Microcontroller reverse engineer
Microcontroller reverse engineer
Everything they make, We can break! 
Disassembler Software   
World first mcu hack company
In business since 1998
Reversed tens of thousands of chips
Copied thousands of pcbs
Foreseen all pertential problems
Integrity with payments
crack ic
Introduction to Reverse Engineering Software

Chapter 7. Debugging

Table of Contents

User-level Debugging

User-level Debugging


DDD is the Data Display Debugger, and is a nice GUI front-end to gdb, the GNU debugger. For a long time, the authors believed that the only thing you really needed to debug was gdb at the command line. However, when reverse engineering, the ability to keep multiple windows open with stack contents, register values, and disassembly all on the same workspace is just too valuable to pass up.

Also, DDD provides you with a gdb command line window, and so you really aren't missing anything by using it. Knowing gdb commands is useful for doing things that the UI is too clumsy to do quickly. gdb has a nice built-in help system organized by topic. Typing help will show you the categories. Also, DDD will update the gdb window with commands that you select from the GUI, enabling you to use the GUI to help you learn the gdb command line. The main commands we will be interested in are run, break, cont, stepi, nexti, finish, disassemble, bt, info [registers/frame], and x. Every command in gdb can be followed by a number N, which means repeat N times. For example, stepi 1000 will step over 1000 assembly instructions.

Setting Breakpoints

A breakpoint stops execution at a particular location. Breakpoints are set with the break command, which can take a function name, a filename:line_number, or *0xaddress. For example, to set a breakpoint at the aforementioned __libc_start_main(), simply specify break __libc_start_main. In fact, gdb even has tab completion, which will allow you to tab through all the symbols that start with a particular string (which, if you are dealing with a production binary, sadly won't be many).

Viewing Assembly

Ok, so now that we've got a breakpoint set somewhere, (let's say __libc_start_main). To view the assembly in DDD, go to the View menu and select source window. As soon as we enter a function, the disassembly will be shown in the bottom half of the source window. To change the syntax to the more familar Intel variety, go to Edit->Gdb Settings... under Disassembly flavor. This can also be accomplished with set disassembly-flavor intel from the gdb prompt. But using the DDD menus will save your settings for future sessions.

Figure 7.1. ASM in DDD


Viewing Memory and the Stack

In gdb, we can easily view the stack by using the x command. x stands for Examine Memory, and takes the syntax x /<Number><format letter><size letter> <ADDRESS>. Format letters are (octal), x(hex), d(decimal), u(unsigned decimal), t(binary), f(float), a(address), i(instruction), c(char) and s(string). Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes). For example, x /32xw 0x400000 will dump 32 words (32 bit integers) starting at 0x400000. Note that you can also use registers in place of the address, if you prefix them with a $. For example, x /32xw $esp will view the top 32 words on the stack.

DDD has some nice capabilities for viewing arbitrary dumps of memory relating to the registers. Go to View->Data Window... Once the Data Window is open, go to Display (hold down the mouse button as you click), and go to Other.. You can type in any symbol, variable, expression, or gdb command (in backticks) in this window, and it will be updated every time you issue a command to the debugger. A couple good ones to do would be `x /32xw $esp` and `x/16sb $esp. Click the little radio button to add these to the menu, and you can then open the stack from this display and it will be updated in real time as you step through your program.

Figure 7.2. Stack Displays with New Display Window

Stack Displays with New Display Window

Viewing Memory as Specific Data Structures

So DDD has fantastic ability to lay out data structures graphically, also trough the Display window mentioned above. Simply cast a memory address to a pointer of a particular type, and DDD will plot the structure in its graph window. If the data structure contains any pointers, you can click on these and DDD will open up a display for that structure as well.

Oftentimes, programs we're interested in won't have any debugging symbols, and as such, we won't be able to view any structures in an easy to understand form. For seldom used structures, this isn't that big of a deal, as you can just take them apart using the x command. However, if you are dealing with more complicated data structures, you may want to have a set of types available to use again and again. Luckily, through the magic of the ELF format, this is relatively easy to achieve. Simply define whatever structures or classes you suspect are used and include whatever headers you require in a .c file, and then compile it with gcc -shared. This will produce a .so file. Then, from within gdb but before you begin debugging, run the command set env LD_PRELOAD=file.so. From then on, you will be able to use these types in that gdb/DDD session as if they were compiled in to the program itself. (FIXME: Come up with a good example for this).

Using watchpoints

-> Example using gdb to set breakpoints in functions with and without debugging symbols.

