MCU Code Reverse Engineering Roadmap
MCU Code Reverse Engineering is actually a process of reprogramming microcontroller in the reverse order, microcontroller will be reset by unlocking technique to ensure the heximal reading from flash memory;
Technological progress on its own is increasing the costs to MCU reverse engineering. Ten years ago it was possible to use a laser cutter and a simple probing station to get access to any point on the chip surface, but for modern deep submicron semiconductor chips very sophisticated and expensive technologies must be used.
That excludes most potential MCU code extraction. For example, the structure of the Microchip PIC16F877 microcontroller can be easily observed and reverse engineered under a microscope.
The second metal layer and polysilicon layer can still be seen even if buried under the top metal layer. This is possible because each subsequent layer in the fabrication process follows the shape of the previous layer. Under a microscope the observer sees not only the highest layer but also edges that reveal the structure of the deeper layers.
In 0.5 µm and smaller technologies, for example in the Microchip PIC16F877A microcontroller, each predecessor layer is planarised using chemical-mechanical planarisation (CMP) process before applying the next layer. As a result the top metal layer does not show the impact of the deeper layers. The only way to reveal the structure of the deeper layers is by removing the top metal layers either mechanically or chemically.
As can be seen from all the shown examples, hardware security in microcontrollers and smartcards is being constantly improved. Because the tools for mcu code reverse engineering are becoming more sophisticated, better and better security protection is required. Rapid co-evolution is driven by this continuous battle between mcu manufacturers and mcu code reverse engineer.
Another threat that must be considered is that a great deal of second-hand semiconductor manufacturing and testing equipment appears on the market. It cannot be used to reverse engineering high-end products, but should be enough to reverse engineering MCUs manufactured with older technology. For example, while 90 nm manufacturing technology is currently leading-edge, most microcontrollers are produced with 0.35 µm technology and smartcards with 0.25 µm technology.