At 3:44 AM 6/15/96, Warren wrote:

I have never paid much attention to the protection of firmware or the technical issues revolving around such schemes...was wondering:

I recently saw an add for a UK based group that says they can take a PIC OTP micro and read the prom (for a fee, of course) - How the heck is this done?? I have my suspicion that they (somehow) magically peel off the ceramic coating (without destroying the chewy center), get a circuit mask and 'micro probe' the I/O of the IC...they then download the secret recipe to the afore mentioned 'chewy center'.

Is this close to accurate?? How is it 'done' ???

I don't know of any modern chips that have "ceramic coatings." (Some chips, esp. CPUs, are still ceramic-packaged, but in these cases the metal or ceramic lids are easily removed.) Most chips are plastic-packaged, and plasma ashers and/or chemical baths will expose the chip surface easily enough. Once exposed, various methods exist to read internal voltage levels. For example, electron beams in a scanning electron microscope (SEM) can fairly easily read at least surface potentials. Whether a SEM in voltage-contrast mode can read voltages on lower levels depends on a lot of things, and I can't even make a guess here as to whether OTP (one-time programmable) memories from particular vendors can have internal nodes probed. With enough money, many things are possible. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."