Microcontroller Unlock Introduction

Microcontroller Unlock need to execute in a relative safe and reliable environment, academic experts and designer always try to figure out the more secure their microcontroller away from unlock. Sometimes, there will be no programmable interface on the microcontroller and can’t read or write data from the memorizer when unlock it.

It is usually being applied on the mask ROM microcontroller or smartcard. In terms of this protection, practical microcontroller unlocking method such as microprobe to detect the data from data bus or use power analysis microcontroller unlock method and noise unlock microcontroller. When the microcontroller being programmed without any read-back information, only validation and inspection process, it can provide relative higher security level. Definitely, it need to operate the microcontroller unlock compulsorily and avoid the attacker check the system one bit by one bit.

Most of the microcontroller has one or more security fuse to control the read and write functions on the memorizer. This fuse can be realized through hardware or software. Software method is store the password in the memorizer or choose an specific memorizer as security fuse. For example, in the MC68HC908 series, need to use password to protect the microcontroller. MC68HC705B series security fuse located on the first bit of EEPROM data with high protection level against microcontroller unlock. Because it is quite difficult to find the security fuse location and password then reset. At the same time, microcontroller unlock attacker will try to use noise attack to bypass the security inspection or use power analysis to inspect if the password is correct or not.

