch Trigger Rising-Edge

* Actual glitch width will be affected by cabling used for glitch output

Using the ChipWhisperer-Lite

All communication with the ChipWhisperer-Lite is done through ChipWhisperer's Python API, which is documented on our ReadTheDocs Page.

ChipWhisperer also has many Jupyter Notebook tutorials/labs, which serve as learning material for side-channel attacks, as well as examples on how to use the ChipWhisperer API. If you followed the install instructions on ReadTheDocs, this will be in the jupyter/ folder in the place you installed ChipWhisperer.

We also have full courses available at that supplement the Jupyter Notebook tutorials.

Using from Other Languages

While the ChipWhisperer API is written in Python, any language that can talk to libusb should be compatable. This will require you to write your own backend and is officially unsupported by NewAE.


Using Glitch Port

The "GLITCH" port is used for voltage glitching. It's connected to two MOSFET elements, as the following figure shows:


The CW1173 glitch output can be commanded to turn on either of those MOSFETs via and fields: = True #enable high power glitch = False #disable high power glitch = True #enable low power glitch = False #disable low power glitch

Be careful using this feature, as you don't want to short the MOSFETs for too long. It's also possible to damage the ChipWhisperer-Lite by burning these MOSFETs up if used incorrectly. See Tutorial Fault_2 for more information.

Using Measure Port

The "MEASURE" port is the input to the low-noise amplifier and ADC.

20-Pin Connector

The 20-pin connector carries power and IO pins between the ChipWhisperer-Lite and the target board. The pinout is as follows:

Number Name Dir Description
1 +VUSB (5V) O Not Connected on ChipWhisperer-Lite.
2 GND O System GND.
3 +3.3V O +3.3V to Target Device, can be turned off, 200mA available.
4 FPGA-HS1 I/O High Speed Input (normally clock in).
6 FPGA-HS2 I/O High Speed Output (normally clock or glitch out).
7 PROG-MISO I/O SPI input: MISO (for SPI + AVR Programmer).
8 VTarget I Drive this pin with desired I/O voltage in range 1.5V-5V.
9 PROG-MOSI I/O SPI output: MOSI (for SPI + AVR Programmer).
10 FPGA-TARG1 I/O TargetIO Pin 1 - Usually UART TX or RX.
11 PROG-SCK I/O SPI output: SCK (for SPI + AVR Programmer).
12 FPGA-TARG2 I/O TargetIO Pin 2 - Usually UART RX or TX.
13 PROG-PDIC I/O PDI Programming Clock (XMEGA Programmer), or CS pin (SPI). Also used for STM32 bootloader
14 FPGA-TARG3 I/O TargetIO Pin 3 - Usually bidirectional IO for smartcard.
15 PROG-PDID I/O PDI Programming Data (XMEGA Programmer).
16 FPGA-TARG4 I/O TargetIO Pin 4 - Usually trigger input.
17 GND O
18 +3.3V O
19 GND O
20 +VUSB (5V) O Not Connected on ChipWhisperer-Lite.

Advanced Usage

Mounting Jumpers

The ChipWhisperer-Lite main board and target section contain a number of jumper options. By default these are not mounted, and solder jumper bridges on the PCB have been bridged to select the appropriate options when required. Some options are only solder jumpers, requiring a soldering iron to bridge or clear the appropriate connections.

The following lists jumpers on the ChipWhisperer-Lite Capture Section:

  • JP4 is the "RESET" net for the SAM3U processor.

  • JP2 causes the SAM3U processor flash memory to be erased. When the chip is erased a rom-resident bootloader takes over. See section XXXXX for bootloader details.

  • JP5 selects the IO voltage for the FPGA bank which connects to the 20-pin target. By default SJ6 selects this to be 3.3V. It is not recommended to change this, as it is easy to damage the FPGA by feeding an out-of-range voltage in.
  • SJ1 selects if the power supply comes from the Micro-USB connector (default) or an external 5V supply at the +5VIN pin.

Breaking Target Section Apart

You may wish to break the target section apart from the main capture board. This can easily be accomplished by following these instructions:

  1. Using a sharp knife (such as Xacto knife or retractable safety knife), cut the traces on the bottom side of the board along the cut line. Pass the knife back and forth several times. Scoring the board deeply will make the breaking process easier and less stressful on the PCB:


  1. Score the board on the top side:


  1. Select a surface to break the board over. It is suggested to have a piece of cardboard or boxboard down to protect components on the bottom side of the ChipWhisperer:


  1. Hold the main board section flat, apply even pressure to the target board section. It should snap downward:


  1. Separate the two sections:


You can see a video of the process here:


Applying even pressure will help prevent damage to the ChipWhisperer-Lite main section. Flexing the PCB too much may cause damage to solder joints, but by holding the entire board flat against the edge this is prevented.

Upgrading SAM3U Firmware

When talking about the ChipWhisperer's firmware, there is really two parts to this:

  1. The FPGA Bitstream file.
  2. The SAM3U USB interface chip firmware.

The FPGA bitstream alone is what is normally configured by the ChipWhisperer-Capture software. This bitstream is always the most up-to-date, since it's automatically reloaded by the computer every time you power cycle the ChipWhisperer-Capture. The SAM3U firmware is not updated automatically, but it tends to change less frequently.

Checking Firmware Version

The firmware version can be accessed as follows:

>>> import chipwhisperer as cw
>>> scope = cw.scope()
>>> print(scope.fw_version)
{'major': 0, 'minor': 11, 'debug': 0}

The version of the newest firmware can be printed as follows:

>>> import chipwhisperer as cw
>>> scope = cw.scope()
>>> print(scope.latest_fw)
{'major': 0, 'minor': 11}

If a firmware update is available, the user will be warned when connecting to the scope:

>>> scope = cw.scope()
WARNING:root:Your firmware is outdated - latest is 0.12. Suggested to update firmware, as you may experience errors
Upgrading Firmware

See for instructions on how to update the SAM3U firmware.

Linux usbserial module Workaround

There is an issue in some versions of Linux, where the SAM3U is not assigned a serial port when it enters bootloader mode. Here are some steps to resolve this issue (Note. this is not a permanent fix, you must go through these steps each time you put your ChipWhisperer into bootloader mode.). These steps assume you've already put ChipWhisperer into bootloader mode.

  1. Unplug your ChipWhisperer (Leave unplugged until instructed otherwise)
  2. Reboot your computer
  3. Once logged in again, open a terminal session
  4. Run this command: sudo modprobe usbserial vendor=0x3eb product=0x6124
  5. Plug your ChipWhisperer back in
  6. Check that a serial port is now open using: ls -l /dev/ttyUSB*


You should now be able to program the bootloader from ChipWhisperer Capture through the port you created