【 Weak current College 】 SCM common methods and coping strategies 】

【 Summary 】 introduces single-chip microcomputer internal password cracking commonly used methods, highlights the invasive attack/physical attack methods of detailed steps and, finally, from the application point of view, put forward some suggestions for dealing with crack.


【 Words】 microcontroller; crack; invasive attack/physical attacks

1 Introduction
MCU (Microcontroller) generally have internal ROM/EEPROM/FLASH for users stored procedures. In order to prevent unauthorized access to or copies of the program, most machines with the encryption chip lock or encrypt bytes, to protect the chip program. If you programmatically encrypt lock bit is enabled (locking), you cannot use normal programmer directly read the SCM process, this is the so-called copy-protected or locked features. In fact, such protection measures fragile, easily be cracked. SCM attacker with special equipment or home-made equipment, use of single-chip chip design flaws or software defects, through a variety of technical means, from the chip to extract key information, obtain the SCM process. Therefore, as the electronic product design engineer is very necessary to understand the current SCM attack the latest technology to achieve mutual understanding, an idea that can effectively prevent their own spend a lot of money and time hard-designed products are people overnight counterfeiting happened.

2 SCM attack technology
At present, there are four main microcontroller technology, namely:
(1) software attacks
This technique typically use processor communication interface and Protocol, encryption algorithm or the algorithm of security vulnerabilities to be exploited. Software attack success of a typical example is on the early ATMELAT89C series MCU attacks. Attackers use the series single-chip erase operation timing design flaws, using self-erase lock-bit encrypted erasure, stop next wipe on-chip program memory data, thereby adding overpopulated SCM become wasn'tencrypted SCM, and then use programmer to read out the chip program.

(2) electronic detection attack
This technique usually high time resolution to monitor the processor in the normal operation of all the power and interface connection simulation characteristics, and by monitoring its electromagnetic radiation characteristics to carry out an attack. Because the SCM is an active electronic devices, when it performs different directives, the corresponding power consumption also change accordingly. So by using the special electronic measuring instruments and methods of mathematical statistics analysis and detection of these changes, you can get specific SCM key information.

(3) to produce technical fault
This technology, use exceptional working conditions to enable processor error, and then provide additional access to carry out attacks. The most widely used means of fault generated attacks include voltage shock and clock. Low voltage and high voltage attack can be used to prohibit the protection circuit work or force the processor execution error. Clock transient jump may reset the protection circuit without breaking the protected information. Power supply and clock transient hopping can in some processors in a single instruction decode and execute.

(4) probe technology
This technology is directly exposed chip interconnect, and observation, manipulation, interference SCM to attack. For convenience, the above four kinds of attack techniques are divided into two categories, one category is invasive attack (physical attacks), the need for such attacks undermine the package, and then with the help of semiconductor test equipment, microscopes and micro-positioning, in specialized laboratories take several hours or even weeks to complete. All micro-probe technology are invasive attack. The other three methods are non-invasive attack, attack of the SCM will not be physically damaged. In some occasions, non-invasive attack is particularly dangerous, this is because non-invasive attack required equipment can often be homemade and upgrade, it is very cheap.

Most non-invasive attack requires the attacker have good knowledge and software knowledge. In contrast, intrusive probes attack you do not need too much of the initial knowledge and often a set of similar technology available to deal with a wide range of products.
Therefore, the MCU attacks often from intrusive, reverse engineering, accumulation of experience can help develop more cheap and fast non-invasive attack techniques.

3 invasive attack in general procedure
Invasive attack is the first step jiequ chip packaging. There are two ways to achieve this objective: the first is completely dissolved out chip packaging, exposed metal wires. The second is only removed the silicon core plastic packaging. The first method requires a chip is bound to a test fixture, with bindings to Taiwan. The second method in addition to the need for an attacker to a certain degree of knowledge and the necessary skills, you also need personal wisdom and patience, but the action seems relatively easy.
Chip above plastics can be opened with a knife, the chip can be used around the epoxy concentrated nitric acid corrosion. Hot concentrated nitric acid will dissolve chip package and will not affect the chip and wired. The process is generally very dry conditions, because there may be water erosion has exposed wire connections.
Then in the ultrasonic bath first using acetone cleaning the chip to remove residual nitrate, and then wash with water to remove salt and dry. There is no general ultrasound pool, skip this step. In this case, the chip surface will be a bit dirty, but not affect the operation of UV on the chip. The last step is to find the location and protection fuse will be exposed to UV protection fuse. General with a magnification of at least 100 times the microscope, from a programming voltage input pin's connection tracking, to seek protection fuse. If no microscope, different parts of the chip is exposed to ultraviolet and observe the results of a simple search. Action applied opaque paper cover to protect the chip program memory are not UV erased. Will protection fuse under exposure to ultraviolet light 5 ~ 10 minutes will be able to break off protection-protection, use a briefThe programmer can be directly read out the contents of program memory.

For the use of a protective layer to protect the EEPROM unit MCU, using UV-reset protection circuit is not feasible. For this type of single-chip, the general use of micro-probe technology to read the memory contents. In the chip package opens, the chip is placed under the microscope will be able to easily find the circuit from memory to the other parts of the data bus.

For some reason, the lock-bit chip in programming mode does not lock the access to storage. Use this flaw to probe placed in the data cables above can read all the data you want. In programming mode, reset read process and connect the probe to a different data line can read out the program and data storage of all information.

There is also the possibility of attacks is through the microscope and laser cutting machine and other equipment to find protection fuse so wanted and this part of the circuit is linked to all the signal lines. Due to a design defect, therefore, as long as the cut off from the other circuits protection fuse of a signal line, can prevent entire protection. For some reason, this line from the other line is very long, so the use of laser cutting machine can be cut off this thread without affecting the adjacent line. In this way, using a simple programmer will be able to directly read out the contents of program memory.

Although the majority of ordinary SCM has protection shaoduan MCU internal code feature, but due to the common position of the SCM is not inferior to produce safe products, so they tend not to provide targeted preventive measures and the security level is low. With single-chip applications, sales, delegate processing between manufacturers and technology transfer, a large number of technical information, makes the use of such chip design vulnerabilities and manufacturers test interface and modify fuse protection bits and other invasive attack or non-invasive attack means to read MCU internal procedures become easier.

4 responses to proposals for SCM
Any microcontroller, in theory, the attacker can use adequate investment and time using the above method to break. Therefore, using single-chip design certification or doing encryption system, you should try to increase the attacker attacks the cost and time spent. This is the system designers should always keep in mind the basic principles. In addition, you should also note the following points:
(1) before the selected encryption chip, to fully research, learn about SCM technology advances, including what SCM is already confirm that can break. Try not to use to interpret or with the series, the same model of the chip.
(2) as far as possible, do not choose MCS51 series single-chip, because the SCM in domestic penetration is the highest, most thoroughly studied.
(3) of the original products, generally has the features of output, so you can choose the compare uncommon, too unpopular SCM to intensify the phishers purchasing more difficult.
(4) select introduced new processes and new structures, shorter time to market, such as SCM ATMELAVR series single-chip, etc.
(5) in the design of the cost of licensing conditions, it should use a hardware self-destruct features of smart card chips, to effectively deal with physical attacks.
(6) if conditions permit, may use two different models SCM for backup, mutual authentication, thus increasing the cost break.
(7) polishing off the chip model, and other information or reprinted on other models, confused as real ones.
Of course, to fundamentally prevent the SCM is decrypted, theprogram was piracy infringements occur, can only rely on legal means to protect.