STM8L151K6T6 IC unlock

Posted by

At the request of our customers, our company’s chip declassified Center successfully cracked the battery protection board chip of millet 9 MINI balance vehicle, and STM8L151K6T6 IC unlock
We welcome customers with similar needs to contact us.
STM8L151K6T6 micro controller] specification parameters: core processor STM8 core size 8- bit speed 16MHz connectivity SPI, UART/USART peripherals under voltage detection / reset, DMA, IR, POR, PWM, WDT I/O number 30 program storage capacity (8) program memory type flash memory capacity 8 Pressure power supply (Vcc/Vdd) 1.8 V ~ 3.6 V data converter A/D 22x12b, D/A 1×12 oscillator type internal working temperature -40 [C ~ 85] C package / shell 32-LQFP.

IC unlock charge

Posted by

We often receive this kind of consultation. For a single chip microcomputer, we take the STC15 series chip as an example. Customer inquiries, whether the STC15 series microcontroller company can IC unlock how much the cost. The reply given by our company is: it can be done and the cost is 1.5W. The customer was surprised when he heard our offer, asked why we were so expensive, and the price of his product was only a few dozen yuan. In this case, I want to say that the IC unlock is the two development of the chip and the single chip computer program, the cost of the chip is not related to the value of the product itself.
Many times, even if it is just a small program within 10K, for our cracked, the cost is basically so much, nothing changed.
Many customers do not understand this, why only a few K small procedures still need to receive such a high cost. In fact, in the process of breaking the chip, we read the program through the FBI connection, and several K and several hundred pieces of K are the same cost as the same step for us, so the offer is also not much.

TMS320F MCU crack success

Posted by

My focus on chip reverse engineering is a project in the direction of MCU crack technology, which is based on MCU decryption, DSP decryption, CPLD chip decryption, ARM MCU crack and SCM software and hardware development.
The TMS320F28068M micro controller provides power supply for the C28x kernel and the parallel accelerator (CLA). The core technology is based on the TI C2000 as the basis for the in-depth study of the TMS320F28 series. The dspc2000 series micro controllers have been successfully MCU crack. Although the TMS320F28068M decryption is the latest product, the MCU crack technology is mature for the core technology and the decryption technology is mature. Under the circumstances, we can have more than 95% of the grasp, and can be equal, the decryption price is informed by the business personnel, the core and the CLA and low pin number devices of high integrated control peripherals to coupling. The code of this series is compatible with the previous C28x based code, and provides a high degree of analog integration.
An internal regulator realizes the operation of a single power supply rail. The HRPWM module has been improved to provide double edge control (FM). An analog comparator with internal 10 bit reference is added, and it can be directly routed to control PWM output. ADC can perform conversion operations within the fixed scale of 0V to 3.3V and support the metric scale VREFHI / VREFLO benchmark. The ADC interface is specifically optimized for low overhead / low latency.
Characteristic
High efficiency 32 bit CPU (TMS320C28x?)
90MHz (11.11ns periodic time)
16 x 16 and 32 x 32 medium access control (MAC) operation
16 x 16 double MAC
Harvard (Harvard) bus architecture
Continuous operation
Fast interruption response and processing
Unified memory programming model
High efficiency code (using C/C++ and assembly language)
floating point unit
Local single precision floating-point operation
Programmable parallel accelerator (CLA)
32 bit floating-point arithmetic accelerator
Code execution that is independent of the main CPU
Viterbi, complex arithmetic, cyclic redundancy check (CRC) unit (VCU)
Extend C28x? Instruction set to support complex multiplication, Viterbi operation, and cyclic redundancy check (CRC).
Embedded memory
Up to 256KB flash memory
Up to 100KB RAM
2KB one-time programmable (OTP) ROM
6 channel DMA
Low device and system cost
3.3 V single power supply
No power ordering
Integrated reset and undervoltage reduction
Low power operation mode
Non analog support pin
Byte order: small end order

