Archive for June, 2013

PostHeaderIcon Extract Chip PIC16C57A Program

Extract Chip PIC16C57A Program from microcontroller PIC16C57A flash memory, and then reprogramme heximal file into blank MCU PIC16C57A for copying, unlocking microprocessor PIC16C57A secured fuse bit;

Extract Chip PIC16C57A Program from microcontroller PIC16C57A flash memory, and then reprogramme heximal file into blank MCU PIC16C57A for cloning, unlocking microprocessor PIC16C57A secured fuse bit

Extract Chip PIC16C57A Program from microcontroller PIC16C57A flash memory, and then reprogramme heximal file into blank MCU PIC16C57A for cloning, unlocking microprocessor PIC16C57A secured fuse bit

The Oscillator Calibration (OSCCAL) register is used to calibrate the internal 4 MHz oscillator. It contains four to six bits for calibration. Increasing the cal value increases the frequency. See Section 7.2.5 for more information on the internal oscillator if microcontroller PIC16C65B eeprom breaking.

As a program instruction is executed, the Program Counter (PC) will contain the address of the next program instruction to be executed.

The PC value is increased by one every instruction cycle, unless an instruction changes the PC. For a GOTO instruction, bits 8:0 of the PC are provided by the GOTO instruction word. The PC Latch (PCL) is mapped to PC<7:0> after Extract Chip program.

Bit 5 of the STATUS register provides page information to bit 9 of the PC For a CALL instruction, or any instruction where the PCL is the destination, bits 7:0 of the PC again are provided by the instruction word.

However, PC<8> does not come from the instruction word, but is always cleared. The Program Counter is set upon a RESET, which means that the PC addresses the last location in the last page i.e., the oscillator calibration instruction if microcontroller PIC16F677 code copying.

After executing MOVLW XX, the PC will roll over to location 00h, and begin executing user code. The STATUS register page preselect bits are cleared upon a RESET, which means that page 0 is preselected. Therefore, upon a RESET, a GOTO instruction will automatically cause the program to jump to page 0 until the value of the page bits is altered.

PostHeaderIcon Read DSP CPLD Dump information

Read DSP CPLD Dump information from CPLD storage memory, unlock CPLD memory through CPLD cracking method, mostly from invasive method which will involve reverse engineering CPLD physical hardware and get access to the security fuse bit;

Read DSP CPLD Dump information from CPLD storage memory, unlock CPLD memory through CPLD cracking method, mostly from invasive method which will involve reverse engineering CPLD physical hardware and get access to the security fuse bit

Read DSP CPLD Dump information from CPLD storage memory, unlock CPLD memory through CPLD cracking method, mostly from invasive method which will involve reverse engineering CPLD physical hardware and get access to the security fuse bit

In practice the maximum resolution which can be achieved with a standard 100× objective (NA = 0.9) is about 0.3 µm. In order to obtain higher working NA the refractive index of the medium between the objective and the specimen must be increased. There are objectives that allow imaging in water (n = 1.33) and immersion oil (n = 1.51). That increases the maximum resolution up to 0.2 µm for 100× objective. Another way of increasing the resolution is using a shorter wavelength. By shifting to near-ultraviolet (NUV) light with 360 nm wavelength, the  resolution can be increased to 0.18 µm, but this requires special CCD cameras.

Some microscopes have additional features aimed at increasing the contrast of the image and thereby achieving the highest possible resolution. These are darkfield (DF) illumination, differential interference contrast [114], phase contrast [115] and confocal imaging [116]. All the major microscope manufacturers such as Nikon, Olympus, Carl Zeiss and Leica offer a wide range of models from basic to high-end; the latter have all the features necessary to achieve the highest resolution. There are models specifically designed for semiconductor analysis such as the Nikon Optiphot 200C [117], Olympus MX50 [118], Zeiss Axiotron 2 [119] and Leica INM100 [120].

PostHeaderIcon Microchip PIC18F2410 CPU Software Extraction

Microchip PIC18F2410 CPU Software Extraction

When using the DAC in S/H mode, ensure that none of the channels is running at maximum conversion rate, or ensure that the conversion rate of both channels is high enough to not require refresh. BOD will be enabled after any reset if the Microchip PIC18F2410 CPU Software Extraction can be completely properly.

If any reset source goes active, the BOD will be enabled and keep the device in reset if the VCC voltage is below the programmed BOD level. During Power-On Reset, reset will not be released until VCC is above the programmed BOD level even if the BOD is disabled.

