Microcontroller generally has internal ROM / EEPROM / flash for users to store programs. In order to prevent unauthorized access to or copy the internal program of MCU, most MCU are equipped with encryption lock positioning or encryption bytes to protect the on-chip program. If the encryption lock positioning is enabled (locked) during programming, it is impossible to directly read the program in the single chip microcomputer with an ordinary programmer, which is the so-called copy protection or locking function. In fact, such protection measures are fragile and easy to crack. With the help of special equipment or self-made equipment, single chip microcomputer attackers can extract key information from the chip and obtain the program in the single chip microcomputer through a variety of technical means. Therefore, as a design engineer of electronic products, it is very necessary to understand the latest technology of current single-chip microcomputer attack, know yourself and the enemy, and know well, so as to effectively prevent the products that he has spent a lot of money and time to design from being imitated by others overnight.
2 single chip microcomputer attack technology
At present, there are four main techniques for attacking single chip microcomputer, namely:
(1) Software attack
This technology usually uses the processor communication interface and uses protocols, encryption algorithms or security vulnerabilities in these algorithms to attack. A typical example of successful software attack is the attack on the early ATMEL AT89C Series MCU. The attacker took advantage of the loophole in the design of erasing operation sequence of this series of single chip microcomputer, used self-programmed program to stop the next operation of erasing the data of on-chip program memory after erasing the encryption lock, so as to turn the encrypted single chip microcomputer into an unencrypted single chip microcomputer, and then used the programmer to read out the on-chip program.
(2) Electronic detection attack
This technology usually monitors the simulation characteristics of all power supply and interface connections of the processor in normal operation with high time resolution, and carries out attacks by monitoring its electromagnetic radiation characteristics. Because MCU is an active electronic device, when it executes different instructions, the corresponding power consumption also changes accordingly. In this way, by using special electronic measuring instruments and mathematical statistical methods to analyze and detect these changes, the specific key information in the single chip microcomputer can be obtained.
(3) Fault generation technology
This technique uses abnormal operating conditions to make the processor error, and then provides additional access to attack. The most widely used means of fault generation attack include voltage shock and clock shock. Low and high voltage attacks can be used to inhibit the operation of the protection circuit or force the processor to perform incorrect operation. A transient clock jump may reset the protection circuit without destroying the protected information. Power and clock transients can affect the decoding and execution of a single instruction in some processors.
(4) Probe technology
This technology is to directly expose the internal wiring of the chip, and then observe, manipulate and interfere with the single chip microcomputer to achieve the purpose of attack.
For convenience, people divide the above four attack technologies into two categories. One is intrusive attack (physical attack). This kind of attack needs to destroy the package, and then it takes hours or even weeks to complete it in a special laboratory with the help of semiconductor test equipment, microscope and micro locator. All microprobe technologies are intrusive attacks. The other three methods belong to non-invasive attack, and the attacked MCU will not be physically damaged. In some cases, non-invasive attacks are particularly dangerous because the equipment required for non-invasive attacks can usually be self-made and upgraded, so it is very cheap.
Most non-invasive attacks require attackers to have good processor knowledge and software knowledge. In contrast, invasive probe attacks do not require much initial knowledge, and a set of similar technologies can usually be used to deal with a wide range of products. Therefore, the attack on MCU often starts with invasive reverse engineering. The accumulated experience is helpful to develop cheaper and faster non-invasive attack technology.
3 general process of intrusive attack
The first step in an intrusive attack is to remove the chip package. There are two ways to achieve this goal: the first is to completely dissolve the chip package and expose the metal wiring. The second is to remove only the plastic package on the silicon core. The first method needs to bind the chip to the test fixture and operate with the help of the binding table. The second method requires not only the attacker’s certain knowledge and necessary skills, but also personal wisdom and patience, but it is relatively convenient to operate.
