Site icon Break IC, Recover MCU, Microcontroller Reverse Engineering

Add Security Fuse to Prevent IC Code Attack

Add Security Fuse to Prevent IC Code Attack is commonly used way to extract embedded firmware from MCU flash and eeprom memory;

Add Security Fuse to Prevent IC Code Attack is commonly used way to extract embedded firmware from MCU flash and eeprom memory

The next step in increasing the security protection against IC code attack which was in adding a hardware security fuse that disables the access to data.

The easiest implementation, which does not require the complete redesign of the microcontroller structure, was for the fuse to control the read-back function of the programming interface.

The drawback of this approach was in making it easier to locate the security fuse and perform an invasive MCU breaking. For example, the state of the fuse could be changed by connecting the output from the fuse cell directly to the power supply or ground line.

In some cases it might be enough to just disconnect the sense circuit from the fuse cell by cutting the wire from it with a laser cutter or focused ion beam (FIB) machine.

It might be possible to succeed in non-invasive mcu code extraction as well, because a separate fuse would certainly behave differently from the normal memory array. As a result it might be possible to find such a combination of external signals under which the state of this fuse would not be read correctly thus allowing the access to the information stored in the on-chip memory.

Semi-invasive MCU cracking could bring the code reading to success even faster but will require decapsulation of the chip to get access to the die. A well known example of such attacks is erasing the security fuse under a UV light.

Exit mobile version