chip decryption process

Posted by

Uncovering chip package
The first step in invasive attack is to unwrap chip packages (for short, “open” sometimes called “Kaifeng”, English as “DECAP”, decapsulation).
There are two ways to achieve this goal:
The first is to completely dissolve the chip package and expose the metal connection.
The second one is to remove the plastic package on the silicon core only.
The first method needs to bind the chip to the test fixture and operate with the binding table; the second methods need personal intelligence and patience in addition to the knowledge and the necessary skills of the attacker, but it is relatively convenient to operate in a complete family.
The plastic on the chip can be opened with a knife, and the epoxy resin around the chip can be corroded with concentrated nitric acid. Hot concentrated nitric acid will dissolve the chip package without affecting the chip and wiring. This process is usually carried out under very dry conditions, because the presence of water may corrode exposed aluminum connections (which may result in decryption failure).
Cleaning chip
1. then wash the chip with acetone to remove residual nitric acid and immerse it in the ultrasonic tank.
2. find the position of protective fuse and destroy
3. the last step is to find the location of the fuse protection and expose the protective fuse to ultraviolet light. A microscope with a magnification of at least 100 times is usually used to track the protection fuse from the input line of the programmed voltage input. Without a microscope, a simple search is carried out by exposing different parts of the chip to ultraviolet light and observing the results. Opaque sheets are used to cover the chip during operation to protect program memory from ultraviolet light. The protection of protective fuse can be destroyed by exposing the protective fuse to the ultraviolet light for 5~10 minutes. After that, the content of the program memory can be read directly by a simple programmer.
It is not feasible to use ultraviolet light reset protection circuit to protect the EEPROM unit using a protective layer. For this type of MCU, micro probe technology is usually used to read memory contents. After the chip package is opened, the chip can be placed under the microscope, and it is easy to find the data bus connected to other parts of the circuit. For some reason, chip lock positioning does not lock access to memory in programming mode. With this defect, the probe can be placed on the data line to read all the desired data. In programming mode, restart the read process and connect the probe to another data line, you can read all the information in the program and data storage.
Destruction of protective fuse with microscope and laser cutting machine
Another possible means of attack is to find protective fuse by means of a microscope and laser cutting machine, so as to find all the signal lines associated with this part of the circuit. Because the design is defective, the whole protection function can be prohibited by cutting off a signal line from protective fuse to other circuits (or cutting out the entire encryption circuit) or connecting 1~3 gold lines (usually called FIB:focused ion beam), so that a simple compiler can be used directly to read the inside of the program memory. Yes.
Although most common singlechip has the function of fuse burning to protect the internal code of the single chip microcomputer, the single chip microcomputer is not located in the production of safety products. Therefore, they often do not provide targeted precautions and low security level. With a wide range of applications, large sales volume, large volume of sales, frequent entrustment and technology transfer among manufacturers, a large number of technical data have gone out, making use of the design vulnerabilities of this type of chip and the testing interface of the manufacturers, and reading the internal programs of the single chip computer by modifying the fuse protection bit and other intrusive attack or non intrusive attack batter. It becomes easier.