The plastic on the chip can be uncovered with a knife, and the epoxy resin around the chip can be corroded with concentrated nitric acid. Hot concentrated nitric acid will dissolve the chip package without affecting the chip and wiring. This process is generally carried out under very dry conditions because of the storage of water
Exposed aluminum wire connections may be eroded.
Then, the chip was washed with acetone in the ultrasonic cell to remove residual nitric acid, and then washed with clean water to remove salt and dried. If there is no ultrasonic pool, this step is generally skipped. In this case, the chip surface will be a little dirty, but it will not affect the operation effect of ultraviolet light on the chip.
The last step is to find the location of the protective fuse and expose the protective fuse to ultraviolet light. Generally, a microscope with a magnification of at least 100 times is used to track the wiring from the programmed voltage input pin to find the protective fuse. If there is no microscope, a simple search is carried out by exposing different parts of the chip to ultraviolet light and observing the results. During operation, the chip shall be covered with opaque paper to protect the program memory from being erased by ultraviolet light. The protection function of the protection bit can be destroyed by exposing the protection fuse to ultraviolet light for 5 ~ 10 minutes. After that, the contents of the program memory can be directly read out by using a simple programmer.
It is not feasible to use the UV reset protection circuit for the single chip microcomputer that uses the protective layer to protect the EEPROM unit. For this type of MCU, microprobe technology is generally used to read the content of memory. After the chip package is opened, the data bus connected from the memory to other parts of the circuit can be easily found by placing the chip under the microscope. For some reason, chip lock positioning in programming mode does not lock access to memory. Using this defect, all the desired data can be read by placing the probe on the data line. In the programming mode, all information in the program and data memory can be read out by restarting the reading process and connecting the probe to another data line.
Another possible attack means is to find the protective fuse with the help of equipment such as microscope and laser cutting machine, so as to find all the signal lines associated with this part of the circuit. Due to the defective design, the whole protection function can be disabled as long as a signal line from the protection fuse to other circuits is cut off. For some reason, this line is very far away from other lines, so the laser cutting machine can cut this line without affecting the adjacent lines. In this way, the contents of the program memory can be directly read out by using a simple programmer.
Although most ordinary microcontrollers have the function of fuse burning to protect the code in the microcontroller, because the general low-grade microcontrollers are not positioned to make safety products, they often do not provide targeted preventive measures and the security level is low. In addition, the single chip microcomputer has a wide range of applications, large sales volume, frequent entrusted processing and technology transfer among manufacturers, and a large number of technical data, which makes it easier to read the internal program of the single chip microcomputer by using the design loopholes of this kind of chip and the manufacturer’s test interface, and by modifying the invasive attack or non-invasive attack section such as fuse protection bit.
4 some suggestions on solving single chip microcomputer
Any single chip microcomputer? Theoretically, attackers can use the above methods with sufficient investment and time to break through. Therefore, when using MCU to do encryption authentication or design system, we should try to increase the attack cost and time of attackers. This is a basic principle that system designers should always keep in mind. In addition, the following points should be noted:
(1) Before selecting the encryption chip, we should fully investigate and understand the new progress of MCU cracking technology, including which MCU has been confirmed to be cracked. Try not to use chips that can be cracked or of the same series and model.
(2) Try not to choose MCS51 series single chip microcomputer, because the single chip microcomputer has the highest popularity in China and has been studied most thoroughly.
(3) The originator of the product generally has the characteristics of large output, so the relatively rare and unpopular single chip microcomputer can be selected to increase the difficulty of counterfeiter procurement.
(4) Single chip microcomputer with new technology, new structure and short listing time, such as ATMEL AVR series single chip microcomputer, etc.
(5) Under the condition that the design cost permits, the smart card chip with hardware self destruction function should be selected to effectively deal with physical attacks.
(6) If conditions permit, two different models of single chip computers can be used to back up and verify each other, so as to increase the cracking cost.
(7) Polish the information such as chip model or reprint other models to confuse the false with the true.
Of course, in order to fundamentally prevent the single chip microcomputer from being decrypted and the program from being pirated, we can only rely on legal means to protect it.