[snip]
Yes. There are even companies that specialize in it.
...Jim Thompson
[snip]
Yes. There are even companies that specialize in it.
...Jim Thompson
-- | James E.Thompson, P.E. | mens | | Analog Innovations, Inc. | et |
(snip)
I don't believe it is common, but it is done. FPGAs are getting more popular, where the logic is stored in a ROM. The reverse engineering then is similar to software. There are also embedded processors with built in ROM.
Getting back to the netlist for modern ASICs is probably not worthwhile, but there still may be reverse engineering to do. Steps 4 and 5 are relatively hard, and might violate copyright laws. If you follow the clean room techniques used by BIOS developers, though, it is probably legal. After steps 1 to 3 add:
There are stories about Russian microprocessors with masks made directly from scanned images, including the intel logo.
-- glen
It would be a hell of job on a modern processor. They are built up from millions of transistors, which are wired together through a layered structure of interconnections comparable to a multi-layer printed circuit board (I've seen comments that suggest that six to eight layers of metallisation aren't unusual).
You can examine this with an electron microscope and (with a specialisied electron microscope - an electron beam tester) you can probe the voltages on the surface layers in much the same way as you'd probe the surface of printed circuit board with an oscilliscope probe.
You can also use an ion beam to cut your way down through the layers, and deposit tungsten plugs as tests points to monitor voltages on tracks buried below the surface of the metallisation.
These tools used to be considered useful in checking out what was actually going on in real devices, but I suspect they now mainly as a reality check on the simulation software.
As tools for reverse engineering, they'd be horribly slow - I spent a couple years working on an electron beam tester that was intended to speed up the process a bit, but we couldn't push the sampling rate above 25MHz, and had to worry about operating conditions where you detected less than one electron per sample (on average) which meant that you had to average over a large number of samples, slowing the process down even further.
------------ Bill Sloman, Nijmegen
You betcha.
You have an active, but very naive imagination.
Check out Figure 10 in this paper:
That's ten layers of metal. Good luck.
High resolution scanner? What is it resolving with? The masks used during processing often look nothing like the layers they create, and even with a confocal microscope I can't see the individual metal lines in a 0.18u process, much less 0.13u or 90n. We can easily see them with our SEM, but our SEM can't see through glass, so we have to expose each layer we want to see. If you're reverse engineering a chip, that's not practical.
So far as I'm aware, there's never been any tool simpler than a human that could convert a chip into a drawing, netlist, or anything else.
Thougher? It's pretty damh thard, thoo.
-- Mike --
Hi,
Just a stupid little question.
As an application programmer I am used to the fact that software can be reversed engineered.
Like executable format back to assembler instructions.
Or java/.net bytecode back to java/C#/whatever code.
Now that IC's can be programmed with HDL's etc I just have to ask the question:
Is it common for IC's to be reversed engineered ?
For example:
Imaginary steps:
The smaller the IC the thougher problably ;)
What about processors have they been reversed engineered ? :)
Bye, Skybuck.
That's a nice story/myth for myth busters for discovery channel lol.
Except they like to blow stuff up ;)
A processor can be blown up.. but the bang ain't big enough ;)
Bye, Skybuck.
One question:
Is that legal ? :)
It's probably legal how can otherwise a company like that exist ?
For example when installing microsoft windows it has a license which must be agreed to,
it says stuff like:
"You may not reverse engineer, decompile, etc"
How come hardware reverse enginering would be legal ? and software reverse enginering would be illegal ?
Or maybe software reverse enginering isn't legal and microsoft's license stuff is just not valid in court ?
Those smiling japanese faces at the end of the document are funnnnny.
Most of the english text of the document is already chinese/japanse for me ;) =D
It can be done, has historically been done, and to a certain extent it is as you describe it (I vaguely remember seeing a photo in IEEE Spectrum of a bunch of engineers sitting all over a 20'x20' blow up of an electron micrograph of a CPU of some sort).
Keep in mind that much "reverse engineering" is however done by way of functional specifications. It's often not necessary to compltely look at all the details of a circuit (or any other system) to be able to duplicate it. Consider something simple like a CMOS NOT gate:
- It has a certain logic function (logic 1 --> 0 and 0 --> 1)
- It has certain input characteristics (lets say the limit for 1 is
2.2V and above and 0 is 0.5V or less, taking some amount of current).- It has certain output characterisistics (drive current, voltage levels, etc.)
