Latest Post

Good electronics Book Notes Tutorials

  1. Power Electronics Notes by ArunKumar
  2. ECE-VII-OPTICAL FIBER COMMUNICATION [10EC72]
  3. ECE-VII-EMBEDDED SYSTEM DESIGN 10EC74 -NOTES_1450341942484_1450360316731
  4. ECE-VII-DSP ALGORITHMS ARCHITECTURE 10EC751 -NOTES
  5. ece-vi-satellite-communications-10ec662-notes
  6. ECE-VI-OPERATING SYSTEMS 10EC65 -NOTES
  7. ece-vi-antennas-and-propagation-10ec64-notes
  8. ECE-VI-ANTENNAS AND PROPAGATION 10EC64 -NOTES
  9. EC2353 notesDigital Communication
  10. Antennas and Radiowave Propagation -Collin
  11. Prentice.The.Intel.Microprocessors.8th.Edition.0135026458
  12. advanced_communication_lab-1
  13. microprocessor-8086-lab-mannual
  14. CSE-IV-MICROPROCESSORS 10CS45 -NOTES(2)
  15. ORGANISING & STAFFING
  16. MANAGEMENT & ENTREPRENEURSHIP
  17. AN INTRODUCTION TO RADAR
  18. MANAGEMENT & ENTREPRENEURSHIP
  19. Microwave Devices and Circuits (samuel Liao)
  20. editable_Digital_Signal_Processing_Principles_Algorithms_and_Applications_T
  21. ECE-V-INFORMATION THEORY & CODING [10EC55]-NOTES
  22. ece-v-fundamentals-of-cmos-vlsi-10ec56-notes
  23. Communication-Systems—4ed—Haykin
  24. Signals_And_Systems__Schaum_
  25. CMOS-VLSI-designSignals and Systems 2Ed – Haykin – Solutions Manual
  26. Fourier Representation for four Signal Classes
  27. Fourier Representation for four Signal Classes (2)
  28. ECE-IV-SIGNALS & SYSTEMS [10EC44]-NOTES (2)
  29. Analog Communication-Prabhakar Kapula
  30. Microcontroller (www.citystudentsgroup.blogspot.com)
  31. Analog Communication (www.citystudentsgroup.blogspot.com)
  32. LInear Integrated Circuits Notes Arunkumar PDF apKART.COM
  33. EEE-III-NETWORK ANALYSIS [10ES34]-NOTES(1)
  34. ECE-IV-LINEAR ICS & APPLICATIONS [10EC46]-NOTES
  35. EEE-III-ANALOG ELECTRONIC CKTS [10ES32]-NOTES
  36. amplifiers-module-05
  37. VHDL
  38. STATE GRAPHS FOR CONTROL NETWORKS
  39. PROGRAMMABLE ARRAY LOGIC
  40. PROGRAMMABLE LOGIC DEVICES-2
  41. ECE-IV-CONTROL SYSTEMS [10ES43]-NOTES

Digital Voltage Temperature And Frequency Meter Using PIC 16F877

Voltage meter
Volt meter can measure dc voltages up to 50v. 5V is the maximum voltage can handle PIC microcontroller, as it is voltage divider (10K,1.1K) use for convert 50V to 5V . 5v zener diode use for safety of PIC microcontroller analog input pin.

Temperature meter 
Temperature meter can use between 00C to 1500C. But LM35 sensor can use between -550C to 1500C. Sensor’s resistant is changing opposite to temperature, as it is maximum temperature gives maximum voltage output(5v)  and minimum temperature gives minimum voltage output(0v).

                                                      Frequency meter
Theoretically, frequency meter can use up to 65KHz, that is because this circuit made by using Timer 1(16bit) of PIC microcontroller.


