chip reverse engineering

If I have two numbers, one an input of 53 and the other an output of 20 is there any way to tell how I came by changing the input into the output? Try and reflect this into the electrical realm and imagine them as chip inputs. If you can't realize the point of that, then no you have absolutely no chance of producing the same chip at all.

Regards, Bevan

it all depends.

known info:

==================

1) Sattellite co-ordinates 2) transponder number 3) "has encrypted digital audio" ==================

from the info above and only from that info without ever seeing the original decoder I did produce a dual layer PCB holding

a Z80

13 Lattice GALs 27256 EEPROM program code and hamming correction table 2KB static RAM 8KB ram for digital sample storage

my board implemented all error correction built in the digital transmittion, learned new true random encryption keys in max 200 milliseconds.

the original was an Matsushita ASIC, but my box had better error tolerance as the original design !! Filmnet had to turn off encryption when snow fall onto sattellite dishes in Norway, under that condtions the replica was still operating ok.

This is not possible? I would say so, but I did do it.

Today i would implement all that of that design in one single Lattice XP :)

so its all about what it is, and who is the one doing the design ...

Antti

Ahh, but you obviously didn't fully read what the OP asked for...

it might be possible to create a different design that performs the same (or sufficiently similar) operation, however it will almost certainly not be the same design as the original (apart from in a very simple case).

Even take the simplest case of a inverter. If you were to design this from the silicon up, do you think it would be the same as something from TI etc? How about if you knew exactly what kind of process they used, there's just so many different options still.

Copying the design just isn't viable. Unless you really have the time and money to invest in getting the packaging open, and inspecting the actual silicon itself.

On a similar note, is it possible to get back to the design from a .bit file?

Cheers

Tank

--
webmaster@tankstage.co.uk   
Iyonix PC

"Tank" schrieb im Newsbeitrag news: snipped-for-privacy@tankstage.co.uk...

that *IS* possibe, but usually VERY time-consuming and from that point of view un reasonable.

Antti

Not Really. More a matter of the lack of automated tools. Bit stream to schematic should be relatively easy, and not that much harder to some reasonable HDL or HLL. I've done software reverse engineering since the late 1960's, including source reconstruction for an entire operating systems and utilities in the early 70's. Included was a contract to reconstruct an entire firmware control system from Z80 prom binaries in a couple dozen 26C512s back to the original asm and forth, then write a clean room specification for it's reimplementation in the mid 90's.

I would guess that if someone got serious about it, and didn't have DMCA restrictions, the whole tools project could be knocked off by a one-two people well inside a year, if not a few months. What might really be fun is doing a boomerang front end for it, and decompile to Handel-C or FpgaC. Boomerang has been useful for small projects for several years, and is maturing well.

Have fun, John

Would it be a case of plodding through the file, searching the FPGA spec sheet and then writing the schematic (I'm using loose terms as I am only just "getting into" FPGA's).

Cheers

Tank

--
webmaster@tankstage.co.uk   
Iyonix PC

By "the same chip" I assume you really mean "an equivalent chip", in which case the answer is yes.

However, it may take arbitrarily long to to prove (or disprove) that your equivalent chip has identical functionality to the original.

yes, thats correct, given infinite time all is doable, but after using that indefinite time for reverse engineering it may also require another indefinite time to prove that the result is functioning correct.

that means there is no answer - things that may seem like they can not be duplicated could be easy to clone, something that looks like an inverter may be impossible to clone, as it may use pulse width and delay jitter modulation technics to implement a shadow protocol for an high secure co processor that is mimicing an inverter to all measurements made from outside world.