Is it common to re-verse engineer an integrated circuit ?

[snip]

Yes. There are even companies that specialize in it.

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
 Click to see the full signature
Reply to
Jim Thompson
Loading thread data ...

(snip)

I don't believe it is common, but it is done. FPGAs are getting more popular, where the logic is stored in a ROM. The reverse engineering then is similar to software. There are also embedded processors with built in ROM.

Getting back to the netlist for modern ASICs is probably not worthwhile, but there still may be reverse engineering to do. Steps 4 and 5 are relatively hard, and might violate copyright laws. If you follow the clean room techniques used by BIOS developers, though, it is probably legal. After steps 1 to 3 add:

  1. Have someone look at the design and describe in detail the function of each logical block, and the interconnection between blocks.
  2. Write an HDL description with similar logic functions.

There are stories about Russian microprocessors with masks made directly from scanned images, including the intel logo.

-- glen

Reply to
glen herrmannsfeldt

It would be a hell of job on a modern processor. They are built up from millions of transistors, which are wired together through a layered structure of interconnections comparable to a multi-layer printed circuit board (I've seen comments that suggest that six to eight layers of metallisation aren't unusual).

You can examine this with an electron microscope and (with a specialisied electron microscope - an electron beam tester) you can probe the voltages on the surface layers in much the same way as you'd probe the surface of printed circuit board with an oscilliscope probe.

You can also use an ion beam to cut your way down through the layers, and deposit tungsten plugs as tests points to monitor voltages on tracks buried below the surface of the metallisation.

These tools used to be considered useful in checking out what was actually going on in real devices, but I suspect they now mainly as a reality check on the simulation software.

As tools for reverse engineering, they'd be horribly slow - I spent a couple years working on an electron beam tester that was intended to speed up the process a bit, but we couldn't push the sampling rate above 25MHz, and had to worry about operating conditions where you detected less than one electron per sample (on average) which meant that you had to average over a large number of samples, slowing the process down even further.

------------ Bill Sloman, Nijmegen

Reply to
bill.sloman

You betcha.

formatting link

You have an active, but very naive imagination.

Check out Figure 10 in this paper:

formatting link

That's ten layers of metal. Good luck.

High resolution scanner? What is it resolving with? The masks used during processing often look nothing like the layers they create, and even with a confocal microscope I can't see the individual metal lines in a 0.18u process, much less 0.13u or 90n. We can easily see them with our SEM, but our SEM can't see through glass, so we have to expose each layer we want to see. If you're reverse engineering a chip, that's not practical.

So far as I'm aware, there's never been any tool simpler than a human that could convert a chip into a drawing, netlist, or anything else.

Thougher? It's pretty damh thard, thoo.

-- Mike --

Reply to
Mike

Hi,

Just a stupid little question.

As an application programmer I am used to the fact that software can be reversed engineered.

Like executable format back to assembler instructions.

Or java/.net bytecode back to java/C#/whatever code.

Now that IC's can be programmed with HDL's etc I just have to ask the question:

Is it common for IC's to be reversed engineered ?

For example:

Imaginary steps:

  1. Buy a processor in the store ;)
  2. Place it under a high resolution scanner
  3. Have some cad/cam program look at it and create a cad/cam drawing
  4. Have some extra tool convert it back to a netlist.
  5. Have some extra tool convert the netlist back to a HDL ;)

The smaller the IC the thougher problably ;)

What about processors have they been reversed engineered ? :)

Bye, Skybuck.

Reply to
Skybuck Flying

That's a nice story/myth for myth busters for discovery channel lol.

Except they like to blow stuff up ;)

A processor can be blown up.. but the bang ain't big enough ;)

Bye, Skybuck.

Reply to
Skybuck Flying

One question:

Is that legal ? :)

It's probably legal how can otherwise a company like that exist ?

For example when installing microsoft windows it has a license which must be agreed to,

it says stuff like:

"You may not reverse engineer, decompile, etc"

How come hardware reverse enginering would be legal ? and software reverse enginering would be illegal ?

Or maybe software reverse enginering isn't legal and microsoft's license stuff is just not valid in court ?

Those smiling japanese faces at the end of the document are funnnnny.

Most of the english text of the document is already chinese/japanse for me ;) =D

Reply to
Skybuck Flying

It can be done, has historically been done, and to a certain extent it is as you describe it (I vaguely remember seeing a photo in IEEE Spectrum of a bunch of engineers sitting all over a 20'x20' blow up of an electron micrograph of a CPU of some sort).

Keep in mind that much "reverse engineering" is however done by way of functional specifications. It's often not necessary to compltely look at all the details of a circuit (or any other system) to be able to duplicate it. Consider something simple like a CMOS NOT gate:

- It has a certain logic function (logic 1 --> 0 and 0 --> 1)

- It has certain input characteristics (lets say the limit for 1 is

2.2V and above and 0 is 0.5V or less, taking some amount of current).

