Reverse engineering masked ROMs, PLAs

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
Ray Andraka wrote about reverse-engineering ASICs based on behavior vs.
analyzing the mask layout:
Quoted text here. Click to load it

Speaking of such things, I have a number of old chips from which I want
to extract masked ROM and PLA contents from.  Since those are very
regular strutures, and they in parts with single layer metal in 5 micron
and larger geometry, it should be fairly easy.  In fact, here's an
example of someone doing this:
    http://www.pmonta.com/calculators/hp-35 /

He extracted code from 10 micron PMOS masked ROMs that were packaged in
metal cans, by the simple expedient of removing the top of the can with
a dremel tool or the like.

I want to do basically the same thing with other chips from that era,
but they're in plastic DIP packaging.  I don't want to mess with
high-temperature fuming nitric acid and such things.  Can anyone
recommend a lab that will do this, and take photomicrographs, at
a "reasonable" price?

Before everyone jumps on me about piracy, I'll explain that the ROM
and PLA code in question is NOT copyrighted.

Thanks!
Eric

Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it



I don't know about price, but try riga labs for a professional job:
www.rigalab.com

Monte




Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it
...and, pray tell, how do you get to that conclusion?
   Every time one generates a document or a pattern (in this case the
codes, masks, etc), such items *by FEDERAL law* are copyrighted!
   In fact, your missive to this NG, and my answer here is copyrighted!
   Now, if anyone wanted to make some lawyers rich and go to court over
mis-use of copyrighted material, then copyright *registration* would be
considered as the ultimate proof that judges cannot go against.

Re: Reverse engineering masked ROMs, PLAs
Quoted text here. Click to load it


By knowing some of the details of US Copyright Law (Title 17 of the
United States Code).

Quoted text here. Click to load it

In the US, that wasn't the case before the Berne Copyright Convention took
effect, March 1, 1989.  See 17 U.S.C. 405(a):

   Sec. 405. Notice of copyright: Omission of notice on certain copies
   and phonorecords

   (a) Effect of Omission Copyright on With respect to copies and
   phonorecords publicly distributed by authority of the copyright owner
   before the effective date of the Berne Convention Implementation Act
   of 1988, the omission of the copyright notice described in sections
   401 through 403 from copies or phonorecords publicly distributed by
   authority of the copyright owner does not invalidate the copyright in
   a if work

    * (1) the notice has been omitted from no more than a relatively
          small number of copies or phonorecords distributed to the
          public; or

    * (2) registration for the work has been made before or is made
          within five years after the publication without notice, and a
          reasonable effort is made to add notice to all copies or
          phonorecords that are distributed to the public in the United
          States after the omission has been discovered; or

    * (3) the notice has been omitted in violation of an express
          requirement in writing that, as a condition of the copyright
          owner's authorization of the public distribution of copies or
          phonorecords, they bear the prescribed notice.

In the case of the ROMs and PLAs I want to extract, none of the
conditions for preservation of a copyright without notice have been
met.

Also, these parts were sold before the Semiconductor Chip Protection Act
of 1984 (17 USC 901 et seq.) was enacted, so they are not elgible for
protection as mask works.

Quoted text here. Click to load it

True, because the Berne Convention is in effect.  I'm including quotes
from your message here as a matter of fair use.

Quoted text here. Click to load it

Technically registration is still a legal requirement, even though
a copyright notice is not.

However, the main practical effect of registration is that it allows you
to collect actual damages for infringement.  Without registration, you
can only collect statutory damages, though they can be fairly substantial.

Eric

Re: Reverse engineering masked ROMs, PLAs

Content-Transfer-Encoding: 8Bit


Eric Smith wrote:

Quoted text here. Click to load it

Just for reference, here is a list of when copyrights run
out in various situations.  Corrections/comments welcome.
 
**************************************************
 
DATE OF WORK: Published before 1923
 
PROTECTED FROM: In public domain
 
TERM: None
 
**************************************************
 
DATE OF WORK: Published from 1923 - 63
 
PROTECTED FROM: When published with notice [3]
 
TERM: 28 years + could be renewed for 47 years,
      now extended by 20 years for a total renewal
      of 67 years. If not so renewed, now in
      public domain
 
**************************************************
 
DATE OF WORK: Published from 1964 - 77
 
PROTECTED FROM: When published with notice 28 years
                for first term;
 
TERM: now automatic extension of 67 years for
      second term
 
**************************************************
 
DATE OF WORK: Created before 1-1-78 but not published
 
PROTECTED FROM: 1-1-78 (Effective date of 1976
                Copyright Act)
 
TERM: Life + 70 years or 12-31-2002, whichever is greater
 
**************************************************
 
DATE OF WORK: Created before 1-1-78 but published
between then and 12-31-2002
 
PROTECTED FROM: 1-1-78, (Effective date of 1976
                Copyright Act)
 
TERM: Life + 70 years or 12-31-2047 whichever
      is greater
 
**************************************************
 
DATE OF WORK: Created 1-1-78 or after
 
PROTECTED FROM: When work is fixed in tangible
                medium of expression
 
TERM: Life + 70 years [1] (or if work of corporate
      authorship, the shorter of 95 years from
      publication, or 120 years from creation [2]
 
**************************************************

Notes:
 
[1]  Term of joint works is measured by life of the
     longest-lived author.
 
