Schluessel

Read out chips

Bild Labor2

Reading chip data requires different and complex procedures when lock bits are present. LockBits are used to encrypt chips so that the data cannot be read fr

om the chip. There are different encryption options. This depends on the respective chip model. Precise knowledge of the internal architecture of the respective chip as well as a high level of specialist knowledge and many years of experience are the basis for being able to carry out this work correctly and safely.

Our team has access to experienced engineers, some of whom have been specializing in this work since 2005.

Depending on the version, "relatively" simple measures are sometimes sufficient to be able to read the chip, but this often requires extremely complex 3D work processes.

We can use the type designation of the microprocessor or memory to decide in advance whether we can read the chip or not. A physical check of the chip is not necessary in advance.

 

How do we read data from lockbit protected ICs?

Option 1

There are chips that we can actually read from the outside via the pins. This tends to work at older versions. At that timeBild Labor, the chip designers did not focus too much on the security of the readout. There are some vulnerabilities in the area of >operation timing design< that we can use to circumvent the encryption of the chip with special software.

Option 2

Some chips with more complex protection can be read using a different method, also externally via the pins. Here the procedure is much more difficult.

We put the processor in different, precisely defined stress situations.

With a special combination of overvoltage and clock frequency attacks simultaneously on several specific pins in different variants, it is possible to force a precisely defined malfunction of the processor at these chip versions. Clock jumps generated in this situation can override the encryption function without destroying the chip data.

Option 3

As chip development progresses, it becomes more and more difficult to access the chip data through external measures, since the chip designers have taken on the issue and are trying to encrypt the chips particularly securely.

This is where direct mmechanical access to the internal chip design comes in handy.

For this purpose, the chip structure is physically probed, for which purpose the chip housing usually has to be opened.

In principle, a distinction must be made here as to whether the readout lock was installed on the hardware or software side.

A physical read lock can be erased with selective UV radiation. However, this does not work for microcontrollers. Here a microprobe must be applied to the data bus under very high microscopic magnification. The controller then restarts the reading process in programming mode via additional connections. Another connection then allows all data to be read from the program and data memory

Copyright

Reading out program codes is not prohibited within the framework of legal regulations. However, when using the program codes further, please note that copyright regulations may have to be observed in individual countries. We cannot be held responsible for any illegal use of the codes we extract.

NovaTronex

Bergstr. 1
D-69469 Weinheim
Germany

Contact

Phone: +49(0)6201 3790 283
E-Mail: info@chip-explorer.de
Fax: +49(0)3222 156 4898

Privacy ProtectionCompany details


Copyright © 2008 - 2022 NovaTronex
All rights reserved