Recover MCU
Recover MCU can have a great variety of methods, one of them is GLITCH MCU Attack. It is a way which will swiftly change the signals input into the MCU to affect its normal operation. Generally speaking the glitching is overlapped on the power supply or timing clock, but the glitching can also be the transient electrical field or electro-magnetic impulse. Place two minor metal needles on the several hundreds of microns away from the surface of MCU, and then add hundreds of voltage with narrow impulse with less than 1 micro-second. The safer bottom can sense the electrical field and force the adjacent transistors voltage value change.
There is one way in recent days about advanced MCU code recovering: use hundreds of metal coils to roll the needle tips of microprobe and constitute a minor inductor. When the current go through the coil will generate magnetic field, tips can focus the magnetic lead. Each one of the transistors can form the time extensive RC circuit with the tracks they are connect with MCU crack firmware . The maximum timing frequency of processor depends on the maximum delay on the circuit.
At the same time, each trigger has a featured time windows among the received input voltage and output voltage caused by it. This windows used for MCU content recovery is designed and confirmed by the specific voltage and temperature. If use clock noise (which is much shorter than the normal impulse) or power supply noise (the swift wave vibration in the power supply voltage) will affect the transistors in the chip recovery. And will contribute directly to lead other one or several triggers into the wrong instructions, sometimes even can’t be supported by microcode. Although we can’t foresee what kind of noise will probably cause which mistake, but it can proceed the systematic search simply.