What is microcontroller decryption?
A microcontroller (MCU) generally has an internal program area and data area (or one of them) for users to store programs and working data (or one of them). To prevent unauthorized access or copying of the internal programs of the microcontroller, most microcontrollers come with encryption lock positions or encrypted bytes to protect the internal programs.
If during programming theencryption lock position is enabled (locked), it cannot be directly read out from the microcontroller with a regular programmer, this is calledmicrocontroller encryption.(BugPS: Microcontroller programs are generally stored in Flash, and most devices that can read or recognize data on Flash can obtain the firmware file, thus providing opportunities for product duplication)
Microcontroller attackers use specialized or homemade devices, exploiting design vulnerabilities or software defects in the microcontroller chip, through various technical means, to extract key information from the chip, obtaining the internal program of the microcontroller, this is calledmicrocontroller decryption.
Microcontroller decryption is also called microcontroller cracking, chip decryption, IC decryption, but strictly speaking, these terms are not scientific, but have become habitual names. We habitually refer to CPLD decryption, DSP decryption as microcontroller decryption. The microcontroller is justone class of program-loading chips.
Chips that can be programmed and encrypted include DSP, CPLD, PLD, AVR, ARM, etc. Of course, memory chips with storage functions can also be encrypted, such as DS2401 DS2501 AT88S0104 DM2602 AT88SC0104D, etc. Among them, there are also chips specifically designed with encryption algorithms for professional encryption or design verification manufacturer code work, such chips can achieve the goal of preventing the duplication of electronic products.
Microcontroller Decryption Methods
2.1 Software Attack
This technique usually uses the processor communication interface and exploits protocol, encryption algorithms, or security vulnerabilities in these algorithms to perform attacks.
For example, a typical case is the attack on early XXX series microcontrollers. The attacker exploited a timing design flaw in the erase operation of that series of microcontrollers, using a self-written program to stop the next step of erasing the program memory data after erasing the encryption lock position, thus turning an encrypted microcontroller into an unencrypted one, then using a programmer to read out the internal program.
Currently, based on other encryption methods, some devices can be researched, combined with specific software, to perform software decryption.
Another example is using certain programmers to locate and insert bytes, finding whether there are continuous empty spaces in the chip, meaning finding continuous FF FF bytes in the chip, the inserted bytes can execute instructions to send the internal program to the outside, and then use decryption devices to intercept, thus completing the decryption of the internal program.
2.2 Electronic Detection Attack
This technique usually monitors all power and interface connections’ analog characteristics of the processor during normal operation with high time resolution and implements attacks by monitoring its electromagnetic radiation characteristics.
Because the microcontroller is an active electronic device, when it executes different instructions, the corresponding power consumption changes accordingly. By using special electronic measuring instruments and mathematical statistical methods to analyze and detect these changes, specific key information in the microcontroller can be obtained.
2.3 Fault Injection Technique
This technique usesabnormal operating conditions to cause the processor to malfunction, then provides additional access to perform attacks. The most widely used fault injection attack methods includevoltage spikes and clock spikes.
Low voltage and high voltage attacks can be used to disable protection circuits or force the processor to execute erroneous operations. Clock transient jumps may reset protection circuits without damaging protected information. Power and clock transient jumps can affect the decoding and execution of a single instruction in certain processors.
(BugPS: This method causes the microcontroller to run abnormally, thus putting the microcontroller in an unprotected state)
2.4 Probe Technology
This technique directly exposes the chip’s internal connections, then observes, manipulates, and interferes with the microcontroller to achieve attack purposes.(BugPS: The chip’s internal connections are fully exposed, and the chip is shaking with fear!)
Classification of Microcontroller Decryption
For convenience, people divide the above four attack techniques into two categories, one is invasive attacks (physical attacks), which require destroying the packaging, then using semiconductor testing equipment, microscopes, and micro-positioners, spending hours or even weeks in specialized laboratories to complete.
All micro-probe techniques belong to invasive attacks. The other three methods belong to non-invasive attacks, where the attacked microcontroller is not physically damaged. In some cases, non-invasive attacks are particularly dangerous because the equipment required for non-invasive attacks can usually be homemade and upgraded, thus very cheap.
Most non-invasive attacks require the attacker to have good knowledge of processors and software. In contrast, invasive probe attacks do not require much initial knowledge and can usually be countered with a whole set of similar techniques against a wide range of products.
Therefore, attacks on microcontrollers often start with invasive reverse engineering, and the accumulated experience helps develop cheaper and faster non-invasive attack techniques.
Invasive Decryption Process
The first step of invasive attacks is to remove the chip packaging (referred to as “decap,” sometimes called “opening,” in English). There are two methods to achieve this.
The first method is to completely dissolve the chip packaging, exposing the metal connections.
The second method is to only remove the plastic packaging above the silicon core.
The first method requires binding the chip to a test fixture and operating with a binding station. The second method requires the attacker to have certain knowledge and necessary skills, as well as personal intelligence and patience, but it is relatively convenient to operate, completely in the laboratory.