Problem fix/Workaround
Do not set the BOD level higher than VCC even if the BOD is not used.
Both DFLLs and both oscillators has to be enabled for one to work
In order to use the automatic runtime calibration for the 2 MHz or the 32MHz internal oscillators, the DFLL for both oscillators and both oscillators has to be enabled for one to work.

Microchip PIC18F2410 CPU Software Extraction

Microchip PIC18F2410 CPU Software Extraction

Problem fix/Workaround
Enabled both the DFLLs and both oscillators when using automtics runtime calibartion for one of the internal oscillators.

Operating Frequancy and Voltage Limitation
To ensure correct operation, there is a limit on operating frequnecy and voltage. Figure 36-2 on page 95 shows the safe operating area on Microchip PIC18F2410 CPU Software Extraction.

Bandgap voltage input for the ACs cannot be changed when used for both ACs simultaneously
ADC gain stage output range is limited to 2.4V

Sampled BOD in Active mode will cause noise when bandgap is used as reference
Bandgap measurement with the ADC is non-functional when VCC is below 2.7V
BOD will be enabled after any reset

Writing EEPROM or Flash while reading any of them will not work after the ADC has increased INL error for some operating conditions DAC has increased INL or noise for some operating conditions VCC voltage scaler for AC is non-linear Maximum operating frequency below 1.76V is 8 MHz.

PostHeaderIcon Decrypt PIC18F2420 MCU Encrypted Program

Decrypt PIC18F2420 MCU Encrypted Program

Sampled BOD in Active mode will cause noise when bandgap is used as reference
Bandgap measurement with the ADC is non-functional when VCC is below 2.7V otherwise the procedures of Decrypt PIC18F2420 MCU encrypted Program will be paused.
BOD will be enabled after any reset
Writing EEPROM or locked while unlocking any of them will not work
ADC has increased INL error for some operating conditions
DAC has increased INL or noise for some operating conditions
VCC voltage scaler for AC is non-linear
Maximum operating frequency below 1.76V is 8 MHz
Bandgap voltage input for the ACs cannot be changed when used for both ACs simultaneously
If the bandgap voltage is selected as input for one Analog Comparator (AC) and then selected/deselected as input for the another AC, the first comparator will be affected for up to 1 us and could potentially give a wrong comparison result after the locked of chip being unlocked.
Problem fix/Workaround
If the Bandgap is required for both ACs simultaneously, configure the input selection for both ACs before enabling any of them.
ADC gain stage output range is limited to 2.4 V
The amplified output of the ADC gain stage will never go above 2.4 V, hence the differential input will only give correct output when below 2.4 V/gain. For the available gain settings, this gives a differential input range of:
Problem fix/Workaround
Keep the amplified voltage output from the ADC gain stage below 2.4 V in order to get a correct result, or keep ADC voltage reference below 2.4 V.
Sampled BOD in Active mode will cause noise when bandgap is used as reference
Using the BOD in sampled mode when the device is running in Active or Idle mode will add noise on the bandgap reference for ADC, DAC and Analog Comparator after the chip’s locked can be unlocked.
Problem fix/Workaround
If the bandgap is used as reference for either the ADC, DAC and Analog Comparator, the BOD must not be set in sampled mode.
Bandgap measurement with the ADC is non-functional when VCC is below 2.7V
The ADC cannot be used to do bandgap measurements when VCC is below 2.7V.
Problem fix/Workaround
If internal voltages must be measured when VCC is below 2.7V, measure the internal 1.00V reference instead of the bandgap.
BOD will be enabled after any reset from Decrypt PIC18F2420 MCU encrypted Program
If any reset source goes active, the BOD will be enabled and keep the device in reset if the VCC voltage is below the programmed BOD level. During Power-On Reset, reset will not be released until VCC is above the programmed BOD level even if the BOD is disabled before unlock chip data.
Problem fix/Workaround
Do not set the BOD level higher than VCC even if the BOD is not used.

