IC decryption request source

Posted by

IC decryption request source: that is, external interrupt 0 and 1, introduced through the external pin, there are two pins on the microcontroller, named INT0, INT1, namely P3.2, P3.3 these two pins. In the internal TCON, four bits are related to external interruption. IT0: INT0 trigger mode control bit, can be programmed and reset by software, IT0 = 0, INT0 for low level trigger mode, IT0 = 1, INT0 for negative jump trigger mode. The differences between the two methods will be discussed later. IE0:INT0 interrupt request flag bit. When there is an external interrupt request, this is set to 1 (which is done by the hardware), which clears IE0 by the hardware after the CPU responds to the interrupt. The use of IT1 and IE1 is the same as that of IT0 and IE0. (2) Internal interrupt request source TF0: Overflow interrupt flag of timer T0. When T0 count overflows, TF0 is set by hardware. When the CPU response is interrupted, the TF0 is cleared by the hardware 0. TF1: similar to TF0. TI, RI: serial port sending and receiving interruption, and then explained in serial port. In MCS-51 interrupt system, interrupt allowance register IE is controlled by 8-bit interrupt allowance register IE which can be bit-addressable in chip. Where EA is the master switch, if it is equal to 0, all interrupts are not allowed. The interruption of the e serial port allows the interrupt of the timer 1 1, allowing EX1 interrupt 1 interrupt. ET0 timer 0 interrupt allows EX0 – out interrupt 0 interrupt allowed. If we set the allowable external interrupt 1, timer 1 interrupt allowable, other not allowed, then IE can be EAX, that is, 8CH, of course, we can also use the bit operation instruction SETB EA SETB ET1SETB EX1 to achieve it. Natural Priority of Five Interrupt Sources and Outside Interrupt Service Entry Address 0:0003H Timer 0:000BH Outside Interrupt 1:0013H Timer 1:001BH Serial Port: 0023H Their Natural Priority Ranges from High to Low. Write here, you should understand why there are some programs before we start to write this way: ORG 0000HLJMP START ORG 0030H START:. The purpose of this is to make the vector address occupied by the interrupt source. Of course, when there is no interruption in the program, it is not wrong in principle to write the program directly from 0000H, but it is better not to do so in practice. Priority: SCM adopts the strategy of natural priority and manual setting of high and low priority, that is, programmers can set which interrupts are high priority and which interrupts are low priority, because there are only two levels, there must be some interrupts at the same level, at the same level, determined by natural priority. When starting, every interrupt is low priority, and we can set the priority with instructions. Look at Table 2 where the interrupt priority is set high by the interrupt priority register IP, and one bit in the IP is set to 1. The corresponding interrupt is high priority, otherwise it is low priority. XX X PS PT1 PX1 PT0 PX0

DSPIC30F IC unlock

Posted by

IC unlock may occur when second instructions are executed. In this case, second instructions and additional stopping cycles are allowed to execute before ISR. In this way, the stopping period associated with the second instructions will normally execute. However, the stopping cycle will actually be embedded in the sequence of abnormal processes. If a normal double cycle instruction is interrupted, the abnormal process will continue.
Three, instruction stop cycle and process change instruction
CALL and RCALL instructions use W15 to write to the stack, and if the source read by the next instruction uses W15, execution of the instructions may therefore be forced to stop before the next instruction. RETFIE and RETURN instructions can never be forced to stop before the next instruction, because these instructions can only perform read operations. However, users should be aware that the RETLW instruction can force a stop because it writes to the W register in the last cycle. Because GOTO and transfer instructions do not perform write operations, they can never force instruction to stop.
Four, instruction stop and DO and REPEAT cycles.
In addition to increasing the instruction stop cycle, RAW data dependency does not affect the work of DO or REPEAT loops. The prefetching instructions in the REPEAT loop will not change until the loop completes or occurs. Although register correlation checks cross instruction boundaries, dsPIC30F actually compares the source and destination addresses of the same instruction in a REPEAT loop. The last instruction of the DO loop prefetches the instruction at the start address of the loop or the next instruction (outside the loop). The decision to stop the instruction is made by the last instruction of the loop and the contents of the prefetch instruction.
Five, instruction stop and program space visibility (PSV)
When the program space (PS) is mapped to the data space by enabling the PSV (CORCON < 2 >) bit, and the X space EA is within the visible program space range, the read or write cycle is redirected to the address in the program space. It takes up to 3 instruction cycles to access data from program space. Instruction operations in PSV address space, like any other instruction, are affected by RAW data correlation and subsequent instruction stops.

MCU crack chip decryption methods

Posted by

Source: IC declassified. The attacker took advantage of the loophole in the timing design of erasure operation of the series of microcontrollers. After erasing the encrypted lock bits, the self-programmed program was used to stop the next erasing operation of the on-chip program memory data, thus turning the encrypted microcontrollers into non-encrypted microcontrollers, and then using the programmer to read out the on-chip program.