HOLTEK HT46R01A MCU crack

Posted by

HT46R01A and HT48R01A are the eight bit 10-Pin microcontroller series newly developed by HOLTEK semiconductor. Hetai HT46R01A Series MCU includes HT46R01A1, HT46R01A2 and HT46R01A3. Hetai HT48R01A Series MCU includes HT48R01A1, HT48R01A2 and HT48R01A3.
HT46R01A MCU crack  and HT48R01A single-chip decryption technology mature, HT46R01A1, HT46R01A2, HT46R01A3, HT48R01A1, HT48R01A2 and HT48R01A3 MCU crack  success rate 100%. If you have HT46R01A1, HT46R01A2, HT46R01A3, HT48R01A1, HT48R01A2, HT48R01A3 chip decryption or other HT MCU crack  needs.
HT46R01A and HT48R01A have ROM 1K x 14, RAM 64 Bytes, I/O up to 8 ports, Stack number 4-level, built 8 bit bit. In addition, this series provides a RTC Timer, an external interrupt trigger, a Buzzer hardware output, and a three stage low voltage reset (LVR), which provides a package of 10-Pin MSOP in packaging. Among them, HT46R01A provides 4 channels 8-bit A/D and 1 sets of 8-bit PWM. Its highly integrated architecture provides users with a cost-effective solution.
HT46R01A and HT48R01A provide Crystal, ERC (External R.C.), IRC (Internal R.C.) and 32kHz RTC collocation IRC and so on. The four oscillating circuits choose to produce system frequency. Among them, IRC oscillator circuit can choose 4MHz, 8MHz and 12MHz. It is worth mentioning that the IRC oscillator circuit is internally corrected, and the oscillation frequency error is less than 5% in the full working voltage range.
This series of products is characterized by small package and complete functions. The size of the 10-Pin MSOP package is 3mm x 3mm, which is smaller than that of the 8-Pin DIP/SOP package, making this series of microcontroller suitable for product applications with limited space. Low cost, low power consumption, high efficiency, and multi-functional composite I/O can be used for HT48R01A and HT46R01A to be applied to very diverse products and various fields that have not been thought of in the past.
The new version HT48R01A and HT46R01A are compatible with the old HT48R01 and HT46R01 feet, and PCB boards can be shared. In addition to increasing the PA7 Wakeup function, the new version, when selecting the RC oscillating circuit to produce the system frequency, the system wakeup after the fastest time is the fastest two system clock, greatly improving the efficiency and reducing power consumption. It should be noted that due to the difference between the new and old version of Option Table, the program needs to be recompiled if it is to be converted from the old version to the new version. The functions of HT48R01A and HT46R01A include HT48R01 and HT46R01, which will replace the old ones in the future, and will become the main products of this series in the future.
Chip decryption center HT46R01A MCU crack  and other Hetai HOLTEK MCU crack  scheme mature, the success rate of 100%.
Note: HT46R01A single chip decryption and HT48R01A chip decryption preferably provide 2 master pieces and several empty pieces.

AVR ATMEGA88PA MCU crack

Posted by

ATMEGA88PA is a 8 bit AVR microcontroller with programmable FLASH in 8K byte system. The decryption scheme of ATMEGA88PA MCU is mature, which ensures that ATMEGA88PA MCU crack is completed within a few hours, and the success rate of MCU crack is 100%.
ATMEGA88PA is a new version of AVR microcontroller.   MCU crack  is more difficult than ATMEGA88 chip decryption and ATMEGA88V MCU crack.
Characteristic analysis of ATMEGA88PA:
High performance, low power 8 bit AVR microsatellite
Advanced RISC architecture
– 131 instructions – most of them are executed in a single clock cycle.
– 32*8 general work register
– all static work
– up to 20 MIPS throughput at 20 MHz
– on – chip 2 – cycle multiplier
High durability, nonvolatile memory segment
– 8K byte in system programmable Flash (www.fpsb.org) memory (ATMEGA88PA)
– 512 bytes of EEPROM (ATMEGA88PA)
– 1K bytes in – chip SRAM (ATMEGA88PA)
– write / erase times: 10000 times, 000 EEPROM
– data storage: 20 years at 85 C/100 in 25 degrees C (1)
– optional boot with independent lock location code segment, boot program on system programming, real simultaneous read and write operation.
– programming software security lock
• peripherals
– two 8 bit timer / counter with independent prescalers and comparison mode.
– 1 16 bit timer / counter with independent prescalers, comparison mode, and capture mode.
– a real time counter with an independent oscillator
– 6 PWM channels
– 8 Channel 10 bit ADC temperature measurement in TQFP and QFN / MLF packages
– 6 channel 10 bit ADC pin PDIP package temperature measurement
– programmable serial USART
– Master / slave mode SPI serial interface
– byte oriented two wire serial interface (PHILPS I2C compatible)
– a Programmable Watchdog Timer with independent on-chip oscillator.
– on – chip analog comparator
– interrupt and wake-up pin level changes
Special processor features
– power reduction and programmable power down detection
– internal calibration oscillator.
– external and internal interruption sources
– 6 sleep modes: idle mode, ADC noise suppression, power saving, power down, standby, extended Standby
• I/ O and encapsulation
– 23 programmable I / O line
– 28 pin PDIP, 32 pin TQFP package, 28 pads QFN / MLF, and 32 pin QFN / MLF
• working voltage: 1.8 – 5.5V ATMEGA88PA
Temperature range: 40 C to 85 C.
Speed level: 0-20 MHz@1.8 – 5.5V
The low power frequency is 1 MHz, 1.8V and 25 degree C are ATMEGA88PA:
– normal mode: 0.2 mA
– power off mode: 0.1 mu A
– power saving mode: 0.75 mu A (including 32 kHz RTC)

