Modern microcontrollers (MCUs) come packed with features to support rising demand of security and privacy in different applications. Features like hardware support for cryptography, trusted execution environment, memory protection, etc are widely available. In this paper, we take a deeper look into ARM Cortex M33 microcontroller designed to support critical applications like point of sale, smart home, smart factory, etc. In particular, we demonstrate architecture recovery of black box AES engine using side-channel analysis. The architecture is then exploited through side-channels to recover device intrinsic keys based on physical unclonable functions. Finally, feasibility of cross-device attacks are investigated with deep learning based side-channel attacks. Our results give a better insight into embedded AES engine available off-the shelf and allow user to design secure applications knowing such vulnerabilities at design time.Index Terms-Hardware AES engine, Side-Channel Analysis, Deep Learning, Cross-device attack.1 The chip manufacturers do not claim side-channel security for embedded AES engine. We have notified our findings to NXP PSIRT team as part of responsible disclosure.