In this article, I demonstrate attacks which rely on reading back SRAM from a microcontroller (MCU). These attacks occur because many debug lock or security features in MCUs allow read-back of SRAM, even when code memory is secure. Taking advantage of the known structure of certain features such as the Advanced Encryption Standard (AES) key schedule allows an attacker to easily detect where these sensitive keys are stored. We can complicate these attacks by clearing or obfuscating memory, and this article gives some practical demonstrations of both attacks and countermeasures.