-> FIXME: Test watchpoints


WinDbg is part of the standart Debugging Tools for Microsoft Windows© that everyone can download for free from. Microsoft© offers few different debuggers, which use common commands for most operations and ofcourse there are cases where they differ. Since WinDbg is a GUI program, all operations are supposed to be done using the provided visual components. There is also a command line embeded in the debugger, which lets you type commands just like if you were to use a console debugger like ntsd. The following section briefly mentions what commands are used to do common everyday tasks. For more complete documentation check the Help file that comes with WinDbg. An example debugging session is presented to help clarify the usage of the most common commands.


Breakpoints can be set, unset, or listed with the GUI by using Edit->Breakpoints or the shortcut keys Alt+F9. From the command line one can set breakpoints using the bp command, list them using bl command, and delete them using bc command. One can set breakpoints both on function names (provided the symbol files are available) or on a memory address. Also if source file is available the debugger will let you set breakpoints on specific lines using the format bX `filename:linenumber`

Viewing Assembly

In WinDbg you can use View->Disassembly option to open a window which will show you the disassembly of the current context. In ntsd you can use the u to view the disassembled code.

Stack operations

There are couple of things one usually does with the stack. One is to view the frames on the stack, so it can be determined which function called which one and what is the current context. This is done using the k command and its variations. The other common operation is to view the elements on the stack that are part of the current stack frame. The easiest way to do so is using db esp ebp, but it has its limitations. It assumes that the %ebp register actually points to the begining of the stack frame. This is not always true, since omission of the frame pointer is common optimization technique. If this is the case, you can always see what the %esp register is pointing to and start examining memory from that address.

The debugger also allows you to "walk" the stack. You can move to any stack frame using .frame X where X is the number of the frame. You can easily get the frame numbers using kn. Keep in mind that the frames are counted starting from 0 at the frame on top of the stack.

Reading and Writing to Memory

Reading memory is accomplished with the d* commands. Depending on how you want to view the data you use a specific variation of this command. For example to see the address to which a pointer is pointing, we can use dp or to view the value of a word, one can use dw. The help file says that one can view memory using ranges, but one can also use lengths to make it easy to display memory. For example if we want to see 0x10 bytes at memory location 0x77f75a58 you can either say db 77f75a58 77f75a58+10 or less typing gives you db 77f75a58 l 10.

Provided that you have symbols/source files, the dt is very helpful. It tries to find the data type of the sybol or memory location and display it accordingly.

Tips and tricks

Knowing your debugger can save you lots of time and pain in debugging either your own programs or when reverse engineering other's. Here are few things we find useful and time saving. This is not a complete list at all. If you know other tricks and want to contribute, let us know.

poi() - this command dereferences a pointer to give you the value that it is pointing to. Using this with user-defined aliases gives you convinient way of viewing data.


