Posts Tagged ‘dsp program recovery’
Recover IC Program
Recover IC Program from secured MCU flash memory, the fuse bit of microcontroller will be cut by focus ion beam which one of the most commonly method for MCU crack and then copy code to new microprocesor;
Non-invasive ic attacks can be either passive or active. Passive ic cracks, also called side-channel IC code decoding, do not involve any interaction with the ic recover program device but, usually, observation of its signals and electromagnetic emissions. Examples of such mcu breaking are power analysis and timing attacks. Active ic cracks, like brute force and glitch attacks, involve playing with the signals applied to the device including the power supply line.
One example of a simple non-invasive recover ic program could be cloning a device based on SRAM FPGA as it is configured at a power-up. The ic program recover could easily connect to the JTAG interface wires used for configuring the chip and, with either an oscilloscope or a logic analyser, grab all the signals.
Then he can thoroughly analyse the waveforms and replay the commands in his own design. He could also slightly change the bitstream to disguise the fact of cloning as usually only half of the FPGA resources are used, leaving a room to fiddle with the configuration without harming device operation.
Also the JTAG interface itself gives some freedom in the sequence of the signals being applied so that the waveforms used to configure the pirate copy will look different from the original. In addition, the ic program recover could mix the row addresses during the upload, giving the impression of a completely different design.