DS28E01 IC unlock success

Posted by

Nowadays, more and more people are familiar with the decryption industry, engineers will pay more attention to the encryption of products, so many encryption chips on the market, such as ATSHA204 series, AT88 series, LKT4100 series, DS28E01 series, Korean ALPU series, TI BQ26100 Wait.
Our company focuses on the research of various encryption chips, the structure and assembly instructions of various singlechip, free disassembly, the successful cases of deciphering all kinds of encryption chips on the market. Recently, we have successfully IC unlock the DS28E01 chip, and welcome the customers to call for consultation.
A brief introduction to DS28E01:
DS28E01 communicate with MCU through 1 single buses. The single bus does not say much, and the time required is very strict, accurate to us level.
DS28E01 has four storage areas:
Data storage (EEPROM) (divided into 4 pages, 32 bytes per page).
Key memory (secret) (8 bytes)
Register pages containing specific functions and user bytes (register page)
Volatile register (scratchpad) (8 bytes)
MCU can read and write scratchpad only through single bus, but can not read and write other storage areas directly.
When writing data to the data memory, carrying the initial key or writing the data to the register page, the data is written to the register first, and then the IC unlock the data from the register to the destination address by the corresponding command.
Working principle:
There is a SHA-160 encryption module inside the chip, which participates in the data format of SHA algorithm in 55 byte format.
These data include 8 byte keys, 5 byte user specified random numbers, 32 byte EEPROM content, 7 byte ROMID, 2 byte fixed data (0xFF) and 1 byte EEPROM address TA1.
MCU can read the 20 byte hash value encrypted by the chip through SHA, and compare it with the hash value calculated by MCU itself through the same algorithm.
Since MCU wants to perform the same encryption operation, it must generate the 55 byte message exactly the same as the chip itself. How did it come from?
The 8 byte key is generated and written in itself. ->OK
The 5 byte random number is written to the register before the chip executes SHA. ->OK
The 32 byte EEPROM data will return the 32 byte content before the 20 byte hash value is read back. ->OK
7 bytes ROMID, you can read the ROMID. ->OK of the chip at any time.
2 bytes fixed value, see the handbook to know ->OK
1 bytes TA1, write it yourself. ->OK
Typical application process:
Process 1: initialize the DS28E01 key
The initialization key only operates in the factory before the product is produced, and only needs to be operated once.
Program flow:
1. read chip ROMID
2. generate a unique 64 bit key through a certain algorithm, ensuring that the keys generated by each motherboard are different.
3. write the key to the chip temporary storage area and read back to verify that the write is correct.
4. execute the chip loading key command, so that the chip saves the 64 bit key in the temporary storage area to the key storage area.
5. complete.
Process two: verify the DS28E01 key
The authentication key is carried out in the product application, and every time the product is started, it will verify the correctness of the DS28E01 key.
Validation is normal, and verification is incorrect, and the product is not working properly by certain means.
Program flow:
1. read chip ROMID
2. generate the 64 bit key through the same algorithm in the initialization process.
3. write 8 byte random numbers (only 5 bytes) to the chip temporary storage area, and read back the validation.
4. encrypting the authentication command to the chip, it can read back 32 byte EEPROM data and 20 byte hash value.
5. read data on top, generate 55 byte summary message, and perform SHA1 operations.
6. compare the calculated hash values with the hash values read from the chip.

ADUC7039 IC unlock success

Posted by

Flying star chip decryption center provides ADUC7039 IC unlock technology service, welcome to inquire.
ADuC7039 is a complete system solution for battery monitoring in 12V automotive electronic applications. It integrates all the necessary work energy for accurate intelligent monitoring, processing and diagnosis of 12 V battery parameters (such as battery current, voltage and temperature) under various working conditions.
Advantages and characteristics
High precision ADC
Dual channel, synchronous sampling, 16 bit sigma delta ADC
Programmable ADC throughput: 10 Hz to 1 kHz
5 ppm/ C reference voltage source in the chip
Current channel
Full differential and buffer input
Programmable gain
ADC input range: – 200 mV to +300 mV
Digital comparator, built-in current accumulator function
Voltage channel
Buffering and in chip attenuator are suitable for 12V battery input.
Temperature channel
External and internal temperature sensor scheme
Micro controller
ARM7TDMI-S kernel, 16/32 bit RISC architecture 20.48 MHz PLL on-chip precision oscillator
JTAG port support code download and debug
storage
64 kB Flash/EE memory option, 4 kB SRAM
Flash/EE durability: 10000 cycles, data retention time: 20 years.
Online download through JTAG and LIN
Internal and external settings
LIN 2.1 compatible slave machine
SPI
GPIO port
1 x universal timer
Wake-up and watchdog timer
On – chip power reduction