FIXME: include better example

Let's set a breakpoint in on the function main
0:000> bp main
*** WARNING: Unable to verify checksum for test.exe
Let's set a breakpoint in on the function main
0:000> g
Breakpoint 0 hit
eax=003212e8 ebx=7ffdf000 ecx=00000001 edx=7ffe0304 esi=00000a28 edi=00000000
eip=00401010 esp=0012fee8 ebp=0012ffc0 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246
00401010 55               push    ebp
Enable loading of line information if available
0:000> .lines
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
Line number information will be loaded
Set the stepping to be by source lines
0:000> l+t
Source options are 1:
     1/t - Step/trace by source line
Enable displaying of source line
0:000> l+s
Source options are 5:
     1/t - Step/trace by source line
     4/s - List source code at prompt
Start stepping through the program
0:000> p
*** WARNING: Unable to verify checksum for test.exe
eax=003212e8 ebx=7ffdf000 ecx=00000001 edx=7ffe0304 esi=00000a28 edi=00000000
eip=00401016 esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206
>    6:   char array [] = { 'r', 'e', 'v', 'e', 'n', 'g' };
00401016 c645f072         mov    byte ptr [ebp-0x10],0x72 ss:0023:0012fed4=05
eax=003212e8 ebx=7ffdf000 ecx=00000001 edx=7ffe0304 esi=00000a28 edi=00000000
eip=0040102e esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206
>    7:   int intval = 123456;
0040102e c745fc40e20100 mov dword ptr [ebp-0x4],0x1e240 ss:0023:0012fee0=0012ffc0
eax=003212e8 ebx=7ffdf000 ecx=00000001 edx=7ffe0304 esi=00000a28 edi=00000000
eip=00401035 esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206
>    9:   test = (char*) malloc(strlen("Test")+1);
00401035 6840cb4000       push    0x40cb40
eax=00321018 ebx=7ffdf000 ecx=00000000 edx=00000005 esi=00000a28 edi=00000000
eip=00401051 esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206
>   10:   if (test == NULL) {
00401051 837df800       cmp dword ptr [ebp-0x8],0x0 ss:0023:0012fedc=00321018
eax=00321018 ebx=7ffdf000 ecx=00000000 edx=00000005 esi=00000a28 edi=00000000
eip=00401061 esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206
>   13:   strncpy(test, "Test", strlen("Test"));
00401061 6848cb4000       push    0x40cb48
eax=00321018 ebx=7ffdf000 ecx=00000000 edx=74736554 esi=00000a28 edi=00000000
eip=00401080 esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz ac po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000216
>   14:   test[4] = 0x00;
00401080 8b4df8           mov     ecx,[ebp-0x8]     ss:0023:0012fedc=00321018
eax=00321018 ebx=7ffdf000 ecx=00321018 edx=74736554 esi=00000a28 edi=00000000
eip=00401087 esp=0012fed4 ebp=0012fee4 iopl=0         nv up ei pl nz ac po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000216
>   16:   printf("Hello RevEng-er, this is %s\n", test);
00401087 8b55f8           mov     edx,[ebp-0x8]     ss:0023:0012fedc=00321018
Display the array as bytes and ascii
0:000> db array array+5
0012fed4  72 65 76 65 6e 67                                reveng
View the type and value of intval
0:000> dt intval
Local var @ 0x12fee0 Type int
View the type and value of test
0:000> dt test
Local var @ 0x12fedc Type char*
0x00321018 "Test"
View the memory test points to manually
0:000> db 00321018 00321018+4
00321018  54 65 73 74 00                                   Test.
Quit the debugger
0:000> q
