Thermocouple Wire,Compensation Wire,Thermocouple Compensation Wire,Temperature Compensation Wire JIANGSU PENGSHEN HIGH TEMPERATURE WIRE CABLE CO., LTD. , https://www.pengshencable.com
MCU's anti-cracking technology is explained in detail!
To crack an MCU, no one in the school would openly admit it, and many teachers might not either. Why would someone want to crack it? For fun? For learning? To make money? It might seem dull. In any case, understanding MCU anti-tamper technologies is as important as knowing how your home's locks work.
Although this article comes from an older post, its content remains relevant. Here’s the beginning of the discussion.
The development of hardware security measures for microcontrollers started alongside embedded systems. Back in the 1980s, systems were built using separate components like the CPU, ROM, RAM, I/O buffers, serial ports, and other communication interfaces. At that time, there were few legal or economic barriers to replicating these devices. For example, ROMs were manufactured using low-cost masking techniques and could be easily copied with EPROMs, which were typically 3-10 times more expensive. Custom mask ROMs required long lead times and significant investment. Another common approach was the use of simple ASICs in gaming machines, which replaced dozens of logic chips, reduced costs, and made replication harder. However, ASICs weren’t truly secure—using an oscilloscope or testing all possible pin combinations could reveal their function in just a few hours.
Since the late 1970s, microcontrollers emerged as a powerful alternative to traditional CPU-based control boards. They included internal memory, general-purpose I/O interfaces, and some level of protection against unauthorized access. Unfortunately, early MCUs lacked non-volatile storage, so critical data had to be stored on external chips, making it easy to read. Some cheap USB dongles also used this method for software protection.
Figure 1: Aladdin HASP4 USB Dog
The next step was integrating EEPROM chips inside the same package as the MCU. Cracking these chips wasn't easy. A professional approach involved opening the package and using a microprobe to extract data, or re-soldering the chip into a new package. These methods were beyond the reach of casual crackers, who might attempt to use homemade microprobes or exploit software vulnerabilities.
Figure 2: PIC12CE518 microcontroller with open package showing non-volatile data memory and MCU sealed together.
Figure 3: SEM image of a 32-bit MCU with open package.
Some MCUs never had dedicated hardware security. Their protection relied on obscure programming algorithms. These might include features like a disguised readback function or a checksum. While these can offer some level of protection, they are generally weak. In smart cards, however, proper implementation of check functions can provide strong security.
The next step in enhancing security was adding hardware fuses (security fuses) to prevent access to internal data. This was relatively easy to implement without redesigning the entire MCU architecture. However, fuses were often easy to locate and tamper with. For instance, connecting the fuse output directly to power or ground could alter its state. In some cases, a laser or focused ion beam could cut the fuse's sensing circuit. Non-invasive attacks were still possible.
Because fuse layouts differed from normal memory arrays, external signals could be combined to mislead the fuse location, allowing access to internal chip data. Semi-invasive attacks allowed crackers to quickly succeed by opening the chip's package. A well-known method involved using ultraviolet light to erase the safety fuse.
Figure 4: Safety fuses of the PIC12C508 microcontroller located outside the program memory array.
Next, safety fuses were integrated into the memory array. If a fuse was set, external read/write operations were disabled. These fuses were often close to the main memory or shared control lines. Since they were fabricated using the same process as the main memory, they were hard to locate and reset. Non-invasive attacks remained possible but took longer to find them. Similarly, semi-invasive attacks were still feasible, though requiring more time to identify the fuse area.
Figure 5: MC68HC705C9A microcontroller showing the safety fuse as part of the memory read/write control logic under a 200x microscope.
Further enhancements included using a portion of the main memory to control external access. This could lock specific memory areas at power-on, acting as a safety fuse. Alternatively, a password could control access. For example, the MSP430F112 requires a 32-byte password for readback. If the password isn’t entered, the chip must be erased first. Although this method appears more secure, it can still be exploited through low-cost non-invasive attacks like timing or power analysis.
Figure 6: PIC16F648A pseudo-top metal layer pattern makes micro-detection attacks more difficult at 200x magnification.
Other protective measures include top-level metal grids to monitor shorts and opens. Once triggered, they can cause a memory reset or clear. Ordinary MCUs rarely use this due to design complexity and potential false triggers from environmental factors. Some cheaper alternatives, like pseudo-top metal meshes, can still be analyzed optically for micro-detection attacks. These grids don’t protect against non-invasive attacks, but semi-invasive attacks remain possible due to capacitance between wires and light reaching the active circuit area.
Programmable smart card manufacturers go further by disabling standard programming interfaces. Instead, the startup module erases or masks itself after code is loaded. These cards can only be programmed once during initialization and respond to data or programs stored on the card based on user software.
Figure 7: Sensitive grid of the metal layer on the surface of the ST16 series smart card chip.
Some recent smart cards use memory bus encryption (Bus encryption) to prevent micro-detection attacks. Even if data is intercepted, sensitive information like passwords remains hidden. This protects against intrusive and semi-intrusive attacks, although non-invasive attacks can still access unencrypted data. A few years ago, it was discovered that cracking encrypted information was becoming more affordable.
Figure 8: Hardware bus coding module on the SLE66 series of smart card chips under a 100x microscope to protect memory from micro-detection attacks.
Other improvements include modular structures like decoders, register files, ALUs, and I/O circuits designed with similar ASIC logic. These are called Glue Logic and are widely used in smart cards. Hybrid logic makes it nearly impossible to physically attack a card by manually tracing signals or nodes. This technology improves both performance and security. For example, the SX28 microcontroller is compatible with the PIC16C57 core but uses hybrid logic, flash memory, and large-capacity RAM for better performance. While PIC microcontrollers allow easy tracking of memory-to-CPU data buses, SX microcontrollers make it almost impossible to determine the physical location of the bus. Reverse engineering and micro-detection attacks become very challenging and time-consuming.
Figure 9: The SX28 microcontroller introduces a hybrid logic design that improves performance and security.
More commonly, chips are composed of different modules, each using a hybrid logic design. For example, the CY7C63001A microcontroller. In such cases, crackers may attempt to trace the bus and control lines between modules, performing intrusive and semi-intrusive attacks. Hybrid logic doesn’t prevent non-invasive attacks, but it requires faster and more expensive equipment. Semi-intrusive attacks face challenges with pseudo-designed modules. Crackers can automate exhaustive searches, but the results may take a long time and often fail. Alternatively, they can target the memory device or its control circuit.
Figure 10: The CY7C63001A microcontroller uses a partially hybrid logic design, but the internal bus is easily accessible.
Advances in technology have increased the cost of intrusion attacks. Ten years ago, it was easy to read and write any point on a chip’s surface using a laser cutter and a simple probe station. However, modern deep sub-micron semiconductor chips require unusual and expensive technology, which is difficult for many potential crackers. If the PIC16F877 is easily viewed under a microscope and reverse-engineered, the second layer of metal and polysilicon hidden beneath the top metal is still visible. But the PIC16F887A microcontroller uses a planarization process that hides deeper layers. The only way is to remove the top metal using physical or chemical means.
Figure 11: Second layer of metal and polysilicon seen through the top layer of PIC16F877 under a 500x microscope.
Figure 12: Under a 500x microscope, nothing special is visible under the top metal of PIC16F877A.
Security Protection Types
Write, verify, read, and erase operations on on-chip memory are performed through the programming interface, which can be implemented via hardware (JTAG) or software (bootloader). In terms of hardware interfaces, security protection usually involves secure fuses that control the interface’s operation, such as preventing memory data from being sent to the output buffer. As for software interfaces, password protection is typically used, but the software often checks the status of a hardware security fuse. Some microcontrollers use both methods: the software loads the module control system programming, while the fast hardware interface is used for mass production programming. Each has its advantages and disadvantages. Software offers better flexibility and programming control but may leak information through time delays and power consumption. Hardware executes faster, is less susceptible to noise attacks, and does not leak information through power consumption. Both consume similar silicon resources, which is almost negligible compared to larger components like program memory, processors, and analog interfaces. Manufacturers can place two or more programming interfaces on the same chip. For online serial programming via an asynchronous interface, standard parallel programming, and software startup modules, programming is done via an asynchronous interface.
Some manufacturers deliberately do not provide programming specifications for their microcontrollers. This doesn’t offer strong protection but increases the cost of cracking slightly. This information can be obtained by programming the chip on a development board or a general-purpose programmer.
Obviously, for the highest level of security, the system should have no programming interface and should not allow reading or writing to stored data. This is typically used for mask ROM microcontrollers and smart cards. For this protection, the practical solution is to use a microprobe to contact the data bus to recover information or use power analysis and noise attacks to exploit software flaws. When the microcontroller is programmed but provides no return information, only checksum write checks, which can offer a relatively high level of security. Of course, this needs to be fully executed to prevent the cracker from forcing the system to check only one byte at a time.
Most modern microcontrollers have one or more safety fuses to control the reading and writing of on-chip memory. These fuses can be implemented in software or hardware. The software approach stores the password in memory or as a secure fuse at a specific memory location. For example, the MC68HC908 series uses password protection.
The fuse of the MC68HC705B family is located in the first byte of the data EEPROM memory. Both methods are more secure because it’s difficult to physically locate the fuses and passwords and reset them. At the same time, crackers will try to use noise attacks to bypass the security check or use power analysis to determine if the guessed password is correct.
In terms of hardware implementation, the safety fuse is physically located on the chip. This can be a separate unit on the side of the main memory array or even further. This is true for all PIC and AVR microcontrollers. The safety performance of these fuses is not high, and the fuse is easily found and shielded.
Safety fuses provide better protection in main memory, making it difficult to locate and shield them. Main memory and fuses can be connected via a bit line, as in the Z86E33 microcontroller, or via a word line, as in the ST62T60. Interestingly, the MC68HC705C9A uses a variety of security measures. The fuse unit is placed between the main memory units and uses bit lines in combination. If the fuse is erased by UV light, the main memory will also be erased. Reverse engineering the memory and distinguishing between memory and fuse sections becomes challenging. However, semi-invasive attacks work well because the fuses have separate control circuitry that can be cracked without affecting the main memory.
Figure 13: Fuse of the Z86E33 microcontroller placed next to the main memory along the bit line under a 200x microscope.
Figure 14: Fuse of the ST62T60 microcontroller placed next to the word line next to the main memory under a 200x microscope.
A new development in hardware security is embedding the fuse area within the main memory array, sharing control or data lines, which enhances security. The fuse becomes part of the memory, making it difficult to locate. A certain part of the memory can be used as a safety fuse to achieve higher security. In this case, it's extremely difficult to find the location and reset the fuse without disturbing the contents of other parts of the memory. This doesn't mean other cracking methods won't work, but it reduces the chances of success.
Safety fuses can be monitored in various ways. The easiest is checking the fuse state during power-up, reset, or when entering programming mode. Using power supply noise or laser pulses, the fuse state can be changed quickly. Storing the fuse state in a flip-flop or register is not ideal because the state can be altered by a defect injection attack.