Re: Fuseable Links - no guarantees??
Jim; I was under the impression that a fuseable link was literally a piece of conductive material that you deliberatley 'blow-away' - In most cases, couldn't you simply 'tap into' the data side of the fuse, and download the info??
At 11:44 PM 6/14/96 -0400, Warren wrote:
I have never paid much attention to the protection of firmware or the technical issues revolving around such schemes...was wondering:
I recently saw an add for a UK based group that says they can take a PIC OTP micro and read the prom (for a fee, of course) - How the heck is this done?? I have my suspicion that they (somehow) magically peel off the ceramic coating (without destroying the chewy center), get a circuit mask and 'micro probe' the I/O of the IC...they then download the secret recipe to the afore mentioned 'chewy center'.
Is this close to accurate?? How is it 'done' ???
While I have never come even close to needing to attempt this kind of thing, long ago it occurred to me that if the "no read" bit was stored in a programmable bit, and if the location of that bit was known or could be identified, you could expose that particular bit through a tiny mask hole and cause the part to be readable again. Locating that bit (assuming there's just one) would be relatively simple: Take a test part, program it, read-lock it, and then expose it to a VERY slowly sliding mask with UV behind. Do this for both axes, to find the bit's location on the chip.
Jim Bell jimbell@pacifier.com
Warren wrote:
Jim;
I was under the impression that a fuseable link was literally a piece of conductive material that you deliberatley 'blow-away' - In most cases, couldn't you simply 'tap into' the data side of the fuse, and download the info??
At 11:44 PM 6/14/96 -0400, Warren wrote:
I have never paid much attention to the protection of firmware or the technical issues revolving around such schemes...was wondering:
I recently saw an add for a UK based group that says they can take a PIC OTP micro and read the prom (for a fee, of course) - How the heck is this done?? I have my suspicion that they (somehow) magically peel off the ceramic coating (without destroying the chewy center), get a circuit mask and 'micro probe' the I/O of the IC...they then download the secret recipe to the afore mentioned 'chewy center'.
Rumour has it that it is done like this: "To read a protected 16C84 make sure your VPP is 13.5 volts, then VCC should be about .5 volt less, I dont know about the accuracy of this one person told me he used a diode thet is .6 volts. now write the value 0x001f to the fuse 0x2007 about 3-10 times switch back to standard and read the chip. " It may or may not work - I would be interested if anyone can confirm it. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06
participants (2)
-
Gary Howland -
wxfield@shore.net