A Brief Discussion on Reverse Analysis of Single Chip Microcomputer

There are mountains beyond mountains and heavens beyond heavens. Learning is endless, and this is especially true for product development and technology. No individual or company can develop good products behind closed doors. It is necessary to constantly learn from others' advanced things and learn from each other's strengths to make up for one's weaknesses. Only in this way can mankind continue to progress and society continue to develop. In today's society, the commodity economy environment has long become the mainstream, and learning and innovation capabilities have become increasingly important. Without learning, there can be no innovation.
To learn and learn advanced technology, for embedded products, you need to understand the hardware principles, and you only need a circuit board, which is also easy to obtain. You can just buy a device. For embedded software, the best thing is to get the source code. The source code is the lifeblood of the company, and it is impossible for outsiders to obtain it. Unless you steal it, it is illegal and immoral, so you can't do it. Is there no other way? No, that is to attack technology with technology, that is, to solve it with a more cutting-edge and more technical solution. I call this method reverse analysis here.
The first step is to have an object to be studied and researched, and spend money to buy the product to be studied. This step has no technical content, it is just a business operation. In the commodity economy, as long as you have money, you should be able to solve it.
The second step is to read out the program of the core of the device, that is, the CPU, and obtain the binary or BIN program file. This step requires professional operation, and non-professionals should not try it. The
third step is to disassemble the BIN program file obtained in the second step to obtain the assembly source code with strong readability, so that you can learn it completely. Only when you understand it can you make corrections and innovations. This step involves a wide range of aspects. First of all, it is necessary to solve the problem of disassembly tools. There must be a disassembly tool that supports this CPU. Secondly, there must be an engineer who can understand the assembly program of this CPU.
The fourth step, which is also the highest level, is to accurately translate the assembly program obtained in the third step into a more intuitive C language program. With this C source code as a basis, you can innovate at will. This step requires engineers to have not only assembly language and C language, but also high requirements for patience and carefulness. Engineers must be interested in this boring work, otherwise even the best engineers will often fail the project.
Only those companies with super R&D capabilities can fully possess engineers with the skills required in the above steps, while it is difficult for small and medium-sized companies to gather these professional engineers. However, for China, since our research and application in computers, especially single-chip microcomputers, started much later than developed countries abroad, it is often the case that new single-chip microcomputers are launched abroad, and Chinese people diligently learn to apply them. Therefore, from the application level, Chinese people have studied them more thoroughly. We cannot make many single-chip microcomputers, but our application proficiency is by no means inferior to that of developed countries abroad. This naturally produces a lot of experts who have a deep understanding of the corresponding single-chip microcomputers. These experts can easily read the programs in the CPU that have been hardware-encrypted. Moreover, there is a market demand in this area in China, so China's strength in hardware decryption is quite strong. This provides a solid foundation for reverse engineering. In China, it is easy to find engineers who can crack the hardware of single-chip microcomputers and read the programs in the CPU.
But for many projects with technical content, even if the hardware is cracked and the BIN program file is obtained, it is not easy to disassemble and analyze it. Some even have soft encryption. To successfully reverse analyze, it is necessary to have a good disassembly tool, which is crucial. In addition, there must be experienced engineers who understand both assembly and C. Such engineers are a little harder to find than hardware cracking engineers. For small and medium-sized companies that have reverse analysis needs, it is not necessary for the company to have corresponding engineers. It is completely possible to find professional, full-time reverse companies or individuals, which should be more effective in solving the problem.
The above is all about reverse analysis, but how to prevent reverse analysis? The company works together and works hard to make a product. If it is reverse analyzed by others all of a sudden, the loss is huge. In theory, any product can be successfully reverse analyzed, but it is just a matter of difficulty. If the hardware encryption and software encryption of the microcontroller are strong enough, the difficulty of reverse analysis will be greatly increased, so the reverse time will inevitably increase exponentially, so that the reverser will give up on himself in terms of reverse time and cost. There are several specific ways to strengthen the prevention of reverse analysis:
1. 1. Try to choose a newly launched stable microcontroller. This scale is a bit difficult to grasp, but you can choose a newly launched chip from a large company. The stability of the newly launched chips from such companies should be guaranteed, such as TI, NXP, Atmel, ST, etc.
2. Try to choose a cost-effective 16-bit or 32-bit microcontroller instead of an 8-bit microcontroller, such as the STM32F10X series. This series of microcontrollers is quite difficult to reverse, and the price is similar to some 8-bit machines. 16-bit ones are such as the MSP430 series.
3. Try to add soft encryption code to the program, so that even if you successfully crack the program, get the program, and burn it into the chip, it will not run normally, and you must perform soft decryption. Some microcontrollers have built-in soft encryption features that can be used for soft encryption, such as Atmega series of Atmel and STM32F10X series of ST, but some do not, such as 51 and MSP430, which rarely have this feature. In this way, to achieve soft encryption, you must bring another chip and combine the program to achieve soft encryption.
4. When burning the program, all encryption bits provided by the microcontroller hardware are set to encrypted status.