Site icon Break IC, Recover MCU, Microcontroller Reverse Engineering

Copy MCU Firmware

Copy MCU Firmware in the format of binary or heximal, and copy the code to new Microcontroller, the status of Microprocessor will be reset to unlocked one;

Most MCU microcontrollers on the market have a security fuse (or multiple fuses) that control access to the information stored in on-chip memory. These fuses could be implemented in software or in hardware.

Software implementation means that a password is stored in the memory or a certain memory location is assigned as a security fuse. For example, in the Motorola MC68HC908 family, password protection is used, and in the Motorola MC68HC705B family, the security fuse is located in the first byte of the data EEPROM memory.

Both variants have relatively high security, because it is extremely difficult to find the physical location of the fuse or password and reset them. At the same time, people want to copy IC program can try using glitch to override the security check subroutine, or use power analysis to see whether a password guess is correct or not.

In hardware implementation, security fuses are physically located on the chip die. This could mean a separate memory cell located next to the main memory array, or even far from it. For example, this is the case for all Microchip PIC MCU and Atmel AVR MCU. In both cases, the security is not very high as the fuses can be easily found and disabled by one or another method. Meantime, some methods require very expensive equipment and even if the people who want to break MCU processor knows where the fuse is, he will not be able to reset it until he gets access to such equipment and learns how to use it.

Copy MCU Firmware in the format of binary or heximal, and copy the code to new Microcontroller, the status of Microprocessor will be reset to unlocked one
Exit mobile version