【正文】 usually a high time resolution to monitor the processor during normal operation of all power and interface simulation features, and by monitoring the electromagic radiation characteristics of it to attack. Because SCM is an active electronic device, when it executes a different mand, the corresponding changes in the power consumption accordingly. This through the use of special electronic measuring instruments and mathematical statistical analysis and detection of these changes, you can access key information specific microcontroller. (3) fault generation technology Abnormal working conditions of the technology used to make the processor errors, and provide additional access to attack. Produce the most widely used means of attack, including the fault of the impact and the clock voltage shock. Low voltage and high voltage protection circuit attack can be used to prohibit the work of processor execution errors or enforcement action. Clock transition may reset the transient protection circuit will not damage the protected information. Power and clock transients transition effects in certain singleprocessor instruction decoding and execution. (4) probe This technology is directly exposed to chip connection, and then observe, manipulate, interfere with single chip to achieve the attack purpose. For convenience, these four people will attack techniques are divided into two categories is the intrusion type attack (physical attack), such attack requires destruction of package, then use semiconductor test equipment, microscopes and micropositioning device, in a special laboratory spend hours or even weeks to plete. All of the microprobe techniques are invasive type attack. The other three methods are noninvasive type attack, attack the MCU will not be physical damage. In some cases, noninvasivetype attacks are particularly dangerous, but because of noninvasive type attacks can usually be made and the necessary equipment to upgrade, so it is cheap. Most noninvasive type attack requires the attacker have a good knowledge of processors and software knowledge. In contrast, the invasive type of probe do not need too much of the initial attack of knowledge, and usually a set of similar technology available to deal with a wide range of products MCU general process of invasiontype attack Invasive type of attack is thrown off its first chip package. There are two ways to achieve this goal: the first one is pletely dissolved out chip package, exposed metal connections. The second is only removed to the top of the plastic package silicon core. The first method is the need to bind to the test fixture on the chip, using bind Taiwan to operate. The second method requires the attacker in addition to a certain degree of knowledge and necessary skills, but also the wisdom and patience, but operate relatively easy. Above the plastic chips can be opened with a knife, epoxy around the chip can be eroded by concentrated nitric acid. Hot concentrated nitric acid will dissolve out without affecting the chip, chip packaging and connection. This process usually very dry conditions, because the presence of water may erode the aluminum wire connections have been exposed. Then, in ultrasonic cleaning of the pool first chip with acetone to remove residual nitric acid, then washed with water to remove salt and dried. No ultrasound pool, are generally skip this step. This case, the chip surface, a bit dirty, but do not affect the operation of UV effects on the chip. The final step is to find the location of the protection fuse and fuse protection under exposure to UV light. General use at least a 100 times magnification microscope, from the programming voltage input pin of the connection tracking in, to find protection fuse. If there is no microscope, the use of different parts of the chip is exposed to ultraviolet light and observe the results under the simple search mode. Operation applied opaque paper cover to protect the program memory chips are not erased by ultraviolet light. Will protect the fuse exposed under UV light 5 to 10 minutes to destroy the protection bit of the protective effect, use a simple programmer can directly read the contents of program memory. The use of the protective layer to protect the MCU EEPROM cell, using ultraviolet light reset protection circuit is not feasible. For this type of MCU, the general use of microprobe technology to read the memory contents. In the chip package is opened, the chip placed under the microscope can easily find from the memory circuit connected to other parts of the data bus. For some reason, the chip lockbit programming mode is not locked in the memory of the visit. Advantage of this flaw on the data lines to probe the above data can be read all you want. In programming mode, restart the process of reading and connect probe to the other data can be read online program and data memory, all of the information. There is also a possible means of attack is the use of microscopy and laser cutting machines and other equipment to find the fuse protection to this part of the circuit tracing and linking all the signal lines. Because of the design defects, so long as cut off from other circuit protection fuse to a one signal line, you can ban the entire protection. For some reason, this thread is very far from the other line, so the use of laser cutting machine can cut the wire without affecting the adjacent line. In this way, using a simple programmer can directly read the contents of program memory. Although the most mon single chip microcontroller has fuse blown inside the code protection features, but because of general lowend MCU is not positioning the production of safe products, so they often do not provide targeted preventive measures and the low level of s