Make a simple analysis of the MCU cracking technology
The security level of MCU is gradually increasing. Some companies have even introduced security masters. This is a good phenomenon, indicating that people are paying more and more attention to information security and program security in the embedded field. However, for many special industries, such as consumer electronics, low-cost communication modules, power control modules, etc., due to cost pressures and speed of replacement, it is impossible to use a more secure master MCU. Still using 51 single-chip microcomputer.
Everyone may know that it is very easy to crack 51 MCU, but why is it easy, and how to crack it, maybe many people are not very clear, I am here to combine some of the information compiled by some seniors online, and their own experience, on the MCU Crack the technology to do a simple analysis.
Don't think about decryption is very complicated. He doesn't like to develop a product, first determine the customer's needs or the main functions of the new product, then set up the technical indicators, assign hardware and software development tasks, based on the hardware debugger, then verify the function, test Bug, still have to do environmental testing. There are many ways to decrypt in the industry, and each person's idea of ​​cracking is different. But it is roughly divided into several types.
1
Software cracking
The method of using software to crack the target microcontroller, using this method, will not cause physical damage to the target MCU components. Mainly for WINBONGD, SYNCMOS MCU and GAL gate array, this software decryption device, according to certain steps, execute the on-chip program to send off-chip instructions, and then intercept with the decrypted device, so the internal program of the chip Once the decryption is complete (GAL uses logic guessing), the program in the encrypted microcontroller can be obtained.
2
Hardware crack
The process is as follows:
1, test
Use a high-end programmer and other devices to test whether the chip is normal and save the configuration word.
2, open the cover
The cover is handled by manual or special opening device. The cover mentioned here does not mean that the MCU or other MCU really has a cover. To explain briefly, the MCU is actually a large-scale integrated circuit, which is composed of N circuits, and the wafer is a carrier carrying an integrated circuit. After the wafer is packaged, the IC chip that we use every day is formed. There are many kinds of package types, such as TSSOP28, QFN28, etc. You can go to Baidu search by yourself, and will not repeat it here.
3, do circuit modification
For different chips, provide corresponding drawings, let the manufacturers make circuit modifications, the purpose is to make the storage area of ​​the MCU become readable. Some MCUs do not allow reading the data in Flash or E2PROM by default, because there is a hardware circuit to protect, and once the encrypted connection is cut, the program is exposed and readable. as shown in picture 2
4, read the program
Retrieve the modified MCU and read the program directly with the programmer. It can be a HEX file or a BIN file.
5, burn samples to customers
According to the read program and configuration, it is programmed into the target MCU, thus completing the MCU crack. At this point, the hardware cracking method was successfully completed.
3
Soft and hard
The combination of software and hardware requires a very familiar familiarity with the internal structure of the chip.
There are other cracking techniques, such as electronic detection attacks, fault generation techniques, etc., but the ultimate goal is to be able to mimic the function of the target MCU.
Seeing here everyone should understand the truth, cracking the MCU can not restore the program in the MCU intact. The current technology can't be done, at least it should not be done in China. In response to the above situation, the encryption chip came into being, and the initial protection of the MCU was very good, but the vulnerability was quickly found.
I will analyze the example of actual cracking, and everyone will understand.
Encryption principle:
The MCU and the encryption chip each store an authentication key and store the same encryption algorithm;
The MCU generates a random number and sends it to the encryption chip. The latter encrypts the ciphertext after encrypting with the secret key. At this time, after the MCU decrypts, the comparison plaintext is equal to the generated random number. If they are equal, the program runs normally; if they are not equal, the error is handled.
Because the pirate does not have this key, the data exchanged between the encryption chip and the MCU is randomly changed, and the law cannot be found. Therefore, the program of the encryption chip can only be cracked, and then a piece of encryption chip can be copied to make the MCU program run. The encryption chip is different from the general MCU, and it has many security mechanisms inside, which is very difficult to crack.
This encryption scheme seems to be very secure, but it still has loopholes.
Crack method:
First, according to the second crack method, obtain the HEX file of the MCU. N steps are omitted here and will not be repeated.
Decompilation of HEX using software, there are many decompilation software.
In the decompiled program, find the comparison point, as shown in Figure 3, the CJNE statement may be this comparison point. So just delete the arrow 2 statement and then reload the assembly language into the MCU, the cracking is complete. At this point, even if there is no encryption chip, the MCU can run normally.
In fact, the reason is very simple. The MCU is to judge the return value of the encryption chip, so it is not allowed to make judgments, so that the program can operate normally regardless of the return value of the encryption chip.
So this encryption scheme was quickly cracked. Of course, it is not so absolute, because some MCUs can't get the HEX or BIN files inside even if they are split, so this cracking scheme also depends on the MCU's security level is not high enough. But it is enough to illustrate a problem. This kind of scheme to achieve encryption by comparing the encryption results, the security level is still not high enough, or there are crack holes.
Because of the limited space, this issue only provides a brief introduction to the decryption technology. The so-called knowing ourselves and knowing each other, winning every battle, only to understand the cracking technology, can be more effective in encryption protection.
Bacteria are everywhere in our daily lives. Mobile phones have become an indispensable item for us. Of course, bacteria will inevitably grow on the phone screen. The antimicrobial coating used in our Anti Microbial Screen Protector can reduce 99% of the bacterial growth on the screen, giving you more peace of mind.
Self-healing function
The Screen Protector can automatically repair tiny scratches and bubbles within 24 hours.
Clear and vivid
A transparent protective layer that provides the same visual experience as the device itself.
Sensitive touch
The 0.14mm Ultra-Thin Protective Film can maintain the sensitivity of the touch screen to accurately respond to your touch. Like swiping on the device screen.
Oleophobic and waterproof
Anti-fingerprint and oil-proof design can help keep the screen clean and clear.
If you want to know more about Anti Microbial Screen Protector products, please click Product Details to view the parameters, models, pictures, prices and other information about Anti Microbial Screen Protector products.
Whether you are a group or an individual, we will try our best to provide you with accurate and comprehensive information about Anti Microbial Screen Protector!
Antimicrobial Screen Protector, Anti-microbial Screen Protector, Anti-bacterial Screen Protector, Antibacterial Screen Protector,Anti-microbial Hydrogel Screen Protector
Shenzhen Jianjiantong Technology Co., Ltd. , https://www.mct-sz.com