2. Electronic detection attack usually monitors the analog characteristics of all power supply and interface connections when the processor is in normal operation with high time resolution, and attacks are carried out by monitoring its electromagnetic radiation characteristics. Because MCU is an active electronic device, when it executes different instructions, the corresponding power consumption also changes accordingly. In this way, by using special electronic measuring instruments and mathematical statistical methods to analyze and detect these changes, the specific key information in the MCU microcomputer can be obtained.

3. Fault Generation Technology This technology uses abnormal working conditions to make the processor error, and then provides additional access to attack. The most widely used means of attack include voltage impact and clock impact. Low voltage and high voltage attacks can be used to prohibit protection of circuits or force processors to perform erroneous operations. Clock transient hopping may reset the protection circuit without damaging the protected information. The transient hopping of power and clock can affect the decoding and execution of single instruction in some processors.

4. Probe technology. This technology directly exposes the internal connection of the chip, and then observes, manipulates and interferes with the microcontroller to achieve the purpose of attack.

DSP MCU crack

Posted by

EEPROM programming algorithm for DSP MCU crack technology
Source: On the basis of IC decryption characteristics, we can choose the most secure and reasonable decryption scheme for MCU crack. (Note: DSPIC30F series chip decryption for example) 1. Data EEPROM programming is similar to program memory, EEPROM storage block is accessed by reading and writing table operations. Because EEPROM memory has only 16 bit width, its operation does not require TBLWTH and TBLRDH instructions. The programming and erasing steps of data EEPROM are similar to those of flash memory, but the difference is that data EEPROM is optimized for fast data access. On data EEPROM, you can perform the following programming operations: erase a word erase a line (16 words) program a word program a line (16 words) in normal operation (the entire VDD range of work), data EEPROM readable and writable. Unlike flash memory, normal program execution does not stop when EEPROM is programmed or erased. EEPROM erasure and programming operations are performed through NVMCON and NVMKEY registers. The programming software is responsible for waiting for the operation to complete. Software can detect the completion time of an EEPROM erasure or programming operation by one of three methods: querying the WR bit with software (NVMCON < 15 >). When the operation is completed, the WR bit will be cleared. Query NVMIF bit (IFS0<12>) with software. When the operation is completed, the NVMIF bit will be set to 1. NVM interrupt is allowed. When the operation is completed, the CPU will be interrupted. ISR can handle more programming operations. Two, EEPROM single word programming algorithm 1. erase a EEPROM word. Set the NVMCON register to erase a EEPROM word. The addresses of the erased characters are written to the TBLPAG and NVMADR registers. Clear the NVMIF status bit and allow NVM interrupt (optional). Write the key sequence to NVMKEY. The WR position is 1. This will start the erase cycle. Query WR bit or wait for NVM interrupt. 2. write the data word to the data EEPROM to write the latch. 3. programming data words into EEPROM. Set the NVMCON register to program a EEPROM word. Clear the NVMIF status bit and allow NVM interrupt (optional). Write the key sequence to NVMKEY. The WR position is 1. This will start the programming cycle. Query WR bit or wait for NVM interrupt. 3. EEPROM line programming algorithm, if you need to program more than one word into EEPROM, each erase and program 16 words (1 line) will be faster. The process of programming 16 words to EEPROM is as follows: 1. Read a row of data EEPROM (16 words) and save it to data RAM in the way of data “mirror”. The EEPROM part to be modified must be in the even 16 word address boundary. 2. update data mirroring with new data. 3. erase EEPROM rows. Set the NVMCON register to erase one row of EEPROM. Clear the NVMIF status bit and allow NVM interrupt (optional). Write the key sequence to NVMKEY. The WR position is 1. This will start the erase cycle. Query WR bit or wait for NVM interrupt. 4. write 16 data words to the data EEPROM to write the latch. 5. programming a row of data to data EEPROM. Set the NVMCON register to program a line of EEPROM. Clear the NVMIF status bit and allow NVM interrupt (optional). Write the key sequence to NVMKEY. The WR position is 1. This will start the programming cycle. Query WR bit or wait for NVM interrupt.

74A series IC unlock

Posted by

74AC11245 series IC unlock is our latest popular chip model. The specific models of 74AC11245 series chips that we can provide decryption services are:
74AC11245DW
74AC11245DWR
74AC11245NT
74AC11253N
74AC11257DW
74AC11257DWR
74AC11257N
74AC112P
74AC11373NT
74AC11M
74AC11245
74AC11244PWR
74AC11244NT
74AC11244DWR
74AC11244DW
74AC11244DBR
74AC11244D
74AC11244
74AC11240NT
74AC11240DWR

