Photonic (UV) EPROM erase

EPROM/EEPROM/flash can be erased by shining UV light or x-rays into the surrounding oxide. This slightly oxidizes it, letting the floating gate to drain out.


Some chips with shielding against this type of attack can be bypassed by shining light at a sharp angle


Use nail polish or similar compound. Most materials will block UV, so just about anything will work. Nail polish tends to be easy to work with including application and (acetone) removal.

Use a fine point pipette for simple chips.

For finer masks, place the chip in a large bowl with a shallow layer of acetone at the bottom. This creates an acetone “shield gas” to prevent tools from drying out. Then put some nail polish on a single bristle (maybe held by tweezers) and it should not dry out, allowing you to paint it onto the die.

Non-invasive attacks

Violating design assumptions

Many systems have expectations that a piece of hardware will complete an operation in so long. For example, hardware may assume that an ADC will always complete within 100 ms. If evens are generated at 200 ms this normally might not be a problem. However, if one can find a way to stall the external hardware internal queues may overflow and result in unexpected states that can leak data or other vulnerabilities.

semi-invasive.txt · Last modified: 2018/02/25 04:15 by mcmaster
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki