Read MCU embedded firmware such as the binary or heximal content must go through SRAM, so MCU use EEPROM, or EPROM & Flash to store the data in MCU.

Compare with SRAM which has only two stable logic states, EEPROM and EERPOM, Flash are actually store the analog quantity into the floating gate electrical charge of transistor when extract MCU at89s52 binary. Floating gate charge can change the threshold value of transistor and use sensible amplifier to detect the unit by cracking MCU. As for the standard 5V EEPROM, the threshold value after programmed has 3.5V change, some Flash memorizer in modern world can have multiple electrical level capability.

We have already evaluated the MCUs with different memorizers, also the possible effect of remain data after read it. And design a special test board which can be controlled by the computer series interface. There are two sets of programmable power supply can generate VDD and VPP, and a biletaral programmable interface for extract mcu at89ls51 firmware electrical level convertor with a socket for microcontroller MCU chip extraction analysis. And the voltage being added onto the MCU is as precise as 100 micro-voltage and the signal resolution is 1 micro-second for reading.

The first experiment use PIC12C509 as the extract chip timing, and the MCU are all written with 0, and then expose it in different time under the ultra-violet radiation. And read the MCU with different voltage to read different datas. And evaluate the threshold value in each memorizers of each unit.

Presume the reference voltage is on the power supply cable, because the threshold value of the transistor is VTH=k VDD. And normally the K is approaching 0.5. in the matter of fact, there is no need to measure the precise value of it when extract microcontroller at89ls52 heximal, because all we need to take good care is the erase time length on the memorizer and security fuse.