Chips Knowlege Sharing

The method to hack or decrypt an mcu

  Time:2013-09-13 16:30
First step:thrown off IC chip package
IC Hack first step is thrown off IC chip package (referred to as “DECAP”, 
There are two ways to achieve this purpose: one is completely dissolved IC chip 
package, expose metal wires connections. The other one is only removed the plastic 
package on top of the silicon-core. The first method requires the IC chip to be 
binded on the test fixture and then proceed  to operate. The second method requires 
IC attacker has certain degree of knowledge and the necessary skills, moreover, 
personal wisdom and patience are critical, but the operation process is relatively 
easier to complete even in your own house.
The plastic cover on top of IC chip can be opened with a knife, epoxy resin around 
the chip can be etched away with concentrated nitric acid. Hot concentrated nitric 
acid will dissolve out of the plastic cover of IC chip package without affecting the 
metal connection and IC chip. The process generally should be operated in a very dry 
conditions, because the presence of water could erode the exposed aluminum wire 
connections (which may cause ic decryption failures).
Second step:remove residual nitric acid, and soaking
Then, IC breaker should use acetone to wash IC chip in ultrasonic cleaning the pool 
in order to remove residual nitric acid, and soaking.
Third step:find the location of the protection fuse and expose it 
The final step is to find the location of the protection fuse and expose it under the 
UV light. Usually with a microscope with magnification of at least 100 times, follow 
up from the connections of programming voltage input pin to find protection fuse. If 
without microscope, a simple way can be taken for the purpose of search by expose 
different parts of IC chip under the UV light. Opaque paper should be used to cover 
IC chip in order to protect the program memory won’t be erased by ultraviolet light. 
The effect of the protection location will be eliminated after the protecting fuse 
being exposed to UV light for 5 to 10 minutes, afterwards, using a simple programmer 
can directly read the contents of program memory.