Archive for November, 2011
FPGA Crack method
FPGA crack’s Error-Occurring technology
Through abnormal operation situation to let errors occur in FPGA, and then provide extra accessing to crack FPGA, the most commonly used error-occurring methods include voltage shock and clock shock, low voltage and high voltage fpga crack can be applied for prohibition of circuit protection or force microprocessor to operate errors. Clock transient hop maybe can re-set circuit protection but won’t damage protected information. Power supply and clock transient hop can affect recovery and execution of single order in part of FPGA.
How to Extract MCU Code
How to Extract MCU Code is a task for engineers who wants to make IC clone from exisiting microcontroller memory reading;
The principle of this method is monitor simulation characteristic of all the power supply and interface connection during the standard operation under high resolution, and copy MCU firmware by monitoring its electromagnetic radiation.
Because MCU is an active electronic component, when it operate different orders, corresponding power supply consumption will alter accordingly. Then use special electronic measurement device and mathematic statistical method to analyze and detect these changes, can extract code embedded inside microprocessor.
Currently RF programmer can read program of old MCU is base upon this principle.
Attack MCU Method Introduction
Attack MCU Method can be categorized with invasive and semi-invasive ones, through which will be able to extract code from IC chip and make microcontroller clone;
1 — Software MCU Attack:
This method use communication interface of processor plus protocol, encrypted algorithm to attack microcontroller, a typical successful example of software attack is the breaking against early MCU ATMEL AT89C51 series MCU. Attacker takes advantage of the design flaw of erasure operation sequence, use self-made program to erase encrypted lock location, and then halt the next operation of erase internal program, through which the encrypted MCU being turn into decrypted MCU after attacked, finally use programmer to read the internal procedure.
Currently base upon the other encryption method, some kind of devices can be promoted accompany with certain types of software can be used as software mcu attack. In recent days, domestic market has presented a kind of 51 MCU cracking device, this decipher is mainly focus on brands like SyncMos, Winbond, use the leak of the production technology and insert positioning bit of several programmer, find out continuous empty locations through certain methods, which means need to find out the continuous FF FF bits, those inserted bits can instruct the order of send internal program to outside environment, and then use processor attack device to intercept and capture.
MCU Break Introduction
MCU Break is a process to disable the secured protection against unauthorized MCU reading, focus ion beam technique will be applied to remove the fuse bit to expose the flash memory;
Microcontrollers generally have internal EEPROM / FLASH program for users to store data. To prevent unauthorized access or copy microcontroller program of MCU (MCU crack), most of MCUs are encrypted with the encryption lock orientation or lock-bit bytes to protect the MCU program.
If the programming lock-bit encryption is enabled (locked), you can’t use ordinary programmer reads the program directly within MCU, which is called encryption or MCU locking.
MCU IC breaker with special equipment or home-made equipment, take the advantage of single IC design flaw or software defects, through a variety of techniques, can attack key information from the MCU, access to program inside microcontroller, which is called microcontroller break.
Please view our service procedures below for your reference:
Step 1:
After recipient of original MCU from customer and finish the electrical integrity test to confirm the feasibility of work, official invoice will be sent from us, customer prepay 50% payment, we start the project upon the confirmation of payment recipient;
Step 2:
After process finish and informed by us, program will be loaded into two pieces of new empty MCUs and send back to customer for verification, customer need to pay freight cost and new MCU samples cost in advance;
Step 3:
Customer has obliged to inform the test result within 5 working days after receipt of programmed MCU samples, if test is passed, customer need to pay the balance within 72 hours and we will send the program to customer through email after confirm the receipt of customer balance payment within 48 hours;
Step 4:
If the samples don’t work, it is obliged to take necessary evaluation after the receipt of functionality testing platform for debugging and resubmit samples within 3 weeks, and if still fail to find and solve the problems, we have to refund customer all of prepayment within 2 weeks upon the date of mutual agreement. (Include MCU samples price and freight cost).
If you have any further inquiry regarding our service please feel free to let us know, thanks