SST27 MCU decryption

Posted by

SST27SF010 overview
SST27SF010 is a 128K X8 MTP low-cost flash, manufactured by SST’s patented, high-performance CMOS SuperFlash technology. The split gate cell design and thick oxide tunneling injector achieve better reliability and manufacturability than other methods. These MTP devices are electrically erasable and programmable at least 1000 times, using an external programmer powered by a 12-volt power supply. They must be erased before programming. These devices comply with JEDEC standard pins with byte wide memory.
SST27SF010 characteristics
The organizational structure is 128K X8.
4.5-5.5V read operation
Excellent reliability
Endurance: at least 1000 times.
– more than 100 years of data retention period
Low power consumption
– working current: 20 mA (typical value)
Standby current: 10 A (typical value)
Fast read access time
– 70 nanosecond
– 90 nanosecond
Fast Byte programming operation
Byte programming time: 20 s (typical value)
– chip programming time: 2.8 seconds (typical value)
Electrical erasure programming
– no UV light source is needed.
– chip erase time: 100 ms (typical value)
Compatibility of TTL I / O
JEDEC standard byte width EPROM pin
Packaging options
– 32 pin PLCC
– 32 pin TSOP (8mm x 14mm)
– 32 pin PDIP
In the research of MCU decryption technology, our company has long been focusing on high-difficulty IC decryption research, DSP SST27 MCU decryption research, CPLD MCU decryption research, FPGA MCU decryption  research and other fields. At present, we have obtained the typical project achievement in the SST series microcontroller decryption, STC series microcontroller decryption, ST series MCU decryption, NEC series microcontroller decryption and so on. Specialized decryption equipment and detection instruments can provide high-efficiency, high-quality and reliable SST27 series SST27SF010 MCU microcomputer decryption service for customers at home and abroad.

MPC82E IC unlock

Posted by

IC unlock studio successfully cracked the Megawin series of typical chips, for the Megawin series of chip decryption / microcontroller decryption, Dragon IC decryption studio can provide a safe and reliable, reasonably priced decryption services. In order to facilitate the technical analysis and understanding of MPC82E54 chip for customers, and to facilitate the decryption engineer to provide the most efficient and reliable decryption scheme for MPC82E54 chip, Dragon IC unlock Studio provides an introduction to the basic characteristics of MPC82E54 chip.

XC95 IC decryption

Posted by

IC decryption is a chip that we often decrypt in our work; XC95144XV and other XILINX series CPLD chip decryption is recognized as the industry’s difficult to decrypt IC, CPLD series chip decryption because of the difficulty of decryption, long decryption cycle, high cost of decryption, and technical methods are not mature, become a lot of electronic engineers trouble. Decryption engineers have devoted most of their efforts to DSP chip decryption, CPLD chip decryption, FPGA IC decryption and other technical research fields, and have focused on various types of difficult decryption. At present, we have made a series of breakthroughs in various series of difficult IC decryption research.

DSPIC30F chip decryption

Posted by

The DSPIC30F full range of DSP chips can provide an efficient and reliable decryption scheme. Here, in order to help customers and decryption engineers to analyze and understand DSP IC30F series DSP chips, the decryption engineer briefly states the timer part of the series chip:

SST89E IC unlock

Posted by

Source: IC unlock and other typical SST series of microcontroller decryption requirements please contact the Nisdi chip decryption institute. Relying on the long-term research of decryption technology and the actual decryption verification, the IC unlock Research Institute has broken through the SST series of single-chip decryption. We can provide high-quality and reliable decryption services for all the MCU computers in this series. The following we provide SST89E564RD MCU main technical features, to help customers and technical engineers for technical reference, facilitate in the chip decryption project cooperation process for technical understanding and communication.
SST89E564RD FEATURES:
8-bit 8051 Family Compatible Microcontroller (MCU) with Embedded SuperFlash Memory
SST89E564RD/SST89E554RC is 5V Operation
– 0 to 40 MHz Operation at 5V
SST89V564RD/SST89V554RC is 3V Operation
– 0 to 25 MHz Operation at 3V
Fully Software and Development Toolset
Compatible as well as Pin-For-Pin Package
Compatible with Standard 8xC5x Microcontrollers
1 KByte Register/Data RAM
Dual Block SuperFlash EEPROM
– SST89E564RD/SST89V564RD: 64 KByte primary block + 8 KByte secondary block (128-Byte sector size)
– SST89E554RC/SST89V554RC: 32 KByte primary block + 8 KByte secondary block (128-Byte sector size)
– Individual Block Security Lock
– Concurrent Operation during In-Application
Programming (IAP)
– Block Address Re-mapping
Support External Address Range up to 64 KByte of Program and Data and
Three High-Current Drive Pins (16 mA each)
Three 16-bit Timers/Counters
Full-Duplex Enhanced UART
– Framing error detection
– Automatic address recognition
Nine Interrupt Sources at 4 Priority Levels
Watchdog Timer (WDT)
Programmable Counter Array (PCA)
Four 8-bit I/O Ports (32 I/O Pins)
Second DPTR register
Reduce EMI Mode (Inhibit ALE through AUXR SFR)
SPI Serial Interface
TTL- and CMOS-Compatible Logic Levels
Brown-out Detection
Extended Power-Saving Modes
– Idle Mode
– Power Down Mode with External Interrupt Wake-up
– Standby (Stop Clock) Mode
PDIP-40, PLCC-44 and TQFP-44 Packages
Temperature Ranges:
– Commercial (0 degree C to +70 degree C)
Industrial (-40 degree C to +85 C)
The IC unlock Research Institute has long been specialized in providing SST series chip decryption services such as SST89E564RD microcontroller decryption. If customers have SST89E564RD microcontroller decryption requirements, please call our customer service hotline.