TMS320F28068M MCU crack success

Posted by

My focus on chip reverse engineering is a project in the direction of MCU crack technology, which is based on MCU decryption, DSP decryption, CPLD chip decryption, ARM MCU crack , and SCM software and hardware development.
TMS320F28068M micro controller provides power supply for C28x kernel and parallel accelerator (CLA). Flying star technology is based on TI C2000 for in-depth study of TMS320F28 series. It has been able to successfully MCU crack the dspc2000 series microcontrollers. TMS320F28068M decryption is the latest product, but for core technology and decryption technology In the case of mature, it can have more than 95% assurance, and can be equal, the decryption price is informed by the business personnel, the core and the CLA and low pin number devices of high integrated control peripherals to coupling. The code of this series is compatible with the previous C28x based code, and provides a high degree of analog integration.
An internal regulator realizes the operation of a single power supply rail. The HRPWM module has been improved to provide double edge control (FM). An analog comparator with internal 10 bit reference is added, and it can be directly routed to control PWM output. ADC can perform conversion operations within the fixed scale of 0V to 3.3V and support the metric scale VREFHI / VREFLO benchmark. The ADC interface is specifically optimized for low overhead / low latency.
Characteristic
High efficiency 32 bit CPU (TMS320C28x?)
90MHz (11.11ns periodic time)
16 x 16 and 32 x 32 medium access control (MAC) operation
16 x 16 double MAC
Harvard (Harvard) bus architecture
Continuous operation
Fast interruption response and processing
Unified memory programming model
High efficiency code (using C/C++ and assembly language)
floating point unit
Local single precision floating-point operation
Programmable parallel accelerator (CLA)
32 bit floating-point arithmetic accelerator
Code execution that is independent of the main CPU
Viterbi, complex arithmetic, cyclic redundancy check (CRC) unit (VCU)
Extend C28x? Instruction set to support complex multiplication, Viterbi operation, and cyclic redundancy check (CRC).
Embedded memory
Up to 256KB flash memory
Up to 100KB RAM
2KB one-time programmable (OTP) ROM
6 channel DMA
Low device and system cost
3.3 V single power supply
No power ordering
Integrated reset and undervoltage reduction
Low power operation mode
Non analog support pin
Byte order: small end order

STC IC unlock success

Posted by

STC ultra strong encryption performance has been selected by the majority of the development engineer. At present, all the IC unlock manufacturers on the market are unable to crack the STC15 series, and the STC15 chip decryption technology is also a technical monopoly. After a long time of technical research, our chip decryption center has successfully broken through the technical difficulties and can accept the STC full IC unlock service first.
At present, our company declassified STC series chips as follows: STC high version 8000-1.5 million, low version 1000 yuan. 15F series decryption only write the chip does not give the program. Write a sample deposit 60 thousand, pay 30 thousand yuan before the solution, write sample test OK pay the remaining 30 thousand yuan. The deposit has been deducted from the write down of the chip fee, and the decryption has not been completed successfully. All the payments have been made. The decryption is successful, no matter whether the chip is written or the number of chips written is not refundable.

