What is chip decryption? What is IC decryption? What is a single-chip microcomputer decryption?

Source: Internet
Author: User

What is Chip Decryption ? What is IC decryption ? What is a single-chip microcomputer decryption ?


Brief description of Chip decryption:

& nbsp;      Chip decryption is also known as a single-chip microcomputer decryption decryption because the microcontroller chip in the official product is encrypted, A program cannot be read directly using a programmer. But sometimes customers for a number of reasons, need to get a single-chip internal program, used to refer to research learning, to find missing data or copy some chips, this needs to do chip decryption. Chip decryption is through certain equipment and methods, directly get the encryption of the single-chip computer burning write files, you can copy the burning chip or disassembly after their own reference research. Our decryption can guarantee that we provide the function of the sample and the original customer provides the same features, and can be burned to write files (machine language) to provide to customers, customers can freely write.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/89/C7/wKiom1gcIVLjjWXfAAGSjCjZSdw340.jpg "title=" IC Chip decryption single-chip microcomputer decryption. JPG "alt=" wkiom1gcivljjwxfaagsjcjzsdw340.jpg "/>

What is chip decryption? What is IC decryption? What is a single-chip microcomputer decryption?

Basic definition of chip decryption:

chip decryption means copying the stored code from a chip that has already been encrypted. There are many kinds of chips embedded in the program code, and the MCU is just one of them.

       chip decryption means copying the stored code from a chip that has already been encrypted. There are many kinds of chips embedded in the program code, andMCUjust one of them. Single-Chip microcomputer (MCU) There are generally internalEeprom/flashfor users to store programs and work data. In order to prevent unauthorized access to or copy of the microcontroller in-machine program, most of the microcontroller with encryption lock location or encryption byte, to protect the on-chip program. If the encryption lock positioning is enabled (locked) during programming, it is not possible to directly read the program in the microcontroller with the ordinary programmer, which is called single-chip microcomputer encryption or chip encryption. Single-chip computer attackers with special equipment or self-made equipment, the use of single chip microcomputer chip design loopholes or software defects, through a variety of technical means, can be extracted from the chip key information, to obtain a single-chip computer program This is called Chip decryption.

       Chip decryption is also known as single-chip microcomputer decryption, single-chip computer crack, chip cracking,ICdecryption, but this is strictly speaking, these are not scientific, but it has become a customary term, we putCPLDdecryption,DSPdecryption is used to be called chip decryption. Single-chip microcomputer is just one of the classes that can load a program chip. A chip that can burn a program and encrypt it.DSP,CPLD,PLD,AVR,ARMand so on. There are also special design have encryption algorithm for professional encryption chip or design verification factory code work and other functional chips, such chips can also achieve the purpose of preventing electronic product duplication.

How to decrypt the chip:

Software attack

The technology typically uses a processor communication interface and exploits protocols, cryptographic algorithms, or security vulnerabilities in these algorithms. A typical example of a successful software attack is an attack on an earlier ATMEL at89c series microcontroller. Attackers take advantage of this series of microcontroller erase operation timing design of the vulnerability, using a self-coding program after the erasure of the encryption lock location, stop the next erase on-chip program memory data operation, so that the encryption of the microcontroller into an unencrypted microcontroller, and then use the programmer to read the on-chip program.

on the basis of other encryption methods, some devices can be researched to make software attacks with certain software.

Electronic detection attack

The technology typically monitors the analog characteristics of all power and interface connections during normal operation with high time resolution and enforces attacks by monitoring its electromagnetic radiation characteristics. Because the microcontroller is an active electronic device, when it executes different instructions, the corresponding power consumption also changes accordingly. This makes it possible to obtain specific key information in a microcontroller by analyzing and detecting these changes using a special electronic measuring instrument and mathematical statistical methods.

as for the RF Programmer can directly read the old model of the encryption MCU in the program, is to use this principle.