- There are certain timing characteristics (propagation delay, etc.)
CMOS NOT gate of company A in a number of different ways, without necessarilky looking at how company A placed their transistors.
The same goes for a chip. In effect, AMD has "reverse engineered" certain characteristics of Intel's architecture in the same way, to make their chips compatible. Both will have a command like an Integer Addition, that behaves similarly, but was originally defined by intel.
I was hired many years ago by Silicon Systems to "copy" a National hard-drive controller chip.
I was hired because I was "clean"... and, as is typical with most projects I take on, I didn't have a prior clue about hard-drive controller chips and had never seen National's schematics.
I worked strictly from data sheet specifications and my final result was better performing than National's ;-)
This is typical industry practice, to avoid lawsuits that will result if the schematics are the same.
...Jim Thompson
-- | James E.Thompson, P.E. | mens | | Analog Innovations, Inc. | et |
Some time ago, I saw a scan of a VAX processor (perhaps an MV II?) that showed a text similar to "When you steal the best...VAX" in Russian etched into a bit of empty space. Can't find it at the moment.
Jan
[snip]
Yes ;-)
...Jim Thompson
-- | James E.Thompson, P.E. | mens | | Analog Innovations, Inc. | et |
I remember one of the guys who founded LT talking about some part (a voltage reference?). He said something like "we designed it at (another company), we designed it at Linear". When the same guys, with the same plus a bit more experience, re-do a design quickly-like, there will probably be some similarities.
Best regards, Spehro Pefhany
-- "it\'s the network..." "The Journey is the reward" speff@interlog.com Info for manufacturers: http://www.trexon.com
"What about processors have they been reversed engineered ?"
Yes, but modern processors at 90nm and smaller will need some very expensive optics (deep UV) to scan them at the necessary resolution in order to create an equivalent mask set. And then you will need to exactly duplicate the doping profiles on the transistors inorder that the 0.1% analog elements remain functional. And then there are the problems of fuse progamming,... in order to create a part that is a duplicate of the part being duplicated!
That is always fun, isn't it? :-)
One of my first PC programming tasks was to write an implementation of Kermit, to do file transfers to/from our VAX (which ran Interactive UNIX under VMS).
I implemented all the optional features, including sliding windows and large packets, with selectable checksum etc, and the resulting almost pure Pascal program (with inline asm for serial port interrupt handlers), turned out to run up to 4 times faster than the pure asm reference implemention (from Columbia University afair?).
I bet your contract included several paragraphs where you decleared your own virginity in this field, right?
Terje
-- - "almost all programming can be viewed as an exercise in caching"
[snip]
Anything for a buck....
...Jim Thompson
-- | James E.Thompson, P.E. | mens | | Analog Innovations, Inc. | et |
(snip)
There is a story that when the russians started making ICs someone decided that 2.5mm is close to 0.1in, so their DIPs have the pins spaced 2.5mm apart. Maybe close enough for one pin spacing, but it is cumulative and the result is that they don't fit in the socket.
-- glen
I can't tell you how many beginners I've seen build footprints for DB-style connectors and figure that .1" is close enough (and on their grid) to the true .109" spacing that they'd just go with it... :-) (And with enough of a ham-firsted approach, even a DB-25 can be made to fit in .1"-spaced holes!)
Legality and opportunity are not equivalent. There are lots of firms, often located in nations with weak enforcement, who make millions on copyright/patent infringement.
In the former Soviet Union, trade embargoes on computer technology often led to reverse engineering sponsored by the government with large capital investment.
For more direct examples: heroin/cocaine cartels, Enron, Tyco, MCI WorldCom, Columbia HCA.
Modern American business management is often a process of what you can get away with, not what is "legal."
That said, reverse engineering a modern multilayer ASIC is not a simple process. Even with gate arrays, there are a variety of antipiracy features which can be used to make the process much more difficult.
Like many things, it comes down to the issue of what is practical and profitable as opposed to what might be possible given infinite time and resources.
Legality, however, is often a matter of how deep one's pockets are.
As Phil Slackmeyer, Investment Banker, said: "Ethics... a powerful negotiating tool."
And thus was begat Linux...
Yes.
There's not much funny about racism.
-- Mike --
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.