Nuvoton W78E052DFG MCU crack

Posted by

We have successfully cracked the W78E052DFG . It is now facing the customers at home and abroad to decrypt the W78E052D chip and other Nuvoton MCU crack, the Winbond MCU crack, the Winbond chip program extraction service.
W78E052D overview:
W78E052D is a 8 bit microcontroller that can accommodate a wider frequency range at low power consumption. The instruction of the W78E052D series microcontroller is fully compatible with the standard 8051 instruction.
The W78E052D contains the 8K byte Flash ROM for the update loader, 256 byte RAM, 4 8 bit two-way (P0, P1, P2, P3), a bit addressable I / O port, an additional 4 bit I / aperture, three 16 bit timer / counter, a hardware watchdog timer and serial port. These peripherals support the 8 source and 4 level interrupts. In order to facilitate programming and verification, flash memory EPROM W78E054D/W78E052D/W78E051D series allows program memory to program and read electronic. Once the code is verified, the user can protect the code’s security.
W78E052D features:
– 8 bit CMOS microcontrollers for all static design
• optional 12T or 6T mode
The 12T mode operates on every 12 clock machine cycles (default) at speeds up to 40 MHz/5V.
6T mode, each machine cycle is operated by a writer, and the clock speed can reach 20 MHz/5V.
Wide power supply voltage from 2.4V to 5.5V
Temperature level (-40 C ~ 85 C)
Pin and instruction set compatibility with MCS-51
• 256 bytes of RAM on chip
16K/8K/4K byte of erasable / programmable flash EPROM
2K byte LDROM supports ISP function (refer to application notes)
• 64KB program memory address space
• 64KB data memory address space
• 4 8 bit two-way ports
• 8 sources, level 4 interruption capacity
An additional 4 bit addressable I / O port, with additional INT2/ INT3 (PQFP, PLCC and
LQFP packaging)
• 3 16 bit timer / counter
• a full duplex serial port
• watchdog timer
• reducing the EMI pattern
• software reset
Built in power management idle mode and power down mode.
• code protection
• encapsulation:
W78E052DDG DIP-40 Pin -40oC~85oC
W78E052DPG PLCC-44 Pin -40oC~85oC
W78E052DFG PQFP-44 Pin -40oC~85oC
W78E052DLG LQFP-48 Pin -40oC~85oC
W78E052DFG chip decryption is only the simplest one in the research results of Nuvoton MCU crack, more can decipher the new Tang single chip model continuously update, if you have the Nuvoton MCU crack needs.

MK7A23P MCU crack

Posted by

Flying star exclusively provides Taiwan core MIKKON MCU crack, whether packaged or bound, we can successfully complete MCU crack.
Core MIKKON chip applications: home appliance control, computer peripheral, electromagnetic furnace, all kinds of charger, mobile power, UPS power, electric kettle, electric cooker, rice cooker, LED, toy, remote control, LCD electronic clock, calendar, treatment instrument, air conditioner remote control, game machine, USB sound card, USB small digital photo frame, U disk, card reader and so on The speed of data transmission requires faster products and so on.
Because of its high performance, low price and compatibility with multi brand IC pins, the core microcontroller is widely used. Therefore, there is more and more demand for core MIKKON MCU crack in the market. Hua Lan technology has obtained the core decryption MIKKON MCU crack  scheme through in-depth technical research. Now we provide exclusively Taiwan core MCU crack, MIKKON MCU crack.
Flying star Taiwan core Rui MIKKON chip has high success rate and low price.
Core Rui 8 bit microcontroller model:
MK7A10P (compatible with EM78P153/156/447/SN8P2501/PIC12C508/54/57);
MK7A20P (compatible with PIC16F57/EM78P447);
MK6A20P;
MK6A12DP;
Core Rui 8 bit ADC micro controller model:
MK7A21P (compatible with HT46R47);
MK7A22P (compatible with S3F9454);
MK7A23P (compatible with S3F9454);
MK7A25P;
Core Rui 8 bit LCD micro controller model:
MK9A35P (compatible with EM78P468);
MK9A50P;
MK9A80P;
MK9A160P;
Core USB controller model:
MK8A03BP (compatible with HT82A523R, EM78P680);