PostHeaderIcon Readout DSP Chip TMS320LF2406APZAR Program

Readout DSP Chip TMS320LF2406APZAR Program

Before we will be able to Readout DSP Chip TMS320LF2406APZAR Program, it is necessary to know this CMOS chip structure:

High-Performance Static CMOS Technology

− 25-ns Instruction Cycle Time (40 MHz)
− 40-MIPS Performance
− Low-Power 3.3-V Design
D Based on TMS320C2xx DSP CPU Core
− Code-Compatible With F243/F241/C242
− Instruction Set and Module Compatible
With F240
D Flash (LF) and ROM (LC) Device Options
− LF240xA: LF2407A, LF2406A,
LF2403A, LF2402A
− LC240xA: LC2406A, LC2404A,
LC2403A, LC2402A
D On-Chip Memory
− Up to 32K Words x 16 Bits of Flash
EEPROM (4 Sectors) or ROM
− Programmable “Code-Security” Feature for the On-Chip Flash/ROM
− Up to 2.5K Words x 16 Bits of
Data/Program RAM
− 544 Words of Dual-Access RAM
− Up to 2K Words of Single-Access RAM
D Boot ROM (LF240xA Devices)
− SCI/SPI Bootloader
D Up to Two Event-Manager (EV) Modules (EVA and EVB), Each Includes:
− Two 16-Bit General-Purpose Timers
− Eight 16-Bit Pulse-Width Modulation (PWM) Channels Which Enable:
− Three-Phase Inverter Control
− Center- or Edge-Alignment of PWM Channels
− Emergency PWM Channel Shutdown With External PDPINTx Pin
− Programmable Deadband (Deadtime) Prevents Shoot-Through Faults
− Three Capture Units for Time-Stamping of External Events
− Input Qualifier for Select Pins
− On-Chip Position Encoder Interface Circuitry
− Synchronized A-to-D Conversion
− Designed for AC Induction, BLDC,
Switched Reluctance, and Stepper Motor Control
− Applicable for Multiple Motor and/or Converter Control
D External Memory Interface (LF2407A)
− 192K Words x 16 Bits of Total Memory:
64K Program, 64K Data, 64K I/O
D Watchdog (WD) Timer Module
D 10-Bit Analog-to-Digital Converter (ADC)
− 8 or 16 Multiplexed Input Channels
− 500-ns MIN Conversion Time
− Selectable Twin 8-State Sequencers
Triggered by Two Event Managers
D Controller Area Network (CAN) 2.0B Module (LF2407A, 2406A, 2403A)

Readout DSP Chip TMS320LF2406APZAR Program

Readout DSP Chip TMS320LF2406APZAR Program

D Serial Communications Interface (SCI)
D 16-Bit Serial Peripheral Interface (SPI)
(LF2407A, 2406A, LC2404A, 2403A)
D Phase-Locked-Loop (PLL)-Based Clock Generation
D Up to 40 Individually Programmable,
Multiplexed General-Purpose Input / Output (GPIO) Pins
D Up to Five External Interrupts (Power Drive Protection, Reset, Two Maskable Interrupts)
D Power Management:
− Three Power-Down Modes
− Ability to Power Down Each Peripheral Independently
D Real-Time JTAG-Compliant Scan-Based Emulation, IEEE Standard 1149.1† (JTAG)
D Development Tools Include:
− Texas Instruments (TI) ANSI C Compiler,
Assembler/ Linker, and Code Composer
Studio Debugger
− Evaluation Modules
− Scan-Based Self-Emulation (XDS510)
Broad Third-Party Digital Motor Control Support D Package Options

PostHeaderIcon Crack PIC16F716 MCU Source Code

Crack PIC16F716 MCU Source Code

Crack PIC16F716 MCU Source Code means the source code will be readout from its memory after the PIC16F716 protection has been disabled:

Microcontroller Core Features:
· High-performance RISC CPU
· Only 35 single-word instructions to learn
– All single-cycle instructions except for program branches which are two-cycle
· Operating speed: DC – 20 MHz clock input DC – 200 ns instruction cycle
· Interrupt capability (up to 7 internal/external interrupt sources)
· 8-level deep hardware stack
· Direct, Indirect and Relative Addressing modes
Special Microcontroller Features:
· Power-on Reset (POR)
· Power-up Timer (PWRT) and
Oscillator Start-up Timer (OST)
· Watchdog Timer (WDT) with its own on-chip RC oscillator for reliable operation
· Dual level Brown-out Reset circuitry
– 2.5 VBOR (Typical)
– 4.0 VBOR (Typical)
· Programmable code protection
· Power-Saving Sleep mode
· Selectable oscillator options
· Fully static design
· In-Circuit Serial Programming™ (ICSP™) CMOS Technology:

