There's a far easier way.. Which is what the pro's use.
Get a hold of a blank chip. Scan
Set the 'read protect' fuse. Scan
Fuse coordinates are bo known.
Decapsulate the chip to be reverse engineered. Flip read protect fuse. Dump. Done.
Eeprom and flash rom cells can be scanned using an e-beam prober. This machine can detect the gate charges. They use an electron beam to sweep the chip surface. Current change means voltage change in the chip. So you get a clear map of the bits immediately. Once you got the coordinates of the fusebits you can use the e-beam to 'write' its state...
The reverse engineering shops have tables with the coordinates of the fuses for al ost anything out there.
A harder way is to use self decrypting code. Read crypto key from outside the chip and have the program instructions being decrypted on the fly. Then probing gets you nowhere as you don't have the key. Only the cypher code and the encrypted program code. The cypher itself is missing.