Fault generation Technology

The technique uses unusual operating conditions to make a processor error, and then provides additional access for the attack. The most widely used fault-generating attacks include voltage shocks and clock shocks. Low-voltage and high-voltage attacks can be used to disable protection circuitry or to force the processor to perform faulty operations. A clock transient transition may reset the protection circuitry without damaging the protected information. Power and clock transient jumps can affect the decoding and execution of a single instruction in some processors.

Probe technology

The technology is to directly expose the internal wiring of the chip, and then observe, manipulate, and interfere with the microcontroller to achieve the purpose of attack.

for convenience, the four attacks are divided into two categories, one of which is intrusive (physical), which requires damage to the package, and then the use of semiconductor test equipment, microscopes, and micro-locators, which can take hours or even weeks to complete in a dedicated laboratory. All micro-probe technologies are invasive attacks. The other three methods are non-invasive attacks, the attack of the microcontroller will not be physically damaged. In some cases non-invasive attacks are particularly risky because the devices required for non-invasive attacks are usually self-made and upgradeable, and are therefore very inexpensive.

Most non-intrusive attacks require an attacker with good processor knowledge and software knowledge. In contrast, intrusive probe attacks do not require much initial knowledge and often use a set of similar techniques to deal with a wide range of products. As a result, attacks on microcontroller often begin with intrusive reverse engineering, and the accumulated experience helps develop more inexpensive and fast non-intrusive attack techniques.

Chip decryption Process:

The first step in an intrusive attack is to remove the chip package ("open lid" sometimes called "Kaifeng", English as "decap",decapsulation). There are two ways to do this: the first is to completely dissolve the chip package, exposing the metal connection. The second is to remove only the plastic package that is above the silicon core. The first method requires the chip to be tied to the test fixture and operated by a binding table. The second method, in addition to the need to have the attacker a certain knowledge and necessary skills, but also need personal wisdom and patience, but the operation is relatively convenient, complete family operation.

The plastic on the chip can be opened with a knife, the epoxy resin around the chip can be corroded with concentrated nitric acid. The hot concentrated nitric acid dissolves the chip package without affecting the chip and wiring. This process is generally performed under very dry conditions, as the presence of water may erode the exposed aluminum wire connection (which could result in decryption failure).

The chip is then cleaned with acetone in the ultrasonic bath to remove the residual nitric acid and soak.

& nbsp;      ~

for the single-chip microcomputer that uses the protective layer to protect the EEPROM Unit, it is not feasible to use the ultraviolet recovery protection circuit. For this type of microcontroller, micro-probe technology is generally used to read the memory content. After the chip package is opened, it is easy to locate the data bus from memory to other parts of the circuit by placing the chip under a microscope. For some reason, chip lock positioning does not lock access to the memory in programming mode. With this flaw, the probe is placed on top of the data line to read all the desired data. In programming mode, you can read all the information in the program and data memory by restarting the read process and connecting the probe to another data line.

      Another possible attack is to look for protective fuses using devices such as microscopes and laser cutters to tracing all signal lines associated with this part of the circuit. As a result of a defective design, it is only necessary to cut a signal line from the protection fuse to another circuit (or to cut out the entire encryption circuit) or connect1~3The root Gold line (usually calledFIB:focused ion beam), the entire protection function can be banned, so that the contents of the program memory can be read directly using a simple programmer.

Although most ordinary single-chip microcomputer has the function of fuse-burning to protect the internal code, but because the general-purpose low-end MCU is not located in the production of security products, they often do not provide targeted preventive measures and low security level. Coupled with a wide range of single-chip applications, sales, manufacturers commissioned processing and transfer of technology frequently, a large number of technical data, making use of the design of such chips and manufacturers of testing interfaces, and by modifying the fuse protection level and other intrusive attacks or non-invasive attack methods to read the internal procedures of the microcontroller has become easier.


What is chip decryption? What is IC decryption? What is a single-chip microcomputer decryption?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.