Break IC, Recover MCU, Microcontroller Reverse Engineering

Posts Tagged ‘mcu flash reverse engineering’

IC Flash Recovery is a process to extract code of MCU memory content, and copy the firmware to new Microcontroller for IC cloning;

IC Flash Recovery is a process to extract code of MCU memory content, and copy the firmware to new Microcontroller for IC cloning

Semi-invasive IC Flash Recovery, like invasive ic attack, require depackaging the chip to get access to the chip surface. But the passivation layer of the chip remains intact – semi-invasive ic break methods do not require electrical contact to the metal surface, so there is no mechanical damage to the silicon.

As invasive ic hacks are becoming constantly more demanding and expensive, with shrinking feature sizes and increasing device complexity, semi-invasive ic flash recovery become more attractive as they do not require very expensive tools and give results in a shorter time. Also, being applied to a whole transistor or even a group of transistors they are less critical to the small feature size of modern chips.

Reverse Engineering IC Flash is starting point of Microcontroller reverse engineering, target MCU will be delayer one by one in the reverse order of Microprocessor manufacturing, the purpose is to figure out the security fuse bit and cut it off;

Reverse Engineering IC Flash is starting point of Microcontroller reverse engineering, target MCU will be delayer one by one in the reverse order of Microprocessor manufacturing, the purpose is to figure out the security fuse bit and cut it off

Read program and data out from Microcontroller memory requires direct access to the internal components of the device. If it is a security module or a USB dongle, then it has to be opened to get access to the internal memory chips. In the case of a smartcard or a microcontroller, the packaging should be removed followed by FIB or laser depassivation to get access to the internal wires buried deep under the passivation layer of the chip.

Such ic decryption method normally require a well equipped and knowledgeable ic attacker to succeed. Meanwhile, invasive ic extraction are becoming constantly more demanding and expensive, as feature sizes shrink and device complexity increases.