ATMEGA103 MCU crack

Posted by

ATMEGA103 uses the latest Flying star encryption mechanism to program the lock location to protect the safety of self programming data, and the encryption performance is very strong.
In view of the wide demand in the domestic market, MCU  crack ses advanced technology and equipment to decrypt the chip of ATMEGA103. The fastest 3 hours will be deciphered to you, even if it is not urgent, the ATMEGA103 can be deciphered in accordance with the general speed.
Flying Star Electronic processing provides the decryption of ATMEGA103 chips, and also provides agent sales for these ATMEGA103.
Flying star also provides the following MCU crack:
ATMEGA48PV, ATMEGA168P, ATMEGA168PA, ATMEGA168A, ATMEGA168PV, atmega88pv, ATMEGA169, ATMEGA169V, ATTINY4313, ATTINY4313A, ATMEGA1280, ATMEGA1280V. 169PA, attiny88v, ATTINY88, ATTINY48, ATTINY48, ATTINY48A, ATTINY48V, AT90S8515, AT90LS8515, AT90S8535, at90ls8535, ATTINY2313A. 24, ATMEGA324V, ATMEGA164P, ATMEGA164PA, ATMEGA164PV, ATMEGA165, ATMEGAL165V, ATMEGA165P, ATMEGA165PA, ATMEGA325, ATMEGA325P, ATMEGA328P, ATMEGA329. GA3250P, ATMEGA3250PV, ATMEGA3250V, ATMEGA3290PV, ATMEGA3290V, ATMEGA406, ATMEGA644, ATMEGA644P, ATMEGA644PA, ATMEGA644A, ATMEGA644PV, ATMEGA644V. L, ATMEGA640, ATMEGA640V, ATTINY24A, ATTINY44A, ATTINY84A, ATTINY25A, ATTINY45A, ATTINY85A, ATtiny28L, ATtiny28V, ATtiny40. ATMEGA32M1, ATMEGA64M1, ATMEGA8U2, ATMEGA32U2, ATMEGA16U2, ATMEGA128RFA1, ATMEGA128RFR2, ATMEGA16HVA, ATMEGA16HVB, ATMEGA16U4, ATMEGA256RFR2. 7, AT90USB646, AT90USB647, AT90USB82, ATxmega128A1, ATxmega128A1U, ATxmega128A3

BS83B12A/BS83C16 MCU crack

Posted by

The company is located in the Hsinchu science and Industry Park. Its sales network is all over the world’s major countries and regions. In order to develop and innovate in Taiwan, sales service is the model of the whole world. The company’s product strategy has always focused on the “MCU” and the micro controller (MCU Peripherals) as the main axis of development, constantly playing and establishing the image of the MCU professional company, and expanding the application and service levels of MCU to create more space for development. At present, the range of semiconductor products includes universal and special type microcontrollers (MCU). In addition to general applications, it covers various fields such as voice, communication, computer peripherals, household appliances, medical care, vehicle and safety monitoring, and provides various peripheral components such as power management and non-volatile memory. The goal is to provide customers with more functional and complete solutions for product development.
The old version of HOLTEK MCU, such as HT48R06a-1, is easy MCU crack. It can be solved in 30 minutes.
HT48R063, HT48R064, HT48R065, HT48R066, HT48R067, HT48R06662, HT46R064, HT46R065, HT46R066, HT46R067, HT46R06662, HT48R01C, HT46R067, etc. The way to encrypt the fuse position to the middle of the data area and do not support the third party tool to read the burning options configuration, making encryption very difficult.

IC unlock process

Posted by

1. confirm that you need to decrypt the model within the scope of the if we can IC unlock
2. express or send 1~3 pieces of mother film. (it is recommended to use Shun Feng express, important chip recommends the use of premium service; it is recommended to first refer to “IC unlock common problems”, to understand the problems you will encounter in the process of deciphering, to avoid the later troubles and misunderstandings)
3 talk about the total price, sign the contract, and advance the deposit
4 complete the IC unlock within the specified time, and provide 2 samples to the customer test.
(if you provide N chips, we will provide N+1 samples).
5 customer sample test after passing through the IC unlock.
6 provide BIN (HEX, JED, POF, SOF, OTP, S19 or CDS, etc.) to burn files (or machine language, machine code) to customers.
Special case: the possibility of decryption is more than 99%, if the decryption fails, the deposit will be refunded.

