Posts Tagged ‘sram firmware recovery’
Recover MCU IC Firmware
Recover MCU IC firmware can be reversible when the device can be put back into the initial state, or irreversible with permanent changes done to the device. For example, power analysis and microprobing could make ic firmware recovery a result without harming the device itself.
Certainly microprobing will leave tamper evidence but usually that does not affect further device operation. On the contrary, fault injection and UV light MCU code reading could very likely put the device into the state where the internal registers or memory contents are changed and cannot be recovered.
In addition, UV light microcontroller unlocking leave tamper evidence as they require direct access to the chip surface.
The first operation which is crucial for any invasive or semi-invasive attack is decapsulation of the chip sample to get access to the die surface. There are different techniques for doing this [66] and the most widely known and reliable method involves using hot fuming nitric acid to dissolve the plastic package material. A detailed explanation of this method is given in Chapter 5. Modern chips have multiple metal layers and in order to investigate and analyse the structure of the chip, the attacker must expose each layer, photograph it under a microscope and then combine all the photos together to get a complete picture. Then he could trace the signals from one transistor to another and simulate the whole chip. This process is called microcontroller reverse engineering and a basic overview of it is given in Chapter 5. For many years microprobing technology was used to observe the signals inside the chip during operation. This is a basic and simple way of extracting the information from semiconductor chips.