[2]  Works for hire, anonymous and pseudonymous
     works also have this term. 17 U.S.C. 302(c).
 
[3]  Under the 1909 Act, works published without
     notice went into the     public domain upon
     publication. Works published without notice
     between 1-1-78 and 3-1-89, effective date of
     the Berne Convention Implementation Act, retained
     copyright only if, e.g., registration was made
     within five years. 17 U.S.C. 405.
 
Source: Tom Field / Lolly Gasaway.

--
Guy Macon <http://www.guymacon.com/


Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it

IANAL, but I believe that requirement for copyright notice applied to
published works then.  But I don't know whether PLA code was considered
an expression that was copyrightable then or that distributing IC
constituted publication even.  You probably need a real IP lawyer
to answer that.  But since you're incurring the liablity here, it's
your call.

If you were considering putting this stuff under an opensource license
it might be more problematic since you would not be the original author
by your own admission.  You'd probably want to document why you think
the work is in the public domain.


--
Joe Seigh

Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it
   The Semiconductor Chip Protection Act is not relevant; the masks
could be covered as works of art.
   As far as age goes, you are correct - if an item is old enough, then
notice would be needed.
   Without registration, collection of statutory damages would be rather
difficult as one would have to prove ownership and priority.
   Registration is equivalent to "overkill" proof.

Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it

This seems to have emerged from another newsgroup so the context of the
original question is not clear. However, I think that those who need to
perform reverse engineering of anything (and I have done more than my fair
share of it - by neccessity) should be on clear ground as far as IP issues
are concerned.

My own reverse engineering work was always for a client who owned the
equipment and IP rights but had lost the documentation for systems that
needed to be modified. If you are doing it for reasons other than that then
the wicket is getting very sticky.

--
********************************************************************
We've slightly trimmed the long signature. Click to see the full one.
Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it
<snip>
Quoted text here. Click to load it

So why not look at what they do, the functionality and re-create it
with new parts? That way you avoid legal problems.

Regards,
Pieter

Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it
vs.
photomicrographs, at

I think maybe IDC in Arizona, (Phoenix), and MOSAID used to do a lot of
this delayering and taking picture stuff.  Else, anybody that is in the
Failure Analysis business for Semiconductors.  Lucky for you these are
from a vintage that makes it conceivable to me. Doing what the chinese
probably did to that crypto equipment on something modern is way beyond
my scope.

del



Re: Reverse engineering masked ROMs, PLAs
Quoted text here. Click to load it
Any references to the story?
Quoted text here. Click to load it

--
Clint Sharp

Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it
beyond

I was referring to the US Electronic Intelligence or something plane
that got kidnapped out of international airspace near china and forced
to land.  Got the crew back in a while.  As I recall we got the airframe
back in boxes.  It was rumored the crew didn't have enough time to
destroy all.  Probably within last 10 or so years.  Google should turn
it up.  EC137 may have been the aircraft type.

I don't know what happened to the electronics but I can guess.

del cecchi



Re: Reverse engineering masked ROMs, PLAs

Quoted text here. Click to load it

A Chinese F-8 and a US EP-3 collided during an intercept; the F-8 was
lost and the EP-3 performed an emergency landing at Hainan airfield.  A
fairly standard cock-up between great powers.

Kelly

Re: Reverse engineering masked ROMs, PLAs
Quoted text here. Click to load it

And I'm certain that it wasn't deliberate just to hand bogus equipment to the
Chinese.  (Excuse me,
somebody's knocking on my door.)


--
#include <standard.disclaimer>
 _
Kevin D Quitt  USA 91387-4454         96.37% of all statistics are made up
We've slightly trimmed the long signature. Click to see the full one.
Re: Reverse engineering masked ROMs, PLAs
Quoted text here. Click to load it

the theme for this episode of Jag:
http://www.tvtome.com/tvtome/servlet/GuidePageServlet/showid-242/epid-99581 /

though the ending is a bit different ;)

-Lasse

Site Timeline