IC unlock and MCU crack teaching material sale

Posted by

1) a unit or individual engaged in the research of encryption and IC unlock of single chip microcomputer.
2) the salesman or agent engaged in the decryption of the single chip computer
3) engaged in LAYOUT encryption part of the development of designers.
Be careful:
1) the price of all information is $200, not counter-offer, all must be paid first or shipped or delivered at first hand.
2) all information is about 150M.
3) all the information we provide, we can guarantee the authenticity, but not the core technology. Through this information, you can understand the principle of decryption, the basic methods, and you can complete the IC unlock according to the information we provide and the equipment technology you purchased us, but if you can and supply it, you can supply it. Business is negotiated on price and we do not undertake any responsibility.
4) our company declassified process: MCU crack technology hints, part of the decryption knowledge you can refer to: MCU crack common methods and countermeasures.
5) we do not provide details about the content of the information before payment.
6) if you do not buy information, but you want to buy our decryption scheme directly (the core technology of the MCU crack, you can complete the decryption independently), please refer to our decryption scheme.
The information includes the contents:
1) many English papers and the original text about encryption and MCU crack of single-chip computer (about 30M, a total of 21 articles, most of the English materials, part of our own summary of information), through these data, if you understand English, careful study and study, you can completely study a lot of MCU crack methods.
Now, we will extract some of the contents of some of the articles (about 12M). The following is a partial translation. The article contains 144 pages and contains a lot of practical pictures.
Catalog:
1 Introduction 8
1.1 before the work and knowledge.
1.2 the subject of hardware security.
1.3 an overview of power.
2 background. It………17
2.1 the safe development of silicon chip.
2.1.1 memory type.
2.1.2 type of security protection…34.
2.2 developers and attackers.
2.3 failure analysis technology.
3 attack technology.
3.1 introduction.
3.1.1 protection level…44.
3.1.2 attack type.
3.1.3 attacks scenarios….. 47
3.2 non invasive attacks.. 48.
3.3 invasive attacks.
3.4 Semi- intrusive attack.
4 non intrusive….52
4.1 unheard of Safety…
4.2 the time of attack.
4.3 brute force attack.
4.4 analysis of power supply.
4.5 Glitch attack.
4.5.1 clock glitches.,…60
4.5.2 power glitches.,…61
4.6 the remainder of the data….,… 62.
4.6.1 remainder at SRAM low temperature data.
4.6.2 data remaining in nonvolatile memory… 66
4.6.3 requires reliable data deleting from memory… 72
5 invasive attacks.. 73.
5.1 simple preparation.
5.1.1 open….. 74.
5.1.2 Deprocessing.. 77.
5.2 reverse engineering.
5.2.1……… 80.
5.2.2 program……… 81.
5.3 microprobe.
5.3.1 laser cutting.
5.3.2 FIB workstation. 86.
5.4 the chip is modified.
6 Semi- intrusive attack.
6.1 UV attack.
6.1.1 found the location of safety protection… 90.
6.1.2 attack.. 91.
6.1.3 EEPROM and Flash questions. 92.
6.2 Backside imaging…… 93.
6.3 optical probe…. 95.
6.3.1 laser scanning. 97.
The logical states of…,……… 98. 6.3.2 CMOS.
6.4.100,…
6.4.1 Changing……….100. SRAM.
6.4.2 Non-volatile memory contents….104.
6.5 simulation attacks…..105
6.5.1 Modelling the logic…….106.
6.5.2 Modelling the fault…….107.
7 hardware security analysis 110
7.1 Evolution against UV…….110.
7.2 Semi-invasive analysis of different security………..112.
7.2.1 Using laser scanning technique….112..112.
7.2.2 Using fault injection technique….113..113.
8 anti crack technology 115
8.1 Unmarking, remarking……….

