About DS28E01 Chip
The DS28E01-100 is a 1-Wire® chip that features a unique 64-bit ROM registration number and a strong authentication engine, providing a secure method for establishing a root-of-trust in embedded systems. It operates in 1-Wire protocol, which allows for communication with a microcontroller using only a single data pin. The device supports 1.8V to 5.5V supply voltage and a wide temperature range of -40°C to +85°C.
- Low power consumption;
- Secure authentication engine;
- 1-Wire communication protocol;
- Cryptographic authentication;
- 64-bit unique ROM registration number;
- Unique, factory-lasered, 64-bit ROM identifier;
- 1-Wire Serial Interface with strong security features;
- On-chip high-accuracy temperature sensor;
- On-chip voltage monitoring;
- Automatic data integrity verification;
- Open-drain output for driving LEDs and other devices;
- Supports overdrive mode for faster communication;
- Built-in self-test for development and production environments.
- 64 bytes of user EEPROM;
- 256-bit 1-Wire SHA-2 authentication;
- 2Kb protected memory;
- 1-Wire communiaction protocol;
- 3-pin SOT-23 package;
- Operating voltage range of 1.8V to 5.5V;
- Operating temperature range of -40°C to +85°C.
The DS28E01-100 has a 3-pin SOT-23 package, with the following pin configuration:
1 – GND (Ground)
2 – DQ (Data Pin)
3 – Vcc (Supply Voltage)
The DS28E01-100 consists of the following functional blocks:
Strong authentication engine
Power-on reset and oscillator
Supply voltage monitor
Write protection and write cycle control
Access control and secure storage;
Secure identification and authentication;
Secure boot and firmware updates in embedded systems.
Supported DALLAS series chip
Below are our available Dallas chips model for decryption:
How does DS28E01 Work?
The DS28E01 chip uses a SHA-160 encryption module to secure the data involved in the algorithm. The 55 bytes of data consist of an 8-byte key, a 5-byte user-specified random number, 32 bytes of EEPROM content, a 7-byte ROMID, a 2-byte fixed value (0xFF), and a 1-byte EEPROM address TA1.
The MCU can verify the security of the chip by reading the 20-byte hash value encrypted by SHA and comparing it to the hash value calculated by the MCU through the same algorithm. To ensure the MCU performs the same encryption operation, it must generate the exact 55-byte message that is inside the chip.
The 8-byte key is generated and written by the MCU, the 5-byte random number is written into the scratchpad before the chip performs SHA, the 32 bytes of EEPROM data are returned by the chip before reading the 20-byte hash value, the 7-byte ROMID can be read at any time, the 2-byte fixed value can be obtained from the manual, and the 1-byte TA1 is written by the MCU.
How to Unlock Dallas Chips?
Unlocking Dallas Chips can be achieved through two methods. The first method involves disassembling and decompiling the code of the main control chip to locate the encrypted verification code and either bypassing it or modifying the memory RAM. This method is highly effective but also complex, requiring expertise in assembly instructions, chip architecture, encryption chips, and development tools. However, it is not commercially feasible as the outcome of cracking is uncertain and the customer must pay for the cracking process before obtaining the decrypted machine code.
The second method involves simulating the communication waveform during the verification process. For slow communication protocols, a single-chip microcomputer can be used for simulation, while for high-speed protocols, a CPLD must be used. This method involves generating the same random number each time.
How to Use DS28E01?
Step #1: Initialize the DS28E01 key
The initialization key is only operated in the factory before the product is produced, and only needs to be operated once.
1. Read the chip ROMID.
2. Generate a unique 64-bit key through a certain algorithm to ensure that the keys generated by each motherboard are different.
3. Write the key to the chip temporary storage area, and read it back to verify whether the writing is correct.
4. Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area.
Step #2: Verify the DS28E01 key
The verification key is done in the product application, every time the product is started, the DS28E01 key is verified to be correct,
If the verification is passed, it will run normally, and if the verification is not correct, the product will not work properly through certain means.
1. Read the chip ROMID.
2. Through the same algorithm as in the initialization process, generate a 64-bit key.
3. Write an 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read it back for verification.
4. Send an encrypted authentication command to the chip, which can read back 32 bytes of EEPROM data and 20 bytes of hash value.
5. Use the data read above, generate a 55-byte digest message, and perform SHA1 operation.
6. Compare whether the hash value calculated by yourself is consistent with the hash value read back from the chip.