In order to prevent unauthorized access or copying of the internal program of the MCU, most MCUs are equipped with encryption lock bits or encryption bytes to protect the internal program. In fact, such protection measures are very fragile and can be easily cracked. MCU attackers use special equipment or homemade equipment to exploit loopholes in the design of MCU chips or software defects, and use a variety of technical means to extract key information from the chip, obtain the internal program of the MCU, and then decrypt the MCU IC.
Technique 2:
Vulnerabilities in the production process, use certain programmers to locate the insertion bytes, and use certain methods to find out whether there are continuous empty spaces in the chip, that is, to find continuous FF FF bytes in the chip. The inserted bytes can execute the instructions to send the internal program to the outside of the chip, and then intercept them with the decryption equipment, so that the internal program of the chip is decrypted.
Technique 3:
Destroy the package, and then use semiconductor testing equipment, microscopes and micro-positioners, but it takes hours or even weeks in a special laboratory to complete the decryption of the MCU IC.
Tip 4:
Many chips have encryption vulnerabilities when they are designed. Such chips can use the vulnerabilities to attack the chip to read the code in the memory. By using the vulnerability of the chip code, if you can find the associated FF code, you can insert bytes to achieve the decryption of the microcontroller IC.
Tip 5:
Another possible attack method is to use equipment such as microscopes and laser cutters to find the protection fuse, so as to find all the signal lines associated with this part of the circuit. Due to design defects, as long as a signal line from the protection fuse to other circuits is cut off, the entire protection function can be disabled. For some reason, this line is very far away from other lines, so using a laser cutter can completely cut this line without affecting the adjacent lines. In this way, the contents of the program memory can be directly read using a simple programmer.
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. By using this site, you agree to our use of cookies.
Privacy Policy