DS28E01 IC unlock success

Posted by

Nowadays, more and more people are familiar with the IC unlock industry, engineers will pay more attention to the encryption of products, so many encryption chips on the market, such as ATSHA204 series, AT88 series, LKT4100 series, DS28E01 series, Korean ALPU series, TI BQ26100 Wait.
Our company focuses on the research of various encryption chips, the structure and assembly instructions of various singlechip, free disassembly, the successful cases of deciphering all kinds of encryption chips on the market. Recently, we have successfully cracked the DS28E01 chip, and welcome the customers to call for consultation.
A brief introduction to DS28E01:
DS28E01 communicate with MCU through 1 single buses. The single bus does not say much, and the time required is very strict, accurate to us level.
DS28E01 has four storage areas:
Data storage (EEPROM) (divided into 4 pages, 32 bytes per page).
Key memory (secret) (8 bytes)
Register pages containing specific functions and user bytes (register page)
Volatile register (scratchpad) (8 bytes)
MCU can read and write scratchpad only through single bus, but can not read and write other storage areas directly.
When writing data to the data memory, carrying the initial key or writing the data to the register page, the data is written to the register first, and then the chip copies the data from the register to the destination address by the corresponding command.
Working principle:
There is a SHA-160 encryption module inside the chip, which participates in the data format of SHA algorithm in 55 byte format.
These data include 8 byte keys, 5 byte user specified random numbers, 32 byte EEPROM content, 7 byte ROMID, 2 byte fixed data (0xFF) and 1 byte EEPROM address TA1.
MCU can read the 20 byte hash value encrypted by the chip through SHA, and compare it with the hash value calculated by MCU itself through the same algorithm.
Since MCU wants to perform the same encryption operation, it must generate the 55 byte message exactly the same as the chip itself. How did it come from?
The 8 byte key is generated and written in itself. ->OK
The 5 byte random number is written to the register before the chip executes SHA. ->OK
The 32 byte EEPROM data will return the 32 byte content before the 20 byte hash value is read back. ->OK
7 bytes ROMID, you can read the ROMID. ->OK of the chip at any time.
2 bytes fixed value, see the handbook to know ->OK
1 bytes TA1, write it yourself. ->OK
Typical application process:
Process 1: initialize the DS28E01 key
The initialization key only operates in the factory before the product is produced, and only needs to be operated once.
Program flow:
1. read chip ROMID
2. generate a unique 64 bit key through a certain algorithm, ensuring that the keys generated by each motherboard are different.
3. write the key to the chip temporary storage area and read back to verify that the write is correct.
4. execute the chip loading key command, so that the chip saves the 64 bit key in the temporary storage area to the key storage area.
5. complete.
Process two: verify the DS28E01 key
The authentication key is carried out in the product application, and every time the product is started, it will verify the correctness of the DS28E01 key.
Validation is normal, and verification is incorrect, and the product is not working properly by certain means.
Program flow:
1. read chip ROMID
2. generate the 64 bit key through the same algorithm in the initialization process.
3. write 8 byte random numbers (only 5 bytes) to the chip temporary storage area, and read back the validation.
4. encrypting the authentication command to the chip, it can read back 32 byte EEPROM data and 20 byte hash value.
5. read data on top, generate 55 byte summary message, and perform SHA1 operations.
6. compare the calculated hash values with the hash values read from the chip.

ADUC7039 IC unlock success

Posted by

Flying star IC unlock center provides ADUC7039 IC unlock technology service, welcome to inquire.
ADuC7039 is a complete system solution for battery monitoring in 12V automotive electronic applications. It integrates all the necessary work energy for accurate intelligent monitoring, processing and diagnosis of 12 V battery parameters (such as battery current, voltage and temperature) under various working conditions.
Advantages and characteristics
High precision ADC
Dual channel, synchronous sampling, 16 bit sigma delta ADC
Programmable ADC throughput: 10 Hz to 1 kHz
5 ppm/ C reference voltage source in the chip
Current channel
Full differential and buffer input
Programmable gain
ADC input range: – 200 mV to +300 mV
Digital comparator, built-in current accumulator function
Voltage channel
Buffering and in chip attenuator are suitable for 12V battery input.
Temperature channel
External and internal temperature sensor scheme
Micro controller
ARM7TDMI-S kernel, 16/32 bit RISC architecture 20.48 MHz PLL on-chip precision oscillator
JTAG port support code download and debug
storage
64 kB Flash/EE memory option, 4 kB SRAM
Flash/EE durability: 10000 cycles, data retention time: 20 years.
Online download through JTAG and LIN
Internal and external settings
LIN 2.1 compatible slave machine
SPI
GPIO port
1 x universal timer
Wake-up and watchdog timer
On – chip power reduction

About PCB clone

Posted by

In the face of complex code and high development costs, how can we break through foreign technology monopolies, chip decryption and PCB clone is the best choice? The answer is, of course, chip decryption and PCB clone cloning.
From the current level of domestic technology development, a little bit of technological breakthrough, not only in human and material resources, but also requires a long time. So most of the current domestic routes are first COPY (that is, the so-called chip decryption and copying board), and then according to the extraction. The technical data were developed for two times. This greatly saved the capital and time, to a large extent, promoted the development of domestic technology and broke the monopoly of foreign technology.
As a window to China’s reform and development, Shenzhen has been rising rapidly for thirty years with its inherent conditions and unique geographical location. As the birthplace of the chip decryption and PCB clone industry, Shenzhen has made good progress in chip decryption and copy board technology in Shenzhen.