INSIGHTS | January 22, 2008

Security Mechanism of PIC16C558,620,621,622

Last month we talked about the structure of an AND-gate layed out in Silicon CMOS.  Now, we present to you how this AND gate has been used in Microchip PICs such as PIC16C558, PIC16C620, PIC16C621, PIC16C622, and a variety of others.

If you wish to determine if this article relates to a particular PIC you may be in possession of, you can take an windowed OTP part (/JW) and set the lock-bits.  If after 10 minutes in UV, it still says it’s locked, this article applies to your PIC.

IF THE PART REMAINS LOCKED, IT CANNOT BE UNLOCKED SO TEST AT YOUR OWN RISK.

The picture above is the die of the PIC16C558 magnified 100x.  The PIC16C620-622 look pretty much the same.  If there are letters after the final number, the die will be most likely, “shrunk” (e.g. PIC16C622 vs PIC16C622A).

Our area of concern is highlighted above along with a zoom of the area.

When magnified 500x, things become clear.  Notice the top metal (M2) is covering our DUAL 2-Input AND gate in the red box above.We previously showed you one half of the above area.  Now you can see that there is a pair of 2-input AND gates.  This was done to offer two security lock-bits for memory regions (read the datasheet on special features of the CPU).Stripping off that top metal (M2) now clearly shows us the bussing from two different areas to keep the part secure.  Microchip went the extra step of covering the floating gate of the main easilly discoverable fuses with metal to prevent UV from erasing a locked state.  The outputs of those two fuses also feed into logic on the left side of the picture to tell you that the part is locked during a device readback of the configuration fuses.

This type of fuse is protected by multiple set fuses of which only some are UV-erasable.

The AND gates are ensuring all fuses are erased to a ‘1’ to “unlock” the device.

What does this mean to an attacker?  It means, go after the inal AND gate if you want to forcefully unlock the CPU.  The outputs of the final AND gate stage run underneather VDD!! (The big mistake Microchip made).  Two shots witha laser-cutter and we can short the output stages “Y” from the AND-gate to a logic ‘1’ allowing readback of the memories (the part will still say it is locked).Stripping off the lower metal layer (M1) reveils the Poly-silicon layer.

What have we learned from all this?

    • A lot of time and effort went into the design of this series of security mechanisms.
    • These are the most secure Microchip PICs of ALL currently available.  The latest ~350-400nm 3-4 metal layer PICs are less secure than the
    • Anything made by human can be torn down by human!

:->

INSIGHTS | November 1, 2007

Unmarked Die Revisions :: Part II

[NOTE- This article will describe a process known as “Wet-Etching“.  Wet-etching is a process that can be very dangerous and we do not recommend anyone reading this try it unless you know what you are doing and have the proper equipment.

The chemicals required such as Hydrofluoric Acid (HF) attack bone marrow.  HF is painless until several hours later when it’s too late to take proper action so please be careful and be responsible. ]

Previously we discussed noticing Microchip making changes to their silicon substrates (aka the die) without marking the outside of the packaging as companies normally do.

See below a picture of the second generation PIC18F1320 die (same one you saw in Part I)-

We thought we would show you what this substrate looks like with a little wet-etching.  The picture below has the top metal (Metal 3 or M3) removed or stripped off-

Flylogic Engineering are experts on doing the unbelievable (unthinkable!) when it comes to silicon-substrate attacks.  We are the only known lab in the world to have ever executed a technique we call, “Selective Wet-Etching” where we lay a mask down and wet-etch only areas we select.  The important thing to point out here is that when we are finished, the part is still 100% functional!  This plays an important role to bypass security meshes or other obstructions.

Now for the good stuff.  We did not etch off the metal completely because we noticed the hole size was touching an active wire on the top metal (M3).  So we decided this was enough and light could easily get back through.

A little more etching and the metal inside this hole would have been gone however the vertical track (wire) to the left would have also been gone.  This was enough and 45 minutes in UV resets the fuses (unlocking the device).

As we explained earlier, this part functions 100% except now the UV light can easily get underneath down to Metal 1 without hindrance.

PS-  Bunnie was right regarding the CPU running on Microcode.  All Microchip PIC’s ranging from the 10 series upto the 18 series contain a micro-coded architecture.  This should shed light to some of you as-to why they are sooo slow (Feed them 40 Mhz, you get an execution time of 10 Mhz).  Some of the newer PIC’s include Phase Lock Loops (PLLs) to 4x the external frequency.

INSIGHTS | October 26, 2007

Decapsulated devices

Recently at Toorcon9 (www.toorcon.org), some individuals asked to see images of decapsulated parts still in their packages. I dug around and came up with some examples. Click on any of the pictures for a larger version.

 

 

Above: Dallas DS89C450

 

 

Above: Microchip dsPIC30F6013

Using our proprietary procedures, all parts remain 100% functional with no degradation after exposing the substrate.

INSIGHTS |

Unmarked Die Revisions :: Part I

We have noticed a few different die revisions on various Microchip’s substrates that caught our attention.  In most case when a company executes any type of change to the die, they change the nomenclature slightly.  An example is the elder PIC16C622.  After some changes, the later part was named the PIC16C622A and there was major silicon layout changes to the newer ‘A’ part.

The PIC16C54 has been through three known silicon revs (‘A’ – ‘C’) and has now been replaced by the PIC16F54.

However, we’ve noticed two different devices from them (PIC12F683 and PIC18F1320) that caught our eye.  The PIC12F683 changes seem purely security related concerns.  The code protection output track was rerouted.

Our guess- They were concerned the magic track was too easilly accessable.

We will focus this article to the PIC18F1320 and consider this as a follow-up to our friends at Bunnie Studios, LLC.  A few years ago Bunnie wrote an article about being able to reset the fuses of the PIC18F1320 to a ‘1’ thus unlocking the once protected PIC.

The newly improvised second generation PIC18F1320 with fill patterns place over open areas.

You might ask yourself:  What are they hiding?  The part contains three metal layers however, the top layer has been partially removed by wet-etching techniques.  This allows us to see below in denser areas.The newly improvised second generation PIC18F1320 now has these cells covered aka Bunnie attack prevention!

Conclusion:  Did they archieve their goal?  From an optical attack, sort-of.  They are not expecting the attacker to be able to selectively remove this covering metal.  Stay tuned for part II of this report where we show you this area with the covering metal removed and the fuses exposed once again!