What is microcontroller decryption?
Microcontroller decryption is also called microcontroller decryption, chip decryption, IC decryption, but strictly speaking these names are not scientific, but it has become customary to call CPLD decryption, DSP decryption are used to be called microcontroller decryption. The microcontroller is only one of the classes that can load the program chip.
Microcontrollers (MCUs) generally have internal program and data areas (or one of them) for users to store their programs and work data (or one of them). To prevent unauthorized access or copying of the MCU’s internal program, most MCUs come with an encryption lock locator or encryption byte to protect the internal program.
If the encryption lock is enabled (locked) during programming, the program inside the microcontroller cannot be read directly with a normal programmer, which is called microcontroller encryption.
Microcontroller programs basically exist in Flash, and most of them can read or identify the data on Flash to be able to obtain Firmware files, thus giving the opportunity to copy the product.
Microcontroller attackers with the help of special equipment or homemade equipment, the use of microcontroller chip design vulnerabilities or software defects, through a variety of technical means, you can extract the key information from the chip, access to the program within the microcontroller this is called microcontroller decryption.
Other chips that can burn programs and encrypt are DSP, CPLD, PLD, AVR, ARM and so on.
Of course, memory chips with storage functions can also be encrypted, such as DS2401, DS2501, AT88S0104, DM2602, AT88SC0104D, etc. Among them, there are also chips specially designed with encryption algorithms for professional encryption or chips designed to verify the work of manufacturers’ codes, which can achieve the purpose of preventing electronic products from being copied.
Microcontroller decryption methods
Software attack
This technique usually uses the processor communication interface and exploits protocols, encryption algorithms or security vulnerabilities in these algorithms to carry out the attack. For example, a typical example is an attack on an early XXX series microcontroller. The attacker exploited a vulnerability in the design of the timing of the erase operation of this series of microcontrollers and used a self-programmed program to stop the next operation of erasing the on-chip program memory data after erasing the encryption lock position, thus turning the encrypted microcontroller into an unencrypted microcontroller and then using a programmer to read out the on-chip program.
At present, on the basis of other encryption methods, some devices can be researched to do software decryption with certain software.
For example, we can use some programmers to locate the inserted bytes, and find out whether there are consecutive empty bits in the chip through certain methods, that is to say, we can find the consecutive FF FF bytes in the chip, and the inserted bytes can execute the instruction to send the program inside the chip to the outside of the chip, and then use the decryption device to intercept, so that the program inside the chip will be decrypted and finished.
Electronic Detection Attack
This technique typically monitors the analog characteristics of all power supplies and interface connections during normal operation of the processor with high temporal resolution and implements the attack by monitoring its electromagnetic radiation characteristics.
Because the microcontroller is an active electronic device, when it executes different instructions, the corresponding power consumption of the power supply changes accordingly. In this way, specific critical information in the microcontroller can be obtained by analyzing and detecting these changes using special electronic measuring instruments and mathematical statistical methods.
Fault Generation Technique
This approach is to make the microcontroller operate abnormally so that the microcontroller is not protected.
The technique uses abnormal operating conditions to error the processor and then provides additional access for attack. The most widely used fault generation attacks include voltage shocks and clock shocks.
Low and high voltage attacks can be used to disable the protection circuitry or force the processor to perform an erroneous operation. Clock transient jumps may reset the protection circuitry without destroying the protected information. Power and clock transient jumps can affect the decoding and execution of a single instruction in some processors.
Probe Technology
This technique allows the inside of the chip to be fully exposed! Directly expose the internal connections of the chip and then observe, manipulate, and interfere with the microcontroller for attack purposes.
For convenience, one divides the above four attack techniques into two categories.
One category is intrusive physical attacks, which require disrupting the package and then spending hours or even weeks in a dedicated lab with the help of semiconductor test equipment, microscopes, and micro-locators to accomplish. All microprobe techniques fall under the category of invasive attacks.
The other category belongs to non-intrusive attacks, where the attacked microcontroller is not physically damaged. Non-intrusive attacks are particularly dangerous in some cases because the equipment required for non-intrusive attacks can often be home-made and upgraded, and therefore very inexpensive. Most non-intrusive attacks require the attacker to have good processor knowledge and software knowledge. In contrast, intrusive probing attacks do not require much initial knowledge, and a similar set of techniques is usually available for a wide range of products.
As a result, attacks on microcontrollers often start with invasive reverse engineering, and the experience gained helps to develop cheaper and faster non-intrusive attack techniques.
Intrusive Decryption Process
The first step in an intrusive attack is to remove the chip package (referred to as “open cover” or sometimes “open seal”, or “DECAP”, decapsulaTIon). There are two ways to achieve this goal.
The first is to completely dissolve the chip package, exposing the metal connections.
The second is to remove only the plastic package on top of the silicon core.
The first method requires the chip to be bound to a test fixture, which is operated with the help of a binding table. The second method requires personal intelligence and patience in addition to a certain knowledge and necessary skills of the attacker, but it is relatively easy to operate and is operated in a complete laboratory.