The plastic on the chip can be peeled off with a small knife, and the epoxy resin around the chip can be corroded with concentrated nitric acid. Hot concentrated nitric acid will dissolve the chip packaging without affecting the chip and connections. This process is generally carried out under very dry conditions, as the presence of water may corrode the exposed aluminum wire connections (which may cause decryption failure).
Then, the chip is cleaned with acetone in an ultrasonic bath to remove residual nitric acid and soaked.
The last step is to find the location of the protection fuse and expose it to ultraviolet light. Generally, a microscope with a magnification of at least 100 times is used to trace the connection from the programming voltage input pin to find the protection fuse. If there is no microscope, a simple search can be conducted by exposing different parts of the chip to ultraviolet light and observing the results.
During operation, an opaque object should cover the chip to protect the program memory from being erased by ultraviolet light. Exposing the protection fuse to ultraviolet light for 5 to 10 minutes can destroy the protective function of the protection bit, after which a simple programmer can directly read the contents of the program memory.
For microcontrollers that use protective layers to protect EEPROM cells, it is not feasible to use ultraviolet light to reset the protection circuit. For this type of microcontroller, it is generally necessary to usemicro-probe technology to read the memory content. After opening the chip packaging, placing the chip under a microscope can easily findthe data bus connecting the memory to other parts of the circuit.
For some reason, the chip lock bit does not lock access to the memory in programming mode. Exploiting this flaw, placing probes on the data lines can read all desired data. In programming mode, restarting the read process and connecting probes to other data lines can read all information in the program and data memory.
Another possible attack method is to use devices such as microscopes and laser cutters to locate the protection fuse, thus tracing all signal lines associated with that part of the circuit.
Due to design flaws, as long as one signal line (or the entire encryption circuit) is cut from the protection fuse to other circuits or 1 to 3 gold wires are connected(usually called FIB: focused ion beam), the entire protection function can be disabled, allowing a simple programmer to directly read the contents of the program memory.
Although most ordinary microcontrollers have the function of burning fuses to protect the code within the microcontroller, since general low-end microcontrollers are not aimed at making security products, they often do not provide targeted preventive measures andhave low security levels.
Moreover, microcontrollers are widely used, sold in large quantities, and manufacturers frequently outsourceprocessing and technology transfer,massive technical data leaks, making it relatively easy to read the internal programs of the microcontroller using design vulnerabilities and manufacturer’s test interfaces through invasive or non-invasive attack methods by modifying fuse protection bits.
Microcontroller Decryption Suggestions
Theoretically, any microcontroller can be decrypted by an attacker using the above methods with sufficient investment and time.This is a fundamental principle that system designers should always keep in mind.
Therefore, as electronic product design engineers, it is very necessary to understand the latest technologies of current microcontroller attacks, to know oneself and the enemy, so as to effectively prevent the occurrence of products that they have painstakingly designed from being counterfeited overnight.(The following suggestions are based on the decryption practices of Husheng Electronics):
(1) Before selecting an encrypted chip, conduct thorough research to understand the latest developments in microcontroller cracking technology, including which microcontrollers have been confirmed to be crackable. Try to avoid using chips that are already crackable or of the same series or model, opting for new processes, new structures, and microcontrollers that have been on the market for a short time.
(2) For projects with high security requirements,try not to use the most widely used chips that have been most thoroughly studied.
(3) The original creators of products generally have large production volumes, sothey can choose relatively obscure and niche microcontrollers to increase the difficulty for counterfeiters to procure them, opting for some rare microcontrollers.
(4) If the design cost allows, choose smart card chips withhardware self-destruction functions to effectively counter physical attacks; additionally, during program design,add a time-out function, for example, after one year of use, automatically stop all functions, which will increase the cost for the cracker.
(5) If conditions permit,use two different model microcontrollers as backups to mutually verify, thus increasing the cost of cracking.
(6) Grind off the chip model and other information or reprint other models to confuse the issue.
(7) You can use unexposed and unused flag bits or units in the microcontroller as software flag bits.
(8) You should write your name, unit, development time, and the statement of legal consequences for imitation in the program area to obtain legal protection; additionally, when writing your name, it can be random, meaning that different conditions externally can lead to different names, such as www.XXXXX.com, www.XXXXX.cn, www.XXXXX.com.cn, etc., making it more difficult to disassemble and modify.
(9) Use high-end programmers toburn off some internal pins, and homemade devices can be used to burn gold wires, which currently cannot be decrypted in China, and even if decrypted, it requires tens of thousands of fees and multiple mother chips.
(10) Use confidential silicone (epoxy resin encapsulation) to seal the entire circuit board, adding some useless pads on the PCB, and mixing some useless components in the silicone, while trying to erase the model numbers of electronic components around the MCU.
(11) You can use programmers to change FF in the blank areas to 00, which meansfilling all unused spaces, so that general decryptors cannot find empty spaces in the chip, thus unable to perform subsequent decryption operations.
Of course, fundamentally preventing microcontrollers from being decrypted is impossible, as encryption technology continues to evolve, and decryption technology also continues to develop. Now, regardless of which microcontroller, as long as someone is willing to spend money to do it, it can basically be done, but the cost and time required vary. Programmers can also protect their developments through legal means (such as patents).
Source: http://www.husoon.com/, organized by:The Last Bug
Previous Good Articles Collection
Finally