Crack PIC16F716 MCU Source Code

Crack PIC16F716 MCU Source Code

· Wide operating voltage range:
– Industrial: 2.0V to 5.5V
– Extended: 3.0V to 5.5V
· High Sink/Source Current 25/25 mA
· Wide temperature range:
– Industrial: -40°C to 85°C
– Extended: -40°C to 125°C
Low-Power Features:
· Standby Current:
– 100 nA @ 2.0V, typical
· Operating Current:
– 14 ìA @ 32 kHz, 2.0V, typical
– 120 ìA @ 1 MHz, 2.0V, typical
· Watchdog Timer Circuit:
– 1 ìA @ 2.0V, typical
· Timer1 Oscillator Current:
– 3.0 ìA @ 32 kHz, 2.0V, typical
Peripheral Features:
· Timer0: 8-bit timer/counter with 8-bit prescaler
· Timer1: 16-bit timer/counter with prescaler can be incremented during Sleep via external crystal/clock
· Timer2: 8-bit timer/counter with 8-bit period register, prescaler and postscaler
· Enhanced Capture, Compare, PWM module:
– Capture is 16-bit, max. resolution is 12.5 ns
– Compare is 16-bit, max. resolution is 200 ns
– PWM maximum resolution is 10-bit
– Enhanced PWM:
– Single, Half-Bridge and Full-Bridge modes
– Digitally programmable dead-band delay
– Auto-shutdown/restart
· 8-bit multi-channel Analog-to-Digital Converter
· 13 I/O pins with individual direction control
· Programmable weak pull-ups on PORTB

PostHeaderIcon Microchip PIC18F2520 Embedded Firmware Extraction

Microchip PIC18F2520 Embedded Firmware Extraction

Microchip PIC18F2520 Embedded Firmware Extraction needs not only know the memory structure, but also the oscillator structure since it is also important for the power glitch method:

Flexible Oscillator Structure:
· Four Crystal modes, up to 40 MHz
· 4x Phase Lock Loop (PLL) – Available for Crystal and Internal Oscillators
· Two External RC modes, up to 4 MHz
· Two External Clock modes, up to 40 MHz
· Internal Oscillator Block:
– Fast wake from Sleep and Idle, 1 ìs typical
– 8 use-selectable frequencies, from 31 kHz to 8 MHz
– Provides a complete range of clock speeds from 31 kHz to 32 MHz when used with PLL
– User-tunable to compensate for frequency drift
· Secondary Oscillator using Timer1 @ 32 kHz
· Fail-Safe Clock Monitor:
Allows for safe shutdown if peripheral clock stops

Microchip PIC18F2520 Embedded Firmware Extraction

Microchip PIC18F2520 Embedded Firmware Extraction

Converter module:
– Auto-acquisition capability
– Conversion available during Sleep
· Dual Analog Comparators with Input Multiplexing
· Programmable 16-Level High/Low-Voltage
Detection (HLVD) module:
– Supports interrupt on High/Low-Voltage Detection
Special Microcontroller Features:
· C Compiler Optimized Architecture:
– Optional extended instruction set designed to
optimize re-entrant code
· 100,000 Erase/Write Cycle Enhanced Flash
Program Memory Typical
· 1,000,000 Erase/Write Cycle Data EEPROM
Memory Typical
· Flash/Data EEPROM Retention: 100 Years Typical
· Self-Programmable under Software Control

High-Current Sink/Source 25 mA/25 mA
Three Programmable External Interrupts
Four Input Change Interrupts
Up to 2 Capture/Compare/PWM (CCP) modules,

· Priority Levels for Interrupts
· 8 x 8 Single-Cycle Hardware Multiplier
· Extended Watchdog Timer (WDT):
– Programmable period from 4 ms to 131s

one with Auto-Shutdown (28-pin devices)
· Enhanced Capture/Compare/PWM (ECCP)
module (40/44-pin devices only):
– One, two or four PWM outputs
– Selectable polarity
– Programmable dead time
– Auto-shutdown and auto-restart

PostHeaderIcon Copy Lattice CPLD Encrypted File

Copy Lattice CPLD Encrypted File from embedded memory, disable the security fuse by Microcontroller cracking skill and extract the firmware from CPLD chip;

Copy Lattice CPLD Encrypted File from embedded memory, disable the security fuse by Microcontroller cracking skill and extract the firmware from CPLD chip;

Copy Lattice CPLD Encrypted File from embedded memory, disable the security fuse by Microcontroller cracking skill and extract the firmware from CPLD chip;

Normally a microscope objective has at least two parameters printed on it – magnification and numerical aperture (NA). Modern optical microscopes provide magnification up to 9,000× and 500× magnification is provided by most modern microscopes. Numerical aperture determines the resolving power of an objective, but the total resolution of a microscope system is also dependent upon the numerical aperture of projection optics.

