At present, there are four main technologies for attacking single-chip microcomputers:
(1) Software attack
This technique typically uses a processor communication interface and exploits protocols, encryption algorithms, or security vulnerabilities in these algorithms to attack. A typical example of a successful software attack is an attack on earlier ATMEL AT89C series microcontrollers. The attacker exploited the vulnerability in the timing design of the series of single-chip erase operations, and used the self-programming program to stop the operation of erasing the on-chip program memory data after erasing the encryption lock bit, thereby turning the over-sized microcontroller into The unencrypted microcontroller is then used to read the on-chip program using the programmer.
(2) Electronic detection attack
This technique typically monitors the analog characteristics of all power and interface connections of the processor during normal operation with high temporal resolution and performs attacks by monitoring its electromagnetic radiation characteristics. Because the microcontroller is an active electronic device, when it executes different instructions, the corresponding power consumption of the power supply changes accordingly. In this way, by using special electronic measuring instruments and mathematical statistical methods to analyze and detect these changes, specific key information in the microcontroller can be obtained.
(3) Fault generation technology
This technique uses abnormal working conditions to make the processor go wrong and then provides additional access to the attack. Attacks that use the widest range of faults include voltage surges and clock surges. Low voltage and high voltage attacks can be used to disable the protection circuit or force the processor to perform erroneous operations. Clock transients may reset the protection circuit without destroying the protected information. Power and clock transients can affect the decoding and execution of a single instruction in some processors.
(4) Probe technology
The technology directly exposes the internal wiring of the chip, and then observes, manipulates, and interferes with the microcontroller to achieve the purpose of attack. For the sake of convenience, the above four attack technologies are divided into two categories, one is intrusive attack (physical attack), which requires destruction of the package, and then in a specialized laboratory with semiconductor test equipment, microscopes, and micro locators. It takes hours or even weeks to complete. All microprobe technologies are intrusive attacks. The other three methods are non-intrusive attacks, and the attacked microcontroller will not be physically damaged. Non-intrusive attacks are particularly dangerous in some cases because the equipment required for non-intrusive attacks can usually be self-made and upgraded, so it is very cheap.
Most non-intrusive attacks require an attacker with good processor knowledge and software knowledge. In contrast, invasive probe attacks do not require much initial knowledge, and a wide range of similar techniques can often be used to deal with a wide range of products. As a result, attacks on microcontrollers often start with intrusive reverse engineering, and the accumulated experience helps to develop cheaper and faster non-intrusive attack techniques.
General process of intrusive attacks
The first step in an intrusive attack is to remove the chip package. There are two ways to do this: the first is to completely dissolve the chip package and expose the metal wires. The second is to remove only the plastic package on the silicon core. The first method requires binding the chip to the test fixture and operating it with the binding station. In addition to the need to have the attacker's knowledge and necessary skills, the second method requires personal wisdom and patience, but it is relatively convenient to operate. The plastic on the chip can be uncovered with a knife, and the epoxy resin around the chip can be etched away with concentrated nitric acid. Hot concentrated nitric acid dissolves the chip package without affecting the chip and wiring. This process is generally carried out under very dry conditions, as the presence of water may attack the exposed aluminum wire connections.
The chip was then washed with acetone in an ultrasonic bath to remove residual nitric acid, then rinsed with water to remove salts and dried. Without an ultrasound pool, this step is generally skipped. In this case, the surface of the chip will be a bit dirty, but it will not affect the operation of the UV light on the chip. The final step is to find the location of the protective fuse and expose the protective fuse to ultraviolet light. Generally, a microscope with a magnification of at least 100 times is used to track the connection from the programming voltage input pin to find the protection fuse. If there is no microscope, a simple search is performed by exposing different parts of the chip to ultraviolet light and observing the results. An opaque sheet of paper is applied over the chip to protect the program memory from UV light. Exposing the protective fuse to UV light for 5 to 10 minutes destroys the protection of the protection bit, after which the contents of the program memory can be read directly using a simple programmer.
For a microcontroller that uses a protective layer to protect the EEPROM cell, it is not feasible to use a UV reset protection circuit. For this type of microcontroller, microprobe technology is typically used to read the memory contents. After the chip package is opened, placing the chip under the microscope makes it easy to find the data bus that is connected from the memory to the rest of the circuit. For some reason, the chip lock bit does not lock access to the memory in programming mode. With this defect, the probe can be placed on top of the data line to read all the desired data. In programming mode, all information in the program and data memory can be read by restarting the read process and connecting the probe to another data line.
Another possible attack is to find a protective fuse with equipment such as a microscope and a laser cutter to find all the signal lines associated with this part of the circuit. Due to the design flaws, the entire protection function can be disabled by cutting off a certain signal line from the protection fuse to other circuits. For some reason, this line is very far from the other lines, so using a laser cutter can completely cut the line without affecting the adjacent line. In this way, the contents of the program memory can be read directly using a simple programmer.
Although most common single-chip microcomputers have the function of fuse-breaking to protect the code in the single-chip microcomputer, since the general-purpose low-end single-chip microcomputers are not positioned to manufacture security products, they often do not provide targeted prevention measures and have a low security level. In addition, the application of SCM is extensive, the sales volume is large, the commissioning of processing and technology transfer between manufacturers is frequent, and a large amount of technical data is leaked out, which makes use of the design flaws of such chips and the test interface of the manufacturer, and the intrusion type by modifying the fuse protection position. It is easier to use an attack or non-intrusive attack to read the internal program of the microcontroller.
6W to 24W LED Underwater Fountain Light series,Good quality with high class brand LED chips and stable driver,304 stainless steel strong housing support for Fountainshow.Singel color and DMX512 RGB multi color for select.Install in Park fountian,Lake,Hotel Fountain etc
Products Description:
1,304 Satinless steel and strick manufacturing process technology,low voltage high safety.IP68 grade
2,Use Cree,brigelux,Osram chips and stable driver,Longlife span.3-5 years warranty quality.
3.Control system:Singel control,DMX512 control.
4,Each pices test before shipment.waterproof test,control test,ageing test.
Our other products range: LED Underground Light , LED Underwater Light , LED Wall Washer Light, LED Linear Light , LED Outdoor Flood Light, LED Garden Light , LED Landscape Light , LED Strip Light , Led Step Light etc.
Fountain Light,Garden Fountain Light,Outdoor Fountain Light,Light in water
SHENGYA LIGHTING TECHNOLOGY CO., LTD. , https://www.syalighting.com