Discover IC Flash content from embedded flash memory of Microcontroller, disable the security fuse bit by crack MCU with focus ion beam technique;
One example of a simple non-invasive chip firmware discovery could be cloning a device based on SRAM FPGA as it is configured at a power-up. The ic attacker could easily connect to the JTAG interface wires used for configuring the chip and, with either an oscilloscope or a logic analyser, grab all the signals. Then he can thoroughly analyse the waveforms and replay the commands in his own design.
He could also slightly change the bitstream to disguise the fact of cloning as usually only half of the FPGA resources are used, leaving a room to fiddle with the configuration without harming device operation. Also the JTAG interface itself gives some freedom in the sequence of the signals being applied so that the waveforms used to configure the pirate copy will look different from the original. In addition, the ic breaker could mix the row addresses during the upload, giving the impression of a completely different design.