// LCD module connections
sbit LCD_RS at RB4_bit;
sbit LCD_EN at RB5_bit;
sbit LCD_D4 at RB0_bit;
sbit LCD_D5 at RB1_bit;
sbit LCD_D6 at RB2_bit;
sbit LCD_D7 at RB3_bit;

sbit LCD_RS_Direction at TRISB4_bit;
sbit LCD_EN_Direction at TRISB5_bit;
sbit LCD_D4_Direction at TRISB0_bit;
sbit LCD_D5_Direction at TRISB1_bit;
sbit LCD_D6_Direction at TRISB2_bit;
sbit LCD_D7_Direction at TRISB3_bit;
// End LCD module connections

unsigned short cnt;
unsigned int freq_result;
int x, y, t;

// Define Messages
char message1[] = "      Hz  /65KHz";
char message2[] = "FERQUANCY METER";
char Message4[] = "VOLTAGE METER";
char Message5[] = "/MAX:50V";
char Message8[] = "TEMPERATURE ";
unsigned int ADC_Value, DisplayVolt;
unsigned int tempinF, tempinC;
unsigned long temp_value;
char *volt = "00.0";
char *freq = " 0000";
char *tempC = "000.0";
char *tempF = "000.0";

void Display_Freq(unsigned int freq2write) {

  freq[0] = (freq2write/10000)%10 + 48;
  freq[1] = (freq2write/1000)%10 + 48;
  freq[2] = (freq2write/100)%10 + 48;
  freq[3] = (freq2write/10)%10 + 48;    // Extract tens digit
  freq[4] =  freq2write%10     + 48;    // Extract ones digit

 Lcd_Out(2, 2, freq);                   // Display Frequency on LCD
}

void Display_Volt(unsigned int volts2write) {

  volt[0] =  volts2write/1000 + 48;
  volt[1] = (volts2write/100)%10 + 48;
  volt[3] = (volts2write/10)%10 + 48;

 Lcd_Out(2, 2, volt);                   // Display Voltage on LCD
}

void Display_Temperature() {
 if (tempinC/10000)
 tempC[0] = tempinC/10000 + 48;
 else
 tempC[0] = ' ';
 tempC[1] = (tempinC/1000)%10 + 48;
 tempC[2] = (tempinC/100)%10 + 48;
 tempC[4] = (tempinC/10)%10 + 48;
 Lcd_Out(2, 1, tempC);
 if (tempinF/10000)
 tempF[0] = tempinF/10000 + 48;
 else
 tempF[0] = ' ';
 tempF[1] = (tempinF/1000)%10 + 48;
 tempF[2] = (tempinF/100)%10 + 48;
 tempF[4] = (tempinF/10)%10 + 48;
 Lcd_Out(2, 10, tempF);
}

void main() {
  PORTB = 0;                            // Initialise PORTB
  TRISB = 0b01000000;                   // PORTB is output
  TRISA = 0b00001101;                   // PORTA All Outputs, Except RA0,RA3 and RA2
  TRISD = 0x0F;
  TRISC = 0x01;
  T1CON = 3;                            // Timer1 on, external input RC0
  TMR1IF_bit = 0;                       // clear TMR1IF
  TMR1H = 0x00;                         // Initialize Timer1 register
  TMR1L = 0x00;                         // Initialize Timer1 register
  cnt =   0;                            // initialize cnt
  Lcd_Init();                           // Initialize LCD
  ADCON0 = 0b00010000;                  // Analog channel select
  ADCON1 = 0x00;                        // Reference voltage is Vdd
  CMCON = 0x07 ;                        // Disable comparators
  Lcd_Cmd(_LCD_CURSOR_OFF);             // Cursor off
  x=1, y=0, t=1;
  do
  {
    temp_value = ADC_Read(0);
    temp_value = temp_value*56.238;
    tempinC = temp_value;
    tempinF = 9*tempinC/5 + 3200;
    ADC_Value = ADC_Read(2);
    TMR1H = 0;                             // reset high byte of timer 1 (takes effect when low byte written)
    TMR1L = 0;                             // reset low byte of timer 1 (also loads in high byte now)
    Delay_ms(500);  // Delay 1 Sec
    freq_result = TMR1L;                   // get low byte of timer 1 count (and read high byte to buffer)
    freq_result += TMR1H*256;              // add in the high byte from buffer
    freq_result *= 2.033;

