Is it possible to Reverse-Engineer an FPGA Output file?

Is it possible to take the FPGA.hex file, for example and given that you know the device, reverse-engineer it into either it's CLB map or back to it's high-level HDL code?

Reply to
Jock
Loading thread data ...

Austin replies:

In a word, yes.

Given that with the FPGA_Editor tool you can create test designs (a single input through a LUT to a single output), you can eventually map every bit to its corresponding function. The question here is time.

Once you have a hardware FPGA_Editor view of the design, you still do not have the HDL representation.

The HDL is similar to a high level programming language like c++, but it is dissimilar in that synthesis tools perform logic optimization. The original HDL to the bitstream is a 'many to one' mapping. Many different HDL designs could result in an identical bitstream.

So one can then examine the FPGA_Editor 'schematic' and reverse engineer a HDL representation. One then verifies the HDL by synthesizing it, and seeing how it matches the FPGA_Editor view.

Since there is no security in obscurity, the bistream in unencrypted form is not considered secure. If someone wants to reverse engineer the design, it might now be possible to do it without expending a lot of time and money. If the obective is to clone the design without analyzing it, or performing only enough analysis to change one or two parameters (ie the clock divisor in the DCM) is quite simple.

But to steal the IP for a core, so you could implement it in an ASIC, would be a difficult task to be sure. Do-able, but pretty tough. Might be easier to just re-engineer the core and use the FPGA version to verify it. That, at least, is legal.

It is almost certainly true that the reverse engineered HDL would not look at all like the original source code, so copyright on the source would be unenforceable. Copyright on the bitstream (or in China, a mask), would be an enforceable way to take legal action against a clone. Legal action is the last and worst remedy, so I suggest using encryption if the IP is worth protecting.

There are a number of companies out there, who do reverse engineering for a living. Sometimes it is for legal reasons (to see if a competitor is infringing on a patent), and sometimes it is done because a company loses its original design, and has to continue maintaining it. These companies do not reverse engineer a design for illegal purposes (otherwise they might be held liable in a lawsuit).

I would very much like to be able to apply a cost to reverse engineering a FPGA, however, no one is willing to step up and state how much time (or money) it took to reverse engineer a particular design. I can only speculate.

Others on this board have proposed that there are better and faster methods to get the design which I will refer to as 'social engineering'.

Austin

Reply to
Austin Lesea

everything is possible if there is a commercial gain from doing it. usually there isnt.

antti

Reply to
Antti Lukats

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.