Reverse Engineering Winbond W78E354 Microcontroller
Through Power glitch method we can find an effective way to Reverse Engineering Winbond W78E354 Microcontroller and get its program and data from both eeprom and flash effortlessly, as a result of that, it is important to have some knowledge about the power management:
Idle Mode
The idle mode is entered by setting the IDL bit in the PCON register. In the idle mode, the internal clock to the processor is stopped. The peripherals and the interrupt logic continue to be clocked. The processor will exit idle mode when either an interrupt or a reset occurs.
Power-down Mode
When the PD bit in the PCON register is set, the processor enters the power-down mode. In this mode all of the clocks are stopped, including the oscillator. To exit from power-down mode is by a hardware reset or external interrupts INT0 to INT3 when enabled and set to level triggered.
Reduce EMI Emission
The W78E354 allows user to diminish the gain of on-chip oscillator amplifier by using programmer to clear the B7 bit of security register. Once B7 is set to 0, a half of gain will be decreased. Care must be taken if user attempts to diminish the gain of oscillator amplifier from Reverse Engineering Winbond W78E354 Microcontroller, reducing a half of gain may affect the external crystal operating improperly at high frequency above 24 MHz. The value of R and C1,C2 may need some adjustment while running at lower gain.
Reset
The external RESET signal is sampled at S5P2. To take effect, it must be held high for at least two machine cycles while the oscillator is running. An internal trigger circuit in the reset line is used to deglitch the reset line when the W78E62B is used with an external RC network.
The reset logic also has a special glitch removal circuit that ignores glitches on the reset line. During reset, the ports are initialized to FFH, the stack pointer to 07H, PCON (with the exception of bit 4) to 00H, and all of the other SFR registers except SBUF to 00H. SBUF is not reset.