     if(PORTD.B0==0 || x==0 )
      {
      x=0, y=1, t=1;
      PORTC.B1=1;
      PORTC.B2=0;
      PORTC.B3=0;
      PORTC.B4=0;
      Lcd_Cmd(_LCD_CLEAR);                  // CLEAR display
      Lcd_Cmd(_LCD_CURSOR_OFF);             // Cursor off
      Lcd_Out(2,1,message1);                // Write message1 in 1st row
      Lcd_Out(1,2,message2);
      Display_Freq(freq_result);            // show the Frequancy on LCD
      }
      if(PORTD.B1==0)
      {
      PORTC.B4=1;
      Lcd_Out(1,1,"p");
      x=1, y=1, t=1;
      }
      else{}
      if(PORTD.B2==0 || y==0 )
      {
      PORTC.B1=0;
      PORTC.B2=1;
      PORTC.B3=0;
      PORTC.B4=0;
      y=0, x=1, t=1;
      Lcd_Cmd(_LCD_CLEAR);                      // CLEAR display
      Lcd_Cmd(_LCD_CURSOR_OFF);                 // Cursor off
      Lcd_Out(1,3,Message4);
      Lcd_Out(2,9,Message5);
      Lcd_Chr(2,6,'V');
      DisplayVolt = ADC_Value * 4.94471;
      Display_Volt(DisplayVolt);                // show the Voltage on LCD
      }
      else{}
      if(PORTD.B3==0 || t==0)
      {
      PORTC.B1=0;
      PORTC.B2=0;
      PORTC.B3=1;
      PORTC.B4=0;
      y=1, x=1, t=0;
      Lcd_Cmd(_LCD_CLEAR);                     // CLEAR display
      Lcd_Cmd(_LCD_CURSOR_OFF);                // Cursor off
      Lcd_Out(1,4,message8);
      Lcd_Chr(2,6,223);
      Lcd_Chr(2,15,223);
      Lcd_Chr(2,7,'C');
      Lcd_Chr(2,16,'F');
      Display_Temperature();                  // show the Temp on LCD
      }
      else{}
  }
  while(1);                                   // Infinite loop
}

Download Below
Click

Transformer Design Basics

                          Part 1.
Inverter Transformer ,stepUp transformer ,Step Down Transformer Desgin
            Here trying  provide some basics of transformer design and its tutorials with  series of parts[posts] . Part 1 provide the basics steps.

Design Consideration

1. Power Rating
First we require what rate of transformer we require ,Here we need to decide which rate for example 1000Va ,1500va etc . 

 2.Step Down / Step Up Transformer
Here you should decide what type of transformer you required ,ie Is it step down / Step Up ?
It means that you decide the voltages of primary and secondary.Also decide  the Frequency.
 Eg: Primary -230V Secondary 12V Frequency 50Hz
2.Primary and Secondary Currents
Then You need to select the currents in each windings ie,Primary and Secondary winding.
Eg: if we selct 1000VA then the primary Current 1000/230=4.347.
       The Secondary volt is 12V 
       then Secondary Current is 1000/12 = 83.333  =84Ampere.

2.Primary and Secondary coils wire diameter/size
Next we need to decide the coil diameter .It can be only select from a calculation as each coil has its own capability of current .As shown the table 


2.Iorn Core Area 
Iron Core area is selected in according to how much rating or how much power has been required .
Eg ; if we require 1000VA core Area required 32.cm^2 .[calculation will be provide following          posts]
In according to How much core area we can select corresponding Bobbins .Because each type of Bobbins has their own Core Area . 
Some of Bobbins Table as follows


Details design will be Continue  

 

Password based Door locking system

This is a  8051 based security project, we can lock and unlock the door electronically. Electronic door locking systems are used in Bank lockers, home lockers, main doors and prison  etc.,

Working: When we give correct UserID and Password then only we can UNLOCK and LOCK the door otherwise we can't operate it. If we entered correct userID and password it will show authenticated message on LCD screen otherwise Invalid userID or Access Denide. Then you can select one of the option LOCK DOOR and UNLOCK DOOR.
Here is the functional flow chart 
Here we are showing how door can be locked and unlocked mechanically and electrically with mechanical body of the door     
case'1': when the door is locked    


case'2':When the door is unlocked
















NOTEI haven't connected any motor driver here, but practically we can interconnect opto-coupler or motor driver H-bridge