Unloading dbghelp extension DLL
Unloading exts extension DLL
Unloading ntsdexts extension DLL
  • Mikatech mcu reverse engineer list:
Holtek integrated circuit (ic) attack view more types...
  HT36R/HT45R series mcu crack: HT36RA4 HT36RM4 ...
HT45R02 HT45R03 HT45R04 HT45R05 HT45R06 HT45R07 HT45R09 HT45R0D HT45R0E HT45R23 HT45R24 ...
HT46R series mcu unlock: HT46R04 HT46R12 HT46R14 HT46R22 HT46R23 HT46R232 HT46R24 HT46R46 HT46R47 HT46R48 HT46R51 HT46R52 HT46R53 HT46R54 HT46R62 HT46R63 HT46R64 HT46R65 HT46R652 HT46R71 HT46R72 HT46R73 HT46R74 HT46R82 HT46R83 HT46R84 HT46RB50 HT46RB70 HT46RU25 HT46RU66...
HT47R10 HT47R20...
HT48R series Microprocessor duplicate: HT48R05 HT48R06 HT48R07 HT48R08 HT48R09 HT48R10 HT48R30 HT48R37 HT48R50 HT48R52 HT48R70 HT48RA0 HT48RA1 HT48RA3 HT48RA5 HT48RB8 HT48RU90 HT48X50...
HT49R series mcu unlock: HT49R30 HT49R50 HT49R70 HT49R84 HT49RA0 HT49RB50 HT49RB70 HT49RU90 HT49RV3 HT49RV5 HT49RV7 HT49RV9 ...
HT81R03 HT81R09 HT81R18 HT81R36 ...
HT48F series Microprocessor read software: HT48F06E HT48F10E HT48F30E HT48F50E HT48F70E ...
HT48E series mcu unlock: HT48E06 HT48E10 HT48E30 HT48E50 HT48E70 ...
Infineon Integrated Circuit (ic) Reverse Engineer view more types...
  SAB series mcu code receovery: SAB-C501 SAB-C504 SAB-C505 SAB-C508 SAB-C513 SAB-C515 SAB-C540 SAB-C541 SAB-C516 SAB-XC167 ...
SAF series mcu code retreive: SAFC504 SAF-C164CI-8EM SAF-C504-2EM SAF-C505A-4EM SAF-C505CA-4EM SAF-C505L-4EM SAF-C508-4EM SAF-C508-4EP SAF-C513 SAF-C515 SAF-XC161 SAF-XC164 SAF-XC167C SAF-XC846 SAF-XC856 SAF-XC878 SAF-XC167C886 SAF-XC888 ...
SAH series mcu firmware unlock: SAH-C504-2EM SAH-C505 ...
SAK series Microprocessor code receovery: SAK-C164 SAK-C504 SAK-C505 SAK-C515 SAK-XC161 SAK-XC164 SAK-XC167 SAK-XC846 SAK-XC866 SAK-XC886 SAK-XC888 ...
SAX series mcu code unlock: SAX-XC878 ...
SDA series Microprocessor code receovery: SDA2516 SDA2526 SDA2546 SDA2586 SDA3546 SDA3586...
Intel Microcontroller Reverse Engineer view more types...
  87xx series mcu code extraction: 8741 8741AH 8742 8742AH 8744 8744H 8748 8748H 8749 8749H 8751 8751BH 8751H 8751H-8 87551SB 8752BH 8796BH 8796JF 8797BH 8797JF 8798 ...
87Cxx series mcu code extraction: 87C151SA 87C151SB 87C194 87C196CA 87C196JQ 87C196JR 87C196JT 87C196JV 87C196KB 87C196KC 87C196KD 87C196KQ 87C196KR 87C196KS 87C196KT 87C196LA 87C196MC 87C196MH 87C198 87C251SA 87C251SB 87C251SP 87C251SQ 87C42 87C51 87C51FA 87C51FB 87C51FC 87C51GB 87C51RA 87C51RB 87C51RC 87C52 87C54 87C58 ...
87Lxx series Microprocessor code retreive: 87L42 87L51FA 87L51FB 87L51FC 87L52 87L54 87L58 ...
D87Cxx series mcu code extraction: D87C51 D87C52 D87C54 D87C58 D87C51FA D87C51FB D87C51FC D87C196KC D87C196MC D87C196MD D87C196MH D89C196MD ...
ICT/GOULD Chip Reverse Engineer view more types...
  Peel1/2xx series mcu security read: PEEL153 PEEL173 PEEL153P PEEL173P PEEL253 PEEL273 ...
Peel16xx series mcu security hack: PEEL16CV8 PEEL16V8 ...
Peel18xx series Microprocessor security hack: PEEL18CV8 PEEL18CV8Z PEEL18LV8Z ...
Peel20xx series mcu security hack: PEEL20CG10 PEEL20CG10A PEEL20V8 ...
Peel22xx series controller security hack: PEEL22CV10 PEEL22CV8 PEEL22CV10 PEEL22CV10A PEEL22CV10A PEEL22CV10A PEEL22CV10AZ PEEL22CV10AZ PEEL22CV10AZ PEEL22LV10AZ PEEL22LV10AZ PEEL22LV10AZ ...
Lattice Microcontroller Clone view more types...
