From: jim bell <jimbell@pacifier.com>
To: cypherpunks@toad.com
Message Hash: ffc8b6f66fc7a0d33b9875cda5be0df5d220ff93c3b849e1f6bb6cd834630d17
Message ID: <199606151651.JAA22789@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-06-15 21:27:43 UTC
Raw Date: Sun, 16 Jun 1996 05:27:43 +0800
From: jim bell <jimbell@pacifier.com>
Date: Sun, 16 Jun 1996 05:27:43 +0800
To: cypherpunks@toad.com
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <199606151651.JAA22789@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:44 PM 6/14/96 -0400, Warren wrote:
>I have never paid much attention to the protection of firmware or the
>technical issues revolving around such schemes...was wondering:
>
>I recently saw an add for a UK based group that says they can take a PIC
>OTP micro and read the prom (for a fee, of course) - How the heck is this
>done?? I have my suspicion that they (somehow) magically peel off the
>ceramic coating (without destroying the chewy center), get a circuit mask
>and 'micro probe' the I/O of the IC...they then download the secret recipe
>to the afore mentioned 'chewy center'.
>
>Is this close to accurate?? How is it 'done' ???
While I have never come even close to needing to attempt this kind of thing,
long ago it occurred to me that if the "no read" bit was stored in a
programmable bit, and if the location of that bit was known or could be
identified, you could expose that particular bit through a tiny mask hole
and cause the part to be readable again. Locating that bit (assuming
there's just one) would be relatively simple: Take a test part, program it,
read-lock it, and then expose it to a VERY slowly sliding mask with UV
behind. Do this for both axes, to find the bit's location on the chip.
Jim Bell
jimbell@pacifier.com
Return to June 1996
Return to “jim bell <jimbell@pacifier.com>”
1996-06-15 (Sun, 16 Jun 1996 05:27:43 +0800) - Re: Fuseable Links - no guarantees?? - jim bell <jimbell@pacifier.com>