When a microcontroller's security fuse locks its firmware, we read it back. IC decryption recovers protected program memory from MCUs, EEPROM, flash and CPLD/FPGA devices — for legacy maintenance, obsolescence management, failure analysis and authorised reverse engineering.
IC decryption — also called chip decryption, MCU decryption or IC unlocking — is the engineering process of reading the protected code or data stored inside an integrated circuit when its built-in security prevents normal access.
Most microcontrollers ship with a read-protection bit or security fuse. Once set, it blocks a standard programmer from reading back the flash, EEPROM or OTP memory, so the firmware cannot simply be copied off the part. IC decryption defeats or bypasses that protection in a controlled lab setting and recovers a clean binary image (HEX/BIN) of the on-chip memory.
That recovered image lets you study, archive, repair or re-program the design — for example, when the original source code has been lost, the vendor is gone, or you need to keep an obsolete product in production. The same techniques underpin failure analysis, hardware security auditing and authorised competitive research. For end-to-end project handling, our partner team provides full IC decryption services.
Source code gone, original engineer left, or files corrupted — pull the binary back from the chip itself.
Keep discontinued products and long-life industrial systems running long after the vendor stops shipping.
Inspect on-chip code for root-cause debugging, audits and authorised vulnerability research.
Reproduce a verified design at scale once you hold the rights, with working samples on request.
There is no single technique that works on every chip. The right approach depends on the device family, its package and how strong its read protection is — from quick logical reads to full invasive imaging. We select the least intrusive method that reliably recovers the memory.
The fastest and most economical route. The chip is read through its own programming and debug interfaces by exploiting weaknesses in how protection is enforced — no physical modification.
The device runs normally while we disturb it precisely, or measure what it leaks, to skip a security check or recover a key — all without opening the package.
The die is exposed by decapsulation, then light is used to reset or read protection while leaving the circuit functional. Highly effective on older EPROM/OTP and many flash MCUs.
The most powerful and most involved methods, reserved for hardened chips. We physically access the silicon to read memory directly or to edit the circuit.
A disciplined workflow keeps results repeatable and your design protected. Every project moves through the same eight stages, from first enquiry to verified delivery.
Send the part number, package and quantity. We confirm feasibility, the likely method and an estimated cost and timeline.
An NDA is signed and you ship working sample chips. More samples improve success on harder, invasive jobs.
The die is identified, the memory map and protection scheme are characterised, and the security mechanism is profiled.
We choose the least intrusive technique that will work reliably — logical, fault injection, optical or invasive.
Where needed, the chip is decapsulated, polished or fixtured for probing, glitching or microscopy.
Protected flash, EEPROM or OTP is read out and assembled into a complete HEX/BIN image of the memory.
The recovered image is programmed into a blank part and functionally tested against the original to confirm a faithful copy.
You receive the binary, documentation and — on request — programmed sample units, with follow-up support.
IC decryption spans electronics, optics and micro-fabrication. These are the core instruments used to read, glitch, open and image a protected device.
High-coverage device programmers and gang programmers to read, verify and write memory across thousands of part numbers.
Acid and laser decapsulation to remove epoxy and expose the bare die without damaging the active circuitry.
Metallurgical and high-magnification optical microscopes for die inspection, alignment and ROM read-out.
Scanning electron microscopy resolves features below the optical limit for direct memory and ROM imaging.
FIB workstation to cut tracks, deposit metal and expose buried nodes for probing or read-out.
Micromanipulators and tungsten probe needles tap the internal bus on the exposed die with sub-micron precision.
Voltage, clock and electromagnetic glitchers deliver precisely timed disturbances to bypass security checks.
High-speed oscilloscopes and logic analyzers capture bus traffic, side-channel traces and protocol behaviour.
UV erasers and laser cutters drive optical fault injection and reset security cells on EPROM and OTP devices.
There is no flat rate — cost depends on how hard the chip is to read. A simple logical extraction is inexpensive; a fully invasive ROM recovery is a specialist job. The factors below drive every quote.
A common 8-bit MCU is far cheaper than a modern secure or automotive part with a hardened core.
A single read-protect bit is straightforward; multi-layer security, encryption and anti-tamper raise effort and cost.
Logical reads cost least. Optical and fault-injection work costs more. FIB and SEM imaging cost the most.
Through-hole and QFP are easy to fixture; QFN and especially BGA need extra preparation.
Spare samples improve success on invasive jobs; recurring or volume work is priced differently from a one-off recovery.
Standard scheduling is most economical; expedited handling can be arranged for an additional fee.
A representative list of the microcontroller, memory and logic families we decrypt. Search by part number or brand — and if your chip isn't shown, send it to us to confirm.
Decryption is only useful if the recovered code actually works and your IP stays protected. That's the standard we hold every job to.
NDA on every engagement, controlled sample handling and no disclosure of your design, firmware or part details to third parties.
From logical reads to FIB and electron microscopy, we run all four tiers — so the job is matched to the chip, not to one tool.
Recovered images are programmed into blank parts and functionally tested against the original before delivery.
Keeping discontinued and long-life industrial designs alive when the original vendor or source files are long gone.
Common parts in a few business days, with an honest timeline and feasibility call given up front — and expedite options.
Talk to the people doing the work. We help with programming, adapters and getting your recovered code back into production.
The questions we're asked most often before a project starts.
Tell us the chip and what you need. You'll get a feasibility check, the likely method, and a cost and timeline — usually within one business day.
Fill in the details and we'll prepare your email. Or email us directly at sales@icdecryption.com.
