Ray Andraka wrote about reverse-engineering ASICs based on behavior vs. analyzing the mask layout:
it may take a bit of work to ferret out all the operation, but it is
> likely still easier than trying to reverse engineer from masks.
Speaking of such things, I have a number of old chips from which I want to extract masked ROM and PLA contents from. Since those are very regular strutures, and they in parts with single layer metal in 5 micron and larger geometry, it should be fairly easy. In fact, here's an example of someone doing this:
formatting link
He extracted code from 10 micron PMOS masked ROMs that were packaged in metal cans, by the simple expedient of removing the top of the can with a dremel tool or the like.
I want to do basically the same thing with other chips from that era, but they're in plastic DIP packaging. I don't want to mess with high-temperature fuming nitric acid and such things. Can anyone recommend a lab that will do this, and take photomicrographs, at a "reasonable" price?
Before everyone jumps on me about piracy, I'll explain that the ROM and PLA code in question is NOT copyrighted.
...and, pray tell, how do you get to that conclusion? Every time one generates a document or a pattern (in this case the codes, masks, etc), such items *by FEDERAL law* are copyrighted! In fact, your missive to this NG, and my answer here is copyrighted! Now, if anyone wanted to make some lawyers rich and go to court over mis-use of copyrighted material, then copyright *registration* would be considered as the ultimate proof that judges cannot go against.
By knowing some of the details of US Copyright Law (Title 17 of the United States Code).
In the US, that wasn't the case before the Berne Copyright Convention took effect, March 1, 1989. See 17 U.S.C. 405(a):
Sec. 405. Notice of copyright: Omission of notice on certain copies and phonorecords
(a) Effect of Omission Copyright on With respect to copies and phonorecords publicly distributed by authority of the copyright owner before the effective date of the Berne Convention Implementation Act of 1988, the omission of the copyright notice described in sections 401 through 403 from copies or phonorecords publicly distributed by authority of the copyright owner does not invalidate the copyright in a if work
(1) the notice has been omitted from no more than a relatively small number of copies or phonorecords distributed to the public; or
(2) registration for the work has been made before or is made within five years after the publication without notice, and a reasonable effort is made to add notice to all copies or phonorecords that are distributed to the public in the United States after the omission has been discovered; or
(3) the notice has been omitted in violation of an express requirement in writing that, as a condition of the copyright owner's authorization of the public distribution of copies or phonorecords, they bear the prescribed notice.
In the case of the ROMs and PLAs I want to extract, none of the conditions for preservation of a copyright without notice have been met.
Also, these parts were sold before the Semiconductor Chip Protection Act of 1984 (17 USC 901 et seq.) was enacted, so they are not elgible for protection as mask works.
True, because the Berne Convention is in effect. I'm including quotes from your message here as a matter of fair use.
Technically registration is still a legal requirement, even though a copyright notice is not.
However, the main practical effect of registration is that it allows you to collect actual damages for infringement. Without registration, you can only collect statutory damages, though they can be fairly substantial.
Just for reference, here is a list of when copyrights run out in various situations. Corrections/comments welcome.
************************************************** DATE OF WORK: Published before 1923 PROTECTED FROM: In public domain TERM: None
************************************************** DATE OF WORK: Published from 1923 - 63 PROTECTED FROM: When published with notice [3] TERM: 28 years + could be renewed for 47 years, now extended by 20 years for a total renewal of 67 years. If not so renewed, now in public domain
************************************************** DATE OF WORK: Published from 1964 - 77 PROTECTED FROM: When published with notice 28 years for first term; TERM: now automatic extension of 67 years for second term
************************************************** DATE OF WORK: Created before 1-1-78 but not published PROTECTED FROM: 1-1-78 (Effective date of 1976 Copyright Act) TERM: Life + 70 years or 12-31-2002, whichever is greater
************************************************** DATE OF WORK: Created before 1-1-78 but published between then and 12-31-2002 PROTECTED FROM: 1-1-78, (Effective date of 1976 Copyright Act) TERM: Life + 70 years or 12-31-2047 whichever is greater
************************************************** DATE OF WORK: Created 1-1-78 or after PROTECTED FROM: When work is fixed in tangible medium of expression TERM: Life + 70 years [1] (or if work of corporate authorship, the shorter of 95 years from publication, or 120 years from creation [2]
**************************************************
Notes: [1] Term of joint works is measured by life of the longest-lived author. [2] Works for hire, anonymous and pseudonymous works also have this term. 17 U.S.C. § 302(c). [3] Under the 1909 Act, works published without notice went into the public domain upon publication. Works published without notice between 1-1-78 and 3-1-89, effective date of the Berne Convention Implementation Act, retained copyright only if, e.g., registration was made within five years. 17 U.S.C. § 405. Source: Tom Field / Lolly Gasaway.
IANAL, but I believe that requirement for copyright notice applied to published works then. But I don't know whether PLA code was considered an expression that was copyrightable then or that distributing IC constituted publication even. You probably need a real IP lawyer to answer that. But since you're incurring the liablity here, it's your call.
If you were considering putting this stuff under an opensource license it might be more problematic since you would not be the original author by your own admission. You'd probably want to document why you think the work is in the public domain.
This seems to have emerged from another newsgroup so the context of the original question is not clear. However, I think that those who need to perform reverse engineering of anything (and I have done more than my fair share of it - by neccessity) should be on clear ground as far as IP issues are concerned.
My own reverse engineering work was always for a client who owned the equipment and IP rights but had lost the documentation for systems that needed to be modified. If you are doing it for reasons other than that then the wicket is getting very sticky.
--
********************************************************************
Paul E. Bennett ....................
Forth based HIDECS Consultancy .....
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-811095
Going Forth Safely ....EBA. http://www.electric-boat-association.org.uk/********************************************************************
The Semiconductor Chip Protection Act is not relevant; the masks could be covered as works of art. As far as age goes, you are correct - if an item is old enough, then notice would be needed. Without registration, collection of statutory damages would be rather difficult as one would have to prove ownership and priority. Registration is equivalent to "overkill" proof.
I think maybe IDC in Arizona, (Phoenix), and MOSAID used to do a lot of this delayering and taking picture stuff. Else, anybody that is in the Failure Analysis business for Semiconductors. Lucky for you these are from a vintage that makes it conceivable to me. Doing what the chinese probably did to that crypto equipment on something modern is way beyond my scope.
I was referring to the US Electronic Intelligence or something plane that got kidnapped out of international airspace near china and forced to land. Got the crew back in a while. As I recall we got the airframe back in boxes. It was rumored the crew didn't have enough time to destroy all. Probably within last 10 or so years. Google should turn it up. EC137 may have been the aircraft type.
I don't know what happened to the electronics but I can guess.
A Chinese F-8 and a US EP-3 collided during an intercept; the F-8 was lost and the EP-3 performed an emergency landing at Hainan airfield. A fairly standard c*ck-up between great powers.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.