Break IC secured memory and extract program from MCU flash memory and eeprom memory, unlock microcontroller needs to figure out its internal scheme in order to locate the security fuse bit;
Fault injection IC program breaks done in a semi-invasive manner which can be used to modify the contents of SRAM and change the state of any individual transistor inside the chip. That gives almost unlimited capabilities to the ic breaker in getting control over the chip operation and abusing the protection mechanism.
Compared to non-invasive ic attacks, semi-invasive ic cracks are harder to implement as they require decapsulation of the chip. However, very much less expensive equipment is needed than for invasive mcu cracks. These ic program breaks can be performed in a reasonably short period of time. Also they are scalable to a certain extent, and the skills and knowledge required to perform them can be easily and quickly acquired. Some of these ic attacks, such as an exhaustive search for a security fuse, can be automated. If compared to invasive mcu cracks, the semi-invasive kind do not normally require precise positioning for success because they are normally applied to a whole transistor or even a group of transistors rather than to a single wire inside the chip.