The higher the numerical aperture of the total system the better the resolution. The numerical aperture is related to the angle µ which is one-half of the angular aperture at which the light cone comes to the specimen surface: NA = n sin(µ). The relationship between the numerical aperture and the resolution can used for observation.

PostHeaderIcon Copy DSP CPLD Embeded Firmware

Copy DSP CPLD Embeded Firmware from CPLD memory needs to reverse engineering CPLD and get the CPLD scheme in order to locate the security fuse bit of CPLD, and then use Microcontroller cracking technique to remove the protection;

Copy DSP CPLD Embeded Firmware from CPLD memory needs to reverse engineering CPLD and get the CPLD scheme in order to locate the security fuse bit of CPLD, and then use Microcontroller cracking technique to remove the protection;

Copy DSP CPLD Embeded Firmware from CPLD memory needs to reverse engineering CPLD and get the CPLD scheme in order to locate the security fuse bit of CPLD, and then use Microcontroller cracking technique to remove the protection;

The most important tool for reverse engineering silicon chips down to 0.18 µm feature size is an optical microscope with a CCD camera to produce mosaics of high-resolution photographs of the chip surface. Not every microscope would do. As light cannot pass through the chip, the microscope should have reflected light illumination. The image should be sharp and without geometric distortion and colour aberration, otherwise it will not be possible to stick all the images together.

The most important parameters of the microscope are resolution and magnification. The resolution of a microscope mainly depends upon its objective lenses and is defined as the smallest distance between two points on a specimen that can still be distinguished as two separate entities. Resolution is a somewhat subjective value in microscopy because at high magnification an image may appear non-sharp but still be resolved to the maximum ability of the objective.

PostHeaderIcon Microchip MCU PIC16F870 Heximal Code Restoration

Microchip MCU PIC16F870 Heximal Code Restoration

The content from original PIC16F870 can be re-attained through Microchip MCU PIC16F870 Heximal Code Restoration procedures:

Microcontroller Core Features:
· High performance RISC CPU
· Only 35 single word instructions to learn
· All single cycle instructions except for program branches which are two-cycle
· Operating speed: DC – 20 MHz clock input DC – 200 ns instruction cycle
· 2K x 14 words of FLASH Program Memory
128 x 8 bytes of Data Memory (RAM) 64 x 8 bytes of EEPROM Data Memory
· Pinout compatible to the PIC16CXXX 28 and 40-pin devices
· Interrupt capability (up to 11 sources)
· Eight level deep hardware stack

· Direct, Indirect and Relative Addressing modes
· Power-on Reset (POR)
· Power-up Timer (PWRT) and Oscillator Start-up Timer (OST)
· Watchdog Timer (WDT) with its own on-chip RC oscillator for reliable operation
· Programmable code protection
· Power saving SLEEP mode
· Selectable oscillator options
· Low power, high speed CMOS FLASH/EEPROM technology
· Fully static design
· In-Circuit Serial Programmingä (ICSPä) via two pins
· Single 5V In-Circuit Serial Programming capability
· In-Circuit Debugging via two pins
· Processor read/write access to program memory
· Wide operating voltage range: 2.0V to 5.5V
· High Sink/Source Current: 25 mA
· Commercial and Industrial temperature ranges
· Low power consumption:
– < 1.6 mA typical @ 5V, 4 MHz
– 20 mA typical @ 3V, 32 kHz
– < 1 mA typical standby current

Microchip MCU PIC16F870 Heximal Code Restoration

Microchip MCU PIC16F870 Heximal Code Restoration

Peripheral Features:
· Timer0: 8-bit timer/counter with 8-bit prescaler
· Timer1: 16-bit timer/counter with prescaler, can be incremented during SLEEP via external crystal/clock
· Timer2: 8-bit timer/counter with 8-bit period register, prescaler and postscaler
· One Capture, Compare, PWM module
– Capture is 16-bit, max. resolution is 12.5 ns
– Compare is 16-bit, max. resolution is 200 ns
– PWM max. resolution is 10-bit
· 10-bit multi-channel Analog-to-Digital converter
· Universal Synchronous Asynchronous Receiver
Transmitter (USART/SCI) with 9-bit address detection
· Parallel Slave Port (PSP) 8-bits wide, with external RD, WR and CS controls (40/44-pin only)
· Brown-out detection circuitry for Brown-out Reset (BOR)