Copy CPLD IC Code from CPLD chip memory is a reverse CPLD manufacturing process, original master CPLD will be cracked and firmware inside memory of CPLD can be readout directly;

Copy CPLD IC Code from CPLD chip memory is a reverse CPLD manufacturing process, original master CPLD will be cracked and firmware inside memory of CPLD can be readout directly

Normally, the programming of an EPROM memory is controlled by external signals and all the timings should be supplied by a programmer unit. This gives an opportunity for the attacker to inject charge into the floating gate thus shifting the threshold level enough to read the memory contents when the security fuse is inactive.

Such a trick is virtually impossible to apply to modern EEPROM and Flash memory devices for several reasons. First, the programming is fully controlled by the on-chip hardware circuit. Second, the programming of EEPROM and Flash cells is normally performed by using much faster Fowler-Nordheim tunnelling rather than CHE injection. As a result it is very hard to control the exact amount of charge being placed into the cell. Also, the temperature and the supply voltage affect this process making it even harder to control.

Comments are closed.