The current FPGA chip decryption methods are mainly as follows:
1) Software Attack
This technique usually uses the processor communication interface and takes advantage of the protocols, encryption algorithms, or security holes in these algorithms to carry out attacks. Attackers have taken advantage of the loopholes in the design of the timing of the erase operation of this series of microcontrollers, the use of self-programmed programs in the erase encryption lock positioning, stop the next step in the operation of erasing the on-chip program memory data, so that the encrypted microcontroller into the microcontroller is not encrypted, and then read out the on-chip program using a programmer.
Currently, on the basis of other encryption methods, you can research some devices, with certain software, to do software attacks.
2) Electronic Detection Attack
This technique usually monitors the analog characteristics of all power and interface connections of the processor during normal operation with high time resolution, and implements the attack by monitoring the characteristics of its electromagnetic radiation so that specific critical information in the microcontroller can be accessed by analyzing and detecting these changes using special electronic measuring instruments and mathematical statistical methods.
The current RF programmer can directly read out the programs in older models of encrypted MCUs using this principle.
3) Fault Generation Techniques
This technique uses an abnormal operating condition to fault the processor and then provide additional access to carry out the attack. The most widely used fault generation attacks include voltage shocks and clock shocks.
4) Probe Techniques
This technique involves directly exposing the chip's internal wiring and then observing, manipulating, and interfering with the microcontroller to achieve the attack.