- It has certain output characterisistics (drive current, voltage levels, etc.)

- There are certain timing characteristics (propagation delay, etc.)

CMOS NOT gate of company A in a number of different ways, without necessarilky looking at how company A placed their transistors.

The same goes for a chip. In effect, AMD has "reverse engineered" certain characteristics of Intel's architecture in the same way, to make their chips compatible. Both will have a command like an Integer Addition, that behaves similarly, but was originally defined by intel.

Reply to
kmaryan
[snip]
[snip]

I was hired many years ago by Silicon Systems to "copy" a National hard-drive controller chip.

I was hired because I was "clean"... and, as is typical with most projects I take on, I didn't have a prior clue about hard-drive controller chips and had never seen National's schematics.

I worked strictly from data sheet specifications and my final result was better performing than National's ;-)

This is typical industry practice, to avoid lawsuits that will result if the schematics are the same.

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
 Click to see the full signature
Reply to
Jim Thompson

Some time ago, I saw a scan of a VAX processor (perhaps an MV II?) that showed a text similar to "When you steal the best...VAX" in Russian etched into a bit of empty space. Can't find it at the moment.

Jan

Reply to
Jan Vorbrüggen

[snip]

Yes ;-)

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
 Click to see the full signature
Reply to
Jim Thompson

I remember one of the guys who founded LT talking about some part (a voltage reference?). He said something like "we designed it at (another company), we designed it at Linear". When the same guys, with the same plus a bit more experience, re-do a design quickly-like, there will probably be some similarities.

Best regards, Spehro Pefhany

--
"it\'s the network..."                          "The Journey is the reward"
speff@interlog.com             Info for manufacturers: http://www.trexon.com
 Click to see the full signature
Reply to
Spehro Pefhany

"What about processors have they been reversed engineered ?"

Yes, but modern processors at 90nm and smaller will need some very expensive optics (deep UV) to scan them at the necessary resolution in order to create an equivalent mask set. And then you will need to exactly duplicate the doping profiles on the transistors inorder that the 0.1% analog elements remain functional. And then there are the problems of fuse progamming,... in order to create a part that is a duplicate of the part being duplicated!

Reply to
MitchAlsup

That is always fun, isn't it? :-)

One of my first PC programming tasks was to write an implementation of Kermit, to do file transfers to/from our VAX (which ran Interactive UNIX under VMS).

I implemented all the optional features, including sliding windows and large packets, with selectable checksum etc, and the resulting almost pure Pascal program (with inline asm for serial port interrupt handlers), turned out to run up to 4 times faster than the pure asm reference implemention (from Columbia University afair?).

I bet your contract included several paragraphs where you decleared your own virginity in this field, right?

Terje

--
- 
"almost all programming can be viewed as an exercise in caching"
Reply to
Terje Mathisen

[snip]

Anything for a buck....

formatting link

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
 Click to see the full signature
Reply to
Jim Thompson

(snip)

There is a story that when the russians started making ICs someone decided that 2.5mm is close to 0.1in, so their DIPs have the pins spaced 2.5mm apart. Maybe close enough for one pin spacing, but it is cumulative and the result is that they don't fit in the socket.

-- glen

Reply to
glen herrmannsfeldt

I can't tell you how many beginners I've seen build footprints for DB-style connectors and figure that .1" is close enough (and on their grid) to the true .109" spacing that they'd just go with it... :-) (And with enough of a ham-firsted approach, even a DB-25 can be made to fit in .1"-spaced holes!)

Reply to
Joel Kolstad

Legality and opportunity are not equivalent. There are lots of firms, often located in nations with weak enforcement, who make millions on copyright/patent infringement.

In the former Soviet Union, trade embargoes on computer technology often led to reverse engineering sponsored by the government with large capital investment.

For more direct examples: heroin/cocaine cartels, Enron, Tyco, MCI WorldCom, Columbia HCA.

Modern American business management is often a process of what you can get away with, not what is "legal."

That said, reverse engineering a modern multilayer ASIC is not a simple process. Even with gate arrays, there are a variety of antipiracy features which can be used to make the process much more difficult.

Like many things, it comes down to the issue of what is practical and profitable as opposed to what might be possible given infinite time and resources.

Legality, however, is often a matter of how deep one's pockets are.

As Phil Slackmeyer, Investment Banker, said: "Ethics... a powerful negotiating tool."

Reply to
Colonel Forbin

And thus was begat Linux...

Reply to
Colonel Forbin

Yes.

There's not much funny about racism.

-- Mike --

Reply to
Mike

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.