Extract Microcontroller heximal has different ways from un-invasive, semi-invasive and invasive extract methods, through the fault injection experiment can reveal that in the process of reverse engineering project, semi-invasive extract mcu at89c52 heximal can obtain route map of memorizer.
The only restriction is because flash lamp can’t generate consistent and single color light, so it is very difficult to concentrate the light point in the exposed area. Use laser light to replace flash lamp to extract microcontroller can solve this problem.
A modern safe microcontroller with great design is not easy to be cracked by single color laser, their protection status is depends on the multiple bits of physical memorizer. However, many code of microcontroller extractor can be proceed through modification on the protection trigger lock. So the microcontroller designer need to assure each single transistor failure won’t unlock microcontroller security rules.
As for the smartcard embedded chip readout process microcontroller extract, jump instruction conflict is a very strong and general extract point. microcontroller extracter can use branch terms for smartcard code installation to direct to the wrong orientation. For example, decrease the number of password block cycle to below one or two times can restore the password directly.
Current high tech microcontroller anti-extract skill, such as the top layer metal shield and data bus encryption for chip embedded firmware extraction, will make the microcontroller extracter feel more complicate which is not secure enough. The very veteran microcontroller unlocking engineer can even use infrared light or X ray to deal with the shield from metal layer, and extract the memorizer directly can jump the data bus encryption.