Code


// Password based Door lock 
// modifying userID and Password
#include
sfr ROW=0x80;	//assigning PORT-0 to read rows
sfr COL=0xA0;	//assigning PORT-2 to read colomns
sfr ldata=0x90;	//assigning PORT-1 for LCD data
sbit rs=P3^0;
sbit rw=P3^1;
sbit en=P3^2;
sbit busy=P1^7;
sbit servo=P3^3;          //Output to motor
void lcdcmd(unsigned char value) ;
void lcddata(unsigned char value);
void lcdready(void)	   ;
void printstring(unsigned char ch[]) ;
void LCDclear(void);
void msdelay(unsigned int value)  ;
int keypad();
void timer(unsigned int msec);
void door_open(void);

void door_close(void);
unsigned char userID[5]={"9876"};
unsigned char password[5]={"1234"};
unsigned char update_1[5]={"0000"};
 unsigned char update_2[5]={"0000"};
 unsigned char x;
void main(void)
{ 
 unsigned int i,k;
 
 
  lcdcmd(0x38);
  lcdcmd(0x0F);
  lcdcmd(0x06);
  lcdcmd(0x01);
  //while(1){
  LCDclear();
  lcdcmd(0x80);
  while(1)
  {
  printstring("userID:");
  lcdcmd(0x87);
  
   i=0;
  do
  {
   update_1[i]=keypad();
   lcddata(update_1[i]);
   i++;
   }while(i!=4);
   i=0;
   if(update_1[0]==userID[0] && update_1[1]==userID[1] && update_1[2]==userID[2] && update_1[3]==userID[3] )
   {
 		 lcdcmd(0xC0);
 		 printstring("password:");
  		 lcdcmd(0xC9);
  
 		 do
 		 {
  			 update_1[i]=keypad();
  			 i++;
  			 lcddata('*');
  		 }while(i!=4);
		  if(update_1[0]==password[0] && update_1[1]==password[1] && update_1[2]==password[2] && update_1[3]==password[3] )
 		   {
		   LCDclear();
		   printstring("Authenticated");
		   msdelay(2000);
		   LCDclear();
		   lcdcmd(0x80);
		   printstring("1.Unlock Door");
		   lcdcmd(0xC0);
		   printstring("2.lock Door");

		   do
		   {
		    k=keypad();
			}while(k!='1' && k!='2' && k!='C');
		    switch(k)
			{
			 case '1' :while(1)
						 { 
						 door_open();
						if('2'==keypad())
						   door_close();
			 			if('C' ==keypad())
				 			{
				 				main();
							}	
						}
			 			break;
			case '2' : 	while(1)
						{
						 door_close();
						 if('1'==keypad())
						 door_open();
						if('C' ==keypad())
						 {
				 			main();
					    	}
						}
						break;
			case 'C' : main();
						break;
			default  :main();
					  break;
			}
		   }

		   else
		   {
		   LCDclear();
		   printstring("Access Denide");
		   msdelay(1000);
		   LCDclear();
		  
		   main();
		   }
 	
 }
 else
 {
  LCDclear();
  printstring("Invalid UserID");
  msdelay(1000);
  main();  		   
 }
 }
 }
 /* sending commands to  LCD display to act in command mode */ 
void lcdcmd(unsigned char value)
{
 lcdready();
 ldata=value;
 rs=0;
 rw=0;
 en=1;
 msdelay(10);
 en=0;
 }
 /* sending commnad to LCD to display characters*/
void lcddata(unsigned char value)
{
 lcdready();
 ldata=value;
 rs=1;
 rw=0;
 en=1;
 msdelay(10);
 en=0;
 }
 /* checking LCD buffer for free */
void lcdready(void)
{
 busy=1;
 rs=0;
 rw=1;
 if(busy==1)
  {
   en=0;
   msdelay(1);
   en=1;
   }
}

void printstring(unsigned char ch[])
{
 unsigned int i;
 for(i=0;ch[i]!='\0';i++)
 lcddata(ch[i]);
 }
/* generating delay*/
void msdelay(unsigned int value)
{
 unsigned int i,j;
 for(i=0;i




