Un-invasive Chip Extraction method doesn’t need to initialize the chip before action. Electronic component can be placed inside the test circuit to analysis when extraction chip, or make connection with chip individually.
Once success, it is a kind of MCU cracking methods which is quite easy to prevail, and the cost to resume the extraction is low. Furthermore, there is no trace will left for this method. As a matter of fact, it has been considered as the one of the most threatened method for microcontroller firmware extraction.
At the same time, great amount of time and energy must be spent to find out the un-invasive microcontroller program copying method. It need to reverse engineering the chip normally also include software disassemble and understanding of hardware layout and schematic.
Un-invasive chip extraction method can be negative or positive. Negative attack also known as side attack, it won’t bring damage to the target chip, but will detect and monitor their signals and electro-magnetic radiation. Such as power consumption analysis and time clock attack. Positive chip microcontroller firmware reading such as exhaustivity attack and noise attack, is characterized by adding signals onto the components include power supply track.
A simple un-invasive mcu cracking can by duplicate onto FPGA after power on which is base upon SRAM. Connect the JTAG interface which has been used for chip configuration. Use oscillograph or logic analyzer can catch and seize all the signals. And then we can analyze the wave form and reply the unique order.
If the resource of FPGA only be used for 50%, can use minor alteration to cover the intellectual property private fact. Save some space when configuration without the affection of chip operation. JTAG interface will have some freedom when send the signal frequency, so the signal of privacy will still show a little bit of difference compare with original one. Beside, the chip extraction cracker can exchange the address when upload to makes others believe it is different.