How to unlock MCU

Posted by

How to unlock MCU usually has internal program area and data area (or one) for users to store program and work data (or one). In order to prevent the program from being taught or copied to the microcontroller, most of the MCU is equipped with encryption lock to locate or encrypt bytes to protect the program in the chip. If the encryption lock location is enabled (locked) in programming, it is impossible to use ordinary programmer to read the program directly in the microcontroller, which is called How to unlock MCU.
With the help of special equipment or self-made equipment, the singlechip attacker uses the chip microprocessor chip to exploit the flaw or the software defect. Through a variety of technical means, the key information can be extracted from the chip, which is called How to unlock MCU. Singlechip decryption is called single chip computer decryption, chip decryption, IC decryption, but this is strictly speaking of these names are not scientific, but has become a custom call, we CPLD decryption, DSP decryption are used to be called single chip decryption. SCM is just one of the classes that can load program chips. The chip that can burn program and encrypt it also has DSP, CPLD, PLD, AVR, ARM and so on. Of course, memory chips with storage functions can be encrypted, such as DS2401 DS2501 AT88S0104 DM2602 AT88SC0104D, etc., and there are also functional chips specially designed for encryption algorithms for professional encryption or design verification of factory code, which can achieve the purpose of preventing electronic products from copying.
1. the main methods of decryption at present are as follows:
(1) software attack
The technology usually uses processor communication interface and attacks by using protocol, encryption algorithm or security vulnerabilities in these algorithms. A typical example of successful software attack is the attack on early ATMEL AT89C51 series singlechip. The attacker uses the loophole in the sequence design of this series of SCM erasing operation, and uses the self compiled program to erase the operation of the program memory data in the next step after erasing the encrypted lock, so that the overdense single chip microcomputer is turned into a single chip that is not encrypted, and then the program is read out by the programmer.
At present, on the basis How to unlock MCU, some devices can be developed to do software attack with certain software.
At present, a 51 How to unlock MCU device (Shanghai Electronics is sold). This decryption device mainly aims at the loopholes in the production process of SyncMos and Winbond. It uses some programmers to locate the byte and find out whether there is continuous space in the chip by a certain method, that is to find the continuous FF FF bytes in the chip and the bytes inserted in the chip. It is enough to execute programs that send programs inside the chip to the off chip, and then intercept them with decrypted devices, so that the internal program of the chip is decrypted.
(2) electronic detection attack
The technology usually monitors the analog characteristics of all power and interface connections at the time of normal operation with high time resolution, and implements attacks by monitoring its electromagnetic radiation characteristics. Because the single chip microcomputer is an active electronic device, How to unlock MCU,when it executes different instructions, the corresponding power consumption is correspondingly changed. By using special electronic measuring instruments and mathematical statistical methods to analyze and detect these changes, we can get the specific key information in the microcontroller.
How to unlock MCU,At present, the RF programmer can read out the old program in the encrypted MCU directly.
(3) fault generation technology
The technology uses abnormal working conditions to make processor errors, and then provides additional access to attack. The most widely used means of attack include voltage impact and clock impact. Low voltage and high voltage attacks can be used to prohibit protection of circuits or force processors to perform erroneous operations. Clock transient hopping may reset the protection circuit without damaging the protected information. How to unlock MCU,The transient hopping of power and clock can affect the decoding and execution of single instruction in some processors.
(4) probe technique
The technology directly exposes the internal wiring of the chip, then observes, controls and interferes with How to unlock MCU to achieve the purpose of attack.
For the sake of convenience, the above four attack techniques are divided into two categories, one type of intrusive attack (physical attack), which requires destruction of encapsulation, and then with the aid of semiconductor testing equipment, microscopes and microlocators, How to unlock MCU,it takes hours or even weeks in a specialized laboratory to complete. All microprobe techniques are invasive. The other three methods are non intrusive attacks, and the attacking singlechip will not be physically damaged. In some cases, non intrusive attacks are particularly dangerous because the equipment needed for non intrusive attacks is usually self-made and upgraded, so it is very cheap.
Most non intrusive attacks require attackers to have good knowledge of processor and software. On the contrary, intrusive probe attacks do not require much initial knowledge, and usually use a complete set of similar technologies to deal with wide range products. As a result, attacks on singlechip often start from intrusive reverse engineering, and accumulated experience helps to develop cheaper and faster non intrusive attack technologies.
The general process of decryption of 2. intrusive Singlechip
How to unlock MCU ,The first step in invasive attack is to unwrap chip packages (for short, “open” sometimes called “Kaifeng”, English as “DECAP”, decapsulation). There are two ways to achieve this goal: the first is to completely dissolve the chip package and expose the metal connection. The second is the plastic package that is only removed from the silicon core