Introduction

A lot of microcontrollers are used in modern equipment and electronic devices. Some of them are used by amateurs to build small devices for fun, others are used by small companies in control, measurement or other equipment, others are used for serious applications by the military, security services, banks, medical services etc. Each microcontroller executes the algorithm or program uploaded into its memory. Usually this algorithm is written in Assembler (even if you write the program in C it will be translated into Assembler during compilation); rarely the algorithm is written in Basic or Java.
If you write a program for a microcontroller you are interested in your work being protected against unauthorized access or copying, so you want to control distribution of your devices. For this purpose microcontroller manufacturers developed special features which if selected allows software authors to prevent people downloading their program from their microcontroller if activated. This is Copy protection or Lock feature. Each microcontroller should be programmed before using. There are different techniques to do it depend on manufacturer and type of microcontroller. For evaluation purposes there are reprogrammable versions of microcontrollers, for production in small quantities there are one-time programmable (OTP) versions which is cheaper than reprogrammable one, and for large amount there are factory programmed versions which are very cheap but you have to purchase at least 1000 items. After the program for microcontroller is written and successfully compiled it should be uploaded into correspondent microcontroller integrated circuit. For this purpose you have to use special hardware device called programmer unit. For most microcontrollers this device could be very simple, cheap and consist of a power supply adapter, a few transistors, several resistors and a connector to RS232 or Parallel port. For other microcontrollers you have to use special programmer units distributed only by manufacturers, but these microcontrollers are not popular. Of course, if you want your device to be working properly for years (especially for OTP versions of microcontrollers) it would be better to use industrial programmer units which are approved by the most of manufacturers. You can find all necessary information about this devices on manufacturers' web-sites in the Internet.

Attack Technologies

1. Introduction

An increasing number of large and important systems, from pay-TV through GSM mobile phones and prepayment gas meters to smartcard electronic wallets, rely to a greater or lesser extent on the tamper resistance properties of microcontrollers, smartcards and other special security processors.
This tamper resistance is not absolute: an opponent with access to semiconductor test equipment can retrieve key material from a chip by direct observation and manipulation of the chip's components. It is generally believed that, given sufficient investment, any chip-sized tamper resistant device can be penetrated in this way.
So the level of tamper resistance offered by any particular product can be measured by the time and cost penalty that the protective mechanisms impose on the attacker. Estimating these penalties is clearly an important problem, but is one to which security researches, evaluators and engineers have paid less attention than perhaps it deserves.
We can distinguish four major attack categories:
  • Microprobing techniques can be used to access the chip surface directly, thus we can observe, manipulate, and interfere with integrated circuit
  • Software attack use normal communication interface of the processor and exploit security vulnerabilities found in the protocols, cryptographic algorithms, or their implementation
  • Eavesdropping techniques monitor, with high time resolution, the analog characteristics of all supply and interface connections and any other electromagnetic radiation by the processor during normal operation
  • Fault generation techniques use abnormal environmental conditions to generate malfunctions in the processor that provide additional access
All microprobing techniques are invasive attacks. They require hours or weeks in specialized laboratory and in the process they destroy the packaging. The other three are non-invasive attacks. The attacked card is not physically harmed during these attacks and the equipment used in the attack can usually be disguised as a normal smartcard reader.
Non-invasive attacks are particularly dangerous in some applications for two reasons. Firstly, the owner of the compromised card might not notice that the secret keys have been stolen, therefore it is unlikely that the validity of the compromised keys will be revoked before they are abused. Secondly, non-invasive attacks often scale well, as the necessary equipment can usually be reproduced and updated at low cost.
The design of most non-invasive attacks requires detailed knowledge of both the processor and software. On the other hand, invasive microprobing attacks require very little initial knowledge and usually work with a similar set of techniques on a wide range of products. Attacks therefore often start with invasive reverse engineering, the result of which then help to develop cheaper and faster non-invasive attacks.