The plastic on top of the chip can be removed with a knife, and the epoxy resin around the chip can be corroded off with concentrated nitric acid. The hot concentrated nitric acid will dissolve the chip package without affecting the chip or the wire connections. This process is generally performed under very dry conditions, as the presence of water may erode the exposed aluminum wire connections, which may cause decryption failure. The chip is then cleaned first with acetone in an ultrasonic cell to remove residual nitric acid and soaked.
The final step is to find the location of the protective fuse and expose it to UV light. A microscope with a magnification of at least 100x is generally used to trace the wires from the programmed voltage input pin to find the protective fuse. If a microscope is not available, a simple search is performed by exposing different parts of the chip to UV light and observing the results.
An opaque object should be applied to cover the chip during operation to protect the program memory from being erased by UV light. Exposing the protection fuse to UV light for 5 to 10 minutes destroys the protection of the protection bit, after which the contents of the program memory can be read directly using a simple programmer.
For microcontrollers that use a protective layer to protect the EEPROM cell, it is not feasible to use a UV reset protection circuit. For this type of microcontroller, a microprobe technique is generally used to read the memory contents. After the chip package is opened, the data bus from the memory to the rest of the circuit can be easily found by placing the chip under a microscope.
For some reason, the chip lock bit does not lock access to the memory in programming mode. By taking advantage of this flaw and placing the probe on top of the data line, all the desired data can be read. In programming mode, restart the read process and connect the probe to another data line to read out all the information in the program and data memory.
Another possible means of attack is to find the protection fuse with the help of devices such as microscopes and laser cutters, thus seeking all signal lines connected to this part of the circuit.
Since the design is flawed, it is enough to cut one of the signal lines from the protection fuse to the rest of the circuit, or to cut off the entire encryption circuit. Or connect 1 to 3 gold wires, usually called FIB (focused ion beam), to disable the whole protection function. This allows the contents of the program memory to be read out directly using a simple programmer.
Although most common microcontrollers have the function of fuse burnout to protect the code inside the microcontroller, they often do not provide targeted precautions and have a low level of security because general-purpose, low-grade microcontrollers are not targeted at making security products.
Coupled with the wide range of applications of microcontrollers, large sales volume, frequent entrusted processing and technology transfer between manufacturers, a large number of technical information exfiltration, making it easier to read the internal programs of microcontrollers by using the design vulnerabilities of such chips and manufacturers’ test interfaces, and by modifying the fuse protection bit and other intrusive attacks or non-intrusive attacks.
A few suggestions to prevent microcontrollers from being decrypted
As an electronic product design engineer it is very necessary to understand the latest technology of current microcontroller attacks. Because any microcontroller can theoretically be decrypted by an attacker with enough investment and time to use the above methods! To avoid the theft of the fruits of hard work, the following recommendations are made.
Before selecting an encryption chip, do sufficient research to understand new advances in microcontroller cracking technology, including which microcontrollers are confirmed to be crackable. Try not to use the chip that can already be cracked or the same series and model choose a new process, new structure, shorter time to market microcontroller.
For projects with high security requirements, try not to use the most popular and most thoroughly researched chips.
The original of the product, generally has the characteristics of large production, so you can choose a relatively remote, cold microcontroller to increase the difficulty of the counterfeiters to purchase the choice of some remote microcontroller.
Under the condition that the design cost permits, the smart card chip with hardware self-destruction function should be selected to effectively deal with physical attacks; in addition, when the program is designed, the time to time function is added, such as using to 1 year, automatically stop all functions of operation, which will increase the cost of crackers.
If the conditions permit, two different models of microcontrollers can be used as a backup for each other, mutual verification, thereby increasing the cost of cracking.
Wear off the chip model and other information or reprint other models to fake.
You can use the undisclosed, unused flag bits or cells of the microcontroller as software flag bits.
You should write the copyright information in the program area for legal protection.
The use of high-grade programmer, burn off part of the internal pins, you can also use homemade equipment to burn off the gold line, this is currently almost impossible to decrypt in China, even if decrypted, it will require tens of thousands of dollars and requires multiple masters.
The use of confidential silica gel, such as epoxy potting adhesive, seal the entire circuit board, PCB more pads without use, in the silica gel can also be mixed with some components without use, while the circuit around the MCU electronic components to try to erase the model.
You can use the programmer to change the blank area from FF to 00, that is, to fill the unused space, so that the general decryptor will not be able to find the empty space in the chip, and will not be able to perform the decryption operation later.
Summary
Of course, to fundamentally prevent the microcontroller from being decrypted, that is impossible, encryption technology continues to develop, decryption technology also continues to develop, now no matter which microcontroller, as long as someone is willing to pay to do, basically can be done, but the cost and cycle length of the problem, the programmer can also protect their own development from the legal way, such as writing the relevant patents.