  GAL series mcu program receovery: GAL16V8 GAL16V8A GAL16V8B GAL16V8C GAL16V8D GAL16V8Z GAL16LV8 ...
GAL18V10 GAL18V10B ...
PALCE series mcu program retreive: PALCE610 PALCE610H PALCE630H ...
LCxxx series mcu program software read: LC4032 LC4064 LC4128 LC4256 LC4384 LC4512 LC4032V LC4064V LC4128V LC4256V LC4384V LC4512V ...
IMXXX series Microprocessor program unlock: IM4A3-64 IM4A3-32 IM4A3-96 IM4A3-128 IM4A3-256 IM4A5 IM4A5-64 IM4A5-96 IM4A5-128 IM4A5-256 IM4A5-32 ...
ispLSI series mcu program receovery: ispLSI1016 ispLSI1024 ispLSI1032 ispLSI1048 ispLSI2064 ispLSI2096 ispLSI2128 ispLSI1016E ispLSI1024E ispLSI1032E ispLSI1048E ispLSI2064E ispLSI2096E ispLSI2128E ispLSI3160 ispLSI3192 ispLSI3256 ispLSI3256A ispLSI3256E ispLSI3320 ispLSI8840 ispLSI8600V ispLSI8840V ispLSI81080V ...
ispLST series controller program receover: ispLST1016 ispLST1024 ispLST1032 ispLST2032 ispLST2064 ispLST4032V ispLST4064V ispLST4128 ispLST4256 ispLST4512 ...
Mach series mcu source code program unlock: MACH110 MACH111 MACH120 MACH130 MACH131 MACH210 MACH211 MACH230 MACH436 ...
ispMach series mcu program receovery: ispMach4032C ispMach4064C ispMach4128C ispMach4256C ispMach4384C ispMach4512C ispMach4032B ispMach4064B ispMach4128B ispMach4256B ispMach4384B ispMach4512B ispMach4032V ispMach4064V ispMach4128V...
Maxim Microcontroller Unlock view more types...
MDT/Micon MCU Reverse Engineer view more types...
  MDTxx series mcu software reverse engineer: MDT10P05 MDT10P10 MDT10P20 MDT10P21 MDT10P22 MDT10P23 MDT10P43 MDT10P61 MDT10P62 MDT10P64 MDT10P65 MDT10P72 MDT10P73 MDT10P74 MDT10P41A1 MDT10P41A2 MDT10P621 MDT10P651 MDT10P721 MDT10P55A1 MDT10P55A2 MDT10P55A3 MDT10P55A4 MDT10P55B1 MDT10P55B2 MDT10P55B3 MDT10P55B4 MDT10P56A1 MDT10P56A2 MDT10P56A3 MDT10P56A4 MDT10P57A1 MDT10P57A2 MDT10P57A3 MDT10P57A4 MDT10F84 MDT10F841 MDT2005 MDT2010 MDT2015 MDT2020 MDT2030 MDT2051 MDT53A1 MDT53A2 MDT53A3 MDT53A4 MDT10P712 MDT10P716 ...
Magawin Microcontroller source code Recovery view more types...
  MPC82xx series mcu code receovery: MPC82E52 MPC82E54 MPC82LE52 MPC82LE54 ...
MPC89xx series mcu code receover: MPC89E51 MPC89E52 MPC89E53 MPC89E54 MPC89E58 MPC89E515 MPC89LE51 MPC89LE52 MPC89LE53 MPC89LE54 MPC89LE58 MPC89LE515 ...
MG87Fxx series mcu code receover: MG87FE_L52 MG87FE_L52AE MG87FE_L52AF MG87FE_L52AP MG87FE_L52GE MG87FE_L52GF MG87FE_L52GP MG87FE52AE MG87FE52AF MG87FE52AP MG87FE52GE MG87FE52GF MG87FE52GP MG87FL52AE MG87FL52AF MG87FL52AP MG87FL52GE ...
NEC Microcontroller Program Dump view more types...
  10PIN nec mcu retreive code clone: uPD78F9200 uPD78F9201 uPD78F9202 ...
16PIN nec mcu code clone: uPD78F9210 uPD78F9211 uPD78F9212 uPD78F9510 uPD78F9511 uPD78F9512 ...
20PIN nec microcontroller firmware dump: uPD78F9221 uPD78F9222 uPD78F9521 uPD78F9522 ...
30PIN nec mcu code clone: uPD78F9232 uPD78F9234 uPD78F9532 uPD78F9534 ...
44PIN nec microcontroller memory duplicate: uPD78F0511 uPD78F0512 uPD78F0513 ...
48PIN nec Microprocessor code clone: uPD78F0511 uPD78F0512 uPD78F0513 uPD78F0514 uPD78F0515 ...
52PIN nec microcontroller firmware dump: uPD78F0521 uPD78F0522 uPD78F0523 uPD78F0524 uPD78F0525 uPD78F0526 uPD78F0527 ...
64PIN nec mcu code clone: uPD78F0531 uPD78F0532 uPD78F0533 uPD78F0534 uPD78F0535 uPD78F0536 uPD78F0537 ...
80PIN nec microcontroller dump: uPD78F0544 uPD78F0545 uPD78F0546 uPD78F0547 ...
Nuvoton/Winbond MCU Copy Protection Break view more types...

