Chip decapsulation is not for the faint of heart. Or for the impatient. Or for the acid-averse. Really, it's not a process that should be performed by humans.
Mikhail Davidov is a very patient and resourceful human who happens to have both a curious mind and a hackerspace full of very cool equipment. He had been interested in finding a practical, manual method for getting past the protections built into microcontrollers and locating the spots that hold the chips' program code. With that done, he would be able to get to the firmware on the chips and extract any sensitive information. Davidov, a principal security researcher at Duo Labs, spent months developing and refining his techniqueand eventually settled on a method that involved a belt grinder, chemical etching, a scanning electron microscope, and a 3D printer converted into a mill.
“I'm removing that packaging to get to the parts that do the actual work,” Davidov said. “It's like opening the cover of a book to see what is written inside.”
For Davidov, this project wasn't just a chance to play with a bunch of slick toys; it was also a challenge and a way to show that this kind of project is doable. His results can help both researchers and manufacturers understand the ways in which attackers might bypass protections and what mitigations to put in place in order to better safeguard the firmware.
In the video above, Davidov walks through his chip decapsulation process step by step and shows exactly what's involved.