First step：thrown off IC chip package
IC Hack first step is thrown off IC chip package (referred to as “DECAP”,
There are two ways to achieve this purpose: one is completely dissolved IC chip
package, expose metal wires connections. The other one is only removed the plastic
package on top of the silicon-core. The first method requires the IC chip to be
binded on the test fixture and then proceed to operate. The second method requires
IC attacker has certain degree of knowledge and the necessary skills, moreover,
personal wisdom and patience are critical, but the operation process is relatively
easier to complete even in your own house.
The plastic cover on top of IC chip can be opened with a knife, epoxy resin around
the chip can be etched away with concentrated nitric acid. Hot concentrated nitric
acid will dissolve out of the plastic cover of IC chip package without affecting the
metal connection and IC chip. The process generally should be operated in a very dry
conditions, because the presence of water could erode the exposed aluminum wire
connections (which may cause ic decryption failures).
Second step：remove residual nitric acid, and soaking
Then, IC breaker should use acetone to wash IC chip in ultrasonic cleaning the pool
in order to remove residual nitric acid, and soaking.
Third step:find the location of the protection fuse and expose it
The final step is to find the location of the protection fuse and expose it under the
UV light. Usually with a microscope with magnification of at least 100 times, follow
up from the connections of programming voltage input pin to find protection fuse. If
without microscope, a simple way can be taken for the purpose of search by expose
different parts of IC chip under the UV light. Opaque paper should be used to cover
IC chip in order to protect the program memory won’t be erased by ultraviolet light.
The effect of the protection location will be eliminated after the protecting fuse
being exposed to UV light for 5 to 10 minutes, afterwards, using a simple programmer
can directly read the contents of program memory.