W77Exx series ic code extraction: W77E51 W77E52 W77E54 W77E58 W77E058A W77E516 W77E516A W77E532 W77E532A W77E058 W77E58A W77I058A 77L058 W77L516A W77LE58 W77IE58 W77L058A W77L516A W77L532A W77LE516 W77LE532 ...
W78Exx series ic code recovery: W78E51 W78E51B W78E52 W78E52B W78E54 W78E54B W78E58 W78E58B W78E516 W78E051A W78E62 W78E65 W78E65B W78E516B W78E051B W78E051C W78E052A W78E052B W78E052C W78E054A W78E054B W78E054C W78E058A W78E058B W78E065A W78E365 W78E365A W78E378 W78E378E W78E51 W78E516B W78E51B W78E51C W78E52 W78E52B W78E52C W78E54 W78E54B W78E54C W78E58 W78E58B W78E62 W78E65 W78E858 W78ERD2 W78ERD2A W78E051DDG W78E051DFG W78E051DLG W78E051DPG W78E052DDG W78E052DFG W78E052DLG W78E052DPG W78E054DDG W78E054DFG W78E054DLG W78E054DPG W78E058DDG W78E058DFG W78E058DLG W78E058DPG W78E065 W78E354 W78E374B W78E378P W78E516DDG W78E516DFG W78E516DLG W78E516DPG W78E62B ...
W78IExx series ic code extraction: W78IE52 W78IE54 W78IRD2 W78IRD2A W78I051DDG W78I051DFG W78I051DLG W78I051DPG W78I052 W78I052DDG W78I052DFG W78I052DLG W78I052DPG W78I054 W78I054DDG W78I054DFG W78I054DLG W78I054DPG ...
W78Lxx series ic code recovery: W78L051A W78L051C W78L052A W78L052C W78L054A W78L054C W78L058A W78L365A W78L516A W78L812A W78L051 W78L052 W78L054 W78L058 W78L365 W78L516 W78L812 ...
W78LExx series ic code extraction: W78LE58 W78LE58B W78LE051A W78LE365 W78LE51 W78LE516 W78LE51C W78LE52 W78LE52C W78LE54 W78LE54C W78LE812 ...
W79Exx series ic code recover: W79E201 W79E201A W79E532 W79E532A W79E533A W79E548 W79E548A W79E549 W79E549A W79E558A W79E559A W79E632 W79E632A W79E633A W79E648 W79E648A W79E649 W79E649A W79E658A W79E659A W79E801 W79E802 W79E803 W79E804 W79E821 W79E822 W79E823 W79E824 W79E825 W79E82J W79E832 W79E833 W79E834 W79E83J W79E2051 W79E216AFG W79E217AFG W79E225A W79E226A W79E227A W79E4051 W79E633 W79E83J W79E801A W79E802A W79E803A W79E804A W79E821A W79E822A W79E822B W79E823A W79E823B W79E824A W79E825A W79E831A W79E832A W79E833A W79E834A ...
W79Lxx series ic code extraction: W79L532 W79L532A W79L548 W79L548A W79L549 W79L549A W79L558A W79L559A W79L632 W79L632A W79L633A W79L648 W79L648A W79L649 W79L649A W79L658A W79L659A W79L633 ...
W83Lxx series ic code recovery: W83L950D W83L950G W83L951D W83L951DG W83L951F W83L951FG W83L951ADG W83L951DF ...
PCB Copying Service
PCB Projects Overview
PCB Clone
PCB Reverse Engineering
PCB Prototype
PCB Assembly Production
Mcu Hacking Service
Atmel / Analog Mcu Hack
Actel Mcu Attack
Altera Microcontroller Crack
Cygnal Mcu Unlock
Cypress IC Reverse Engineer
Dallas / Elan Mcu Code Extract
Fujitsu Microprocessor Decryption
Freescale IC Code Extraction
Giga Device circuit Hack
Hitachi Mcu Code Extract
Holtek Chip Reverse Engineer
Infineon Microcontroller Dump
Intel Mcu Read Code Protection
ICT Microcontroller Duplication
Lattice Microcontroller Clone
Microchip Source Code Recovery
Motorola Microcontroller Crack
Maxim Mcu Attack
MDT Controller Hack
Megawin Microcontroller Unlock
NEC Mcu Reverse Engineer
NTK Microcontroller Code Extract
Nuvoton Chip Decryption
NXP Semiconductor Code Extraction
Philips integrated circuit Crack
Renesas Microcontroller Dump
ST Processor Reverse Engineer
Silicon Labs Mcu Read Protection
Samsung Mcu Duplication
SST Mcu Clone
Sinowealth Source Code Recovery
SyncMOS Mcu Unlock
Sonix Mcu Read Source Code
STC Microprocessor Code Extract
Tenx Microcontroller Decryption
Texas Instruments MCU Hack
Winbond MCU Code Extraction
Xilinx integrated circuit Crack
Zilog MCU Reverse Engineer
More MCU brands we can reverse engineer below, please contact us if yours not listed here:
AMD Feeling LG / Hyundai Myson STK
ChipON Hynix Mitsubishi National Semi Temic
Coreriver ICSI Mosel Vitelic Portek Toshiba
Dallas ISSI MXIC SSSC Gal / Pal / Palce
Copyright © 2013 Mikatech. All rights reserved. Full dedicated reverse engineering company