2. Non-Invasive attacks

The most widely used non-invasive attacks include playing around supply voltage and clock signal. Under-voltage and over-voltage attacks could be used to disable protection circuit or force processor to do wrong operation. For these reasons, some security processors have voltage detection circuit, but as a rule this circuit does not react to transients. So fast signals of various kinds may reset the protection without destroying the protected information.
Power and clock transients can also be used in some processors to affect the decoding and execution of individual instructions. Every transistor and its connection paths act like an RC element with a characteristic time delay; the maximum usable clock frequency of a processor is determined by the maximum delay among its elements. Similarly, every flip-flop has a characteristic time window (of a few picoseconds) during which it samples its input voltage and changes its output accordingly. This window can be anywhere inside the specified setup cycle of the flip-flop, but is quite fixed for an individual device at a given voltage and temperature. So if we apply a clock glitch (a clock pulse much shorter than normal) or a power glitch (a rapid transient in supply voltage), this will affect only some transistors in the chip. By varying the parameters, the CPU can be made to execute a number of completely different wrong instructions, sometimes including instructions that are not even supported by the microcode. Although we do not know in advance which glitch will cause which wrong instruction in which chip, it can be fairly simple to conduct a systematic search.
Another possible way of attack is current analysis. Using 10 - 15 ohm resistor in the power supply, we can measure with an analog/digital converter the fluctuations in the current consumed by the card. Preferably, the recording should be made with at least 12-bit resolution and the sampling frequency should be an integer multiple of the card clock frequency.
Drivers on the address and data bus often consist of up to a dozen parallel inverters per bit, each driving a large capacitive load. They cause a significant power-supply short circuit during any transition. Changing a single bus line from 0 to 1 or vice versa can contribute in the order of 0.5 - 1 mA to the total current at the right time after the clock edge, such that a 12-bit ADC is sufficient to estimate the number of bus bits that change at a time. SRAM write operations often generate the strongest signals. By averaging the current measurements of many repeated identical transactions, we can even identify smaller signals that are not transmitted over the bus. Signals such as carry bit states are of special interest, because many cryptographic key scheduling algorithms use shift operations that single out individual key bits in the carry flag. Even if the status-bit changes cannot be measured directly, they often cause changes in the instruction sequencer or microcode execution, which then cause a clear change in the power consumption.
The various instructions cause different levels of activity in the instruction decoder and arithmetic units and can often be quite clearly distinguished, such that parts of algorithms can be reconstructed. Various units of the processor have their switching transients at different times relative to the clock edges and can be separated in high-frequency measurements.
Other possible threat to secure devices is data remanence. This is the capability of volatile memory to retain information stored in it for some period of time after power was disconnected. Static RAM contained the same key for a long period of time could reveal it on next power on. Other possible way is to 'freeze' state of the memory cell by applying low temperature to the device. In this case static RAM could retain information for several minutes at -20ºC or even hours at lower temperature.

