"Deciphering the MCU" legend!

bigbat

"Deciphering the MCU" legend! [Copy link]

It seems that there is no such encryption solution that can be solved once and for all. I will talk about the cracking incidents I know about. Although most of them are hearsay, I guess the credibility is still quite high. As early as 2006, there was a rumor that someone in a research institute decrypted a Japanese PLC. I heard that the PLC was made of MCU. Because the early MCU did not have built-in flash, the program was placed in an external EPROM, so the program was easily decrypted. A friend of mine worked there, so there was this rumor.
Another thing is that according to a friend in the electronics market, a buddy who was doing development was cheated by a fool in the market. I have seen this fool before, so the credibility is relatively high. It is said that the fool asked the buddy to develop a set of "meter counter" equipment for textile machines. The fool took the prototype and paid some material fees, and then said a lot of "not" about the prototype. In the end, of course, it was returned, and then the developer saw a replica of the prototype he developed in the market. Since then, I have paid attention to various anti-cracking solutions.

The early 8051 was mainly done by "discarding" the burned pins, but I heard that people in Guangdong can "cut the chip" to "manually" weld wires to the flash area from the inside of the chip to read the "program". So far, most MCUs or "legendary encryption chips" on the market can be "melted"! The principle seems to be because the manufacturing process of the logic part and the flash part is different. As long as the chip is opened and connected with a chip packaging welder, the program can be read. It's just that the manual fee is a little higher, it is said to be less than 20,000 yuan. It
is even said that through the single-chip microcomputer with MCU design defects, it can be "waited for delivery". The price is several thousand yuan. It is said that among them is the king of domestic 8051 chips that is said to be unbreakable.
Later, it was said that someone used battery power to save data in RAM, and stopped playing as long as the power was off, etc. But sometimes these methods are limited, and the user maintenance cost is very high, and many cannot be used!
At present, the more reliable one is that each MCU is designed with a unique "UID" at the factory, and it is said that the effect is good. But I also heard that: because most of the current chips are RISC, the instruction set is very regular, so the similarity between C language and assembly language is quite high, and it is easy to decompile into human-readable code. So you can "jump over" it through debugging. So it is not very safe.
Some people may say that you can only slice familiar chips, and you can't do anything about unfamiliar chips, right? It seems to make sense, but I heard that the flash process is from SST, so the process structure is the same, and the structural characteristics are very obvious. As long as you have seen a few typical chips, you can infer which area is flash. And the structure is exactly the same, even the wiring position is the same. I heard this from a colleague who was engaged in chip design in 2009. He did these hard work himself, and he mainly did it to fix chip bugs! You can't say that the flash process is our own! Our own! If you have this ability, you will directly charge licensing fees. What kind of chips are you doing?

bigbat

I say this because there are always some "great gods" on the forum who pretend to be mysterious. I am not as "friendly" as @maychang! I am not against your recommendation of chips, but your practice of pretending to be mysterious. Talk about your technical advantages and make a serious recommendation so that everyone can see clearly!

These are a few pictures I borrowed.

btty038

That is to say, as long as it is a chip, there are ways to crack the NB

badboyhzg

What do you want to say above? Can you break it?