3. Invasive attacks

Despite to more complexity of invasive attacks some of them could be done without using expensive laboratory equipment. Low-budget attackers are likely to get a cheaper solution on the second-hand market for semiconductor test equipment. With patience and skill it should not be too difficult to assemble all the required tools for even under ten thousand US dollars by buying a second-hand microscope and using self-designed micropositioners. The laser is not essential for first results, because vibrations in the probing needle can also be used to break holes into passivation.
Invasive attacks start with the removal of the chip package. Plastic over the chip could be removed by knife. Epoxy resin around the chip could be removed using fuming nitric acid. Hot fuming nitric acid dissolves the package without affecting the chip. The procedure should preferably be carried out under very dry conditions, as the presence of water could corrode exposed aluminium interconnects. The chip is then washed with acetone in an ultrasonic bath, followed optionally by a short bath in deionized water and isopropanol. After that chip could be glued into a test package and bonded manually. Having enough experience it might be possible to remove epoxy without destroying bonding wires and smartcard contacts.
Once the chip is opened it is possible to perform probing or modifying attacks. The most important tool for invasive attacks is a microprobing workstation. Its major component is a special optical microscope with a working distance of at least 8 mm between the chip surface and the objective lens. On a stable platform around a socket for the test package, we install several micropositioners , which allow us to move a probe arm with submicrometer precision over a chip surface. On this arm, we install a probe needle. These elastic probe hairs allow us to establish electrical contact with on-chip bus lines without damaging them.
On the depackaged chip, the top-layer aluminium interconnect lines are still covered by a passivation layer (usually silicon oxide or nitride), which protects the chip from the environment and ion migration. On top of this, we might also find a polyimide layer that was not entirely removed by HNO3 but which can be dissolved with ethylendiamine. We have to remove the passivation layer before the probes can establish contact. The most convenient depassivation technique is the use of a laser cutter. The UV or green laser is mounted on the camera port of the microscope and fires laser pulses through the microscope onto rectangular areas of the chip with micrometer precision. Carefully dosed laser flashes remove patches of the passivation layer. The resulting hole in the passivation layer can be made so small that only a single bus line is exposed. This prevents accidental contacts with neighboring lines and the hole also stabilizes the position of the probe and makes it less sensitive to vibrations and temperature changes.
It is usually not practical to read the information stored on a security processor directly out of each single memory cell, except for ROM. The stored data has to be accessed via the memory bus where all data is available at a single location. Microprobing is used to observe the entire bus and record the values in memory as they are accessed.
It is difficult to observe all (usually over 20) data and address bus lines at the same time. Various techniques can be used to get around this problem. For instance we can repeat the same transaction many times and use only two to four probes to observe various subsets of the bus lines. As long as the processor performs the same sequence of memory accesses each time, we can combine the recorded bus subset signals into a complete bus trace. Overlapping bus lines in the various recordings help us to synchronize them before they are combined.
In order to read all memory cells without the help of the card software, we have to abuse a CPU component as an address counter to access all memory cells for us. The program counter is already incremented automatically during every instruction cycle and used to read the next address, which makes it perfectly suited to serve us as an address sequence generator. We only have to prevent the processor from executing jump, call, or return instructions, which would disturb the program counter in its normal read sequence. Tiny modifications of the instruction decoder or program counter circuit, which can easily be performed by opening the right metal interconnect with a laser, often have the desired effect.
Another approach to understand how particular microcontroller or smartcard work is to reverse engineer it. The first step is to create a map of a new processor. It could be done by using an optical microscope with a CCD camera to produce several meter large mosaics of high-resolution photographs of the chip surface. Basic architecture structures, such as data and address bus lines, can be identified quite quickly by studying connectivity patterns and by tracing metal lines that cross clearly visible module boundaries (ROM, RAM, EEPROM, ALU, instruction decoder, etc.). All processing modules are usually connected to the main bus via easily recognizable latches and bus drivers. The attacker obviously has to be well familiar with CMOS VLSI design techniques and microcontroller architectures, but the necessary knowledge is easily available from numerous textbooks.
Photographs of the chip surface show the top metal layer, which is not transparent and therefore obscures the view on many structures below. Unless the oxide layers have been planarized, lower layers can still be recognized through the height variations that they cause in the covering layers. Deeper layers can only be recognized in a second series of photographs after the metal layers have been stripped off, which could be achieved by submerging the chip for a few seconds in hydrofluoric acid (HF) in an ultrasonic bath. HF quickly dissolves the silicon oxide around the metal tracks and detaches them from the chip surface. HF is an extremely dangerous substance and safety precautions have to be followed carefully when handling it.
Where the implementation is familiar, there are a number of ways to extract information from the chip by targeting specific gates or fuses or by overwriting specific memory locations. Even where this is not possible, memory cells can be attacked; this can also be done on a relatively modest budget.
Most currently available microcontrollers and smartcard processors have feature sizes of 0.5 - 1 µm and only two metal layers. These can be reverse-engineered and observed with the manual and optical techniques described in the previous sections. For future chip generations with more metal layers and features below the wavelength of visible light, more expensive tools additionally might have to be used.
A focused ion beam (FIB) workstation consists of a vacuum chamber with a particle gun, comparable to a scanning electron microscope (SEM). Gallium ions are accelerated and focused from a liquid metal cathode with 30 kV into a beam of down to 5 - 10 nm diameter, with beam currents ranging from 1 pA to 10 nA. FIBs can image samples from secondary particles similar to a SEM with down to 5 nm resolution. By increasing the beam current, chip material can be removed with the same resolution. Better etch rates can be achieved by injecting a gas like iodine via a needle that is brought to within a few hundred micrometers from the beam target. Gas molecules settle down on the chip surface and react with removed material to form a volatile compound that can be pumped away and is not redeposited. Using this gas-assisted etch technique, holes that are up to 12 times deeper than wide can be created at arbitrary angles to get access to deep metal layers without damaging nearby structures. By injecting a platinum-based organometallic gas that is broken down on the chip surface by the ion beam, platinum can be deposited to establish new contacts. With other gas chemistries, even insulators can be deposited to establish surface contacts to deep metal without contacting any covering layers.
Using laser interferometer stages, a FIB operator can navigate blindly on a chip surface with 0.15 µm precision, even if the chip has been planarized and has no recognizable surface structures. Chips can also be polished from the back side down to a thickness of just a few tens of micrometers. Using laser interferometer navigation or infrared laser imaging, it is then possible to locate individual transistors and contact them through the silicon substrate by FIB editing a suitable hole. This rear-access technique has probably not yet been used by pirates so far, but the technique is about to become much more commonly available and therefore has to be taken into account by designers of new security chips. FIBs are used by attackers today primarily to simplify manual probing of deep metal and polysilicon lines. A hole is drilled to the signal line of interest, filled with platinum to bring the signal to the surface, where a several micrometer large probing pad or cross is created to allow easy access. Modern FIB workstations (for example the FIB 200xP from FEI) cost less than half a million US$ and are available in over hundred organizations. Processing time can be rented from numerous companies all over the world for a few hundred dollars per hour.


for More go here

Parallel to serial  Interfacing with Micro controller 

Interfacing with 74HC165 with 8051


   I am trying to make multiple input with using minimum input port of micro controller ,ie 3 wire .
By using a 3 wire we can interface more input as we wish.


 I am making a tutorial for it , Basics of 74HC165  which is a parallel to serial shift register .


   












Only three pin is connected with this IC . 
1)   SH/LD  or PL  is used load  parallel data to the IC .A low pulse (ground) is applied for store the         parallel data at the pin from A to H . And a High (5 Volt) is applied to stop the reading from the          PIN A to H .
2) Then to read the loaded or saved data to Micro controller we have to give clock to the PIN 2 of           74HC165  (CLK) . 8 pulses is applied to read 8 bit (Pin A to B)

3) QH / SO . serial out pin is used to get the stored parallel data to serially.

The CLK INH pin must be connect in ground for enable clock.


    To use cascaded 74HC165 for increasing i/p .connect the Seriall output pin (PIN 9) of first satge into serial input of first stage see the following circuit.
   




see the code below





  
  #include  
#include
#include "lcd.h"  
sbit PL  = P1^0;   // Loading parallel data to HC165.
sbit CLK = P1^1;   // Clock pulse to HC165.
sbit Beep  = P1^2;   // 
sbit data_in  = P1^3;

  void clock(void);
  void display(unsigned char value);
     
void main()
{  
 unsigned char position ,no_of_ip = 17;
  lcd_init();
  string("   gElectron");     
  while(1)

   {  
      PL = 0 ;
  delay(2);
  PL = 1;

   for(position = 1; no_of_ip > position; position++ , clock())
  {     
  
    if(data_in == 1)
     display(position);   

  }
   } 
}  

 void clock(void)
 {
   CLK = 1;
   delay(1);
   CLK = 0;

 }

void display(unsigned int value)
  {  
  unsigned int a[1];
    Beep =   1;
    lcd_init();
 lcd_cmd(0x01);   
    string("Pressed key ");
    lcd_cmd(0xc0); 
  sprintf(a,"%d",value);  
     string(a); 
     delay(1);
     Beep = 0;
     
  }   


Download the whle file here github.

MKRdezign

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget