I'm probably going to attempt a distructive test on a PLD to determine its function. I'm wondering if anyone has tried this, and with what success?
I found this:
"An important architectural feature that is found on virtually all PLDs is not shown on logic diagrams. This feature is the security fuse. Normally, the fuse pattern programmed into a PLD can, like a PROM, be read and displayed or copied by programming hardware. Devices with a security fuse, however, provide the ability to disable this read function. This allows the design to be somewhat secure from attempts to copy or reverse engineer it.
In reality, it's relatively easy to shave the top off of a bipolar PLD and examine the programmed fuses with a microscope. For bipolar PLDs, then, would be copiers are merely inconvenienced. Erasable CMOS PLDs are considerably more secure, since it's very difficult, if not impossible, to determine their function from examination."
From
Anyone here ever "shave" a chip for examination? I have access to a video microscope at the university. I also have a DV camcorder with DV in, so I could take the pictures, post them, and then beg for more help. ;)
Any suggestions? I would be shaving the top off of some 16R8/4 chips. Would heating them to around 250-300F for a while help? Shaving the tops down while hot? I have access to 48 micron resolution digital x-ray equipment, but no microfocus x-ray tubes at the moment, so I don't think I would get good enough resolution by X-raying the chips. I could try just for fun, These old PALs just might have large enough internals.
Here is a shot of a PCMCIA card, about 50% full resolution. If I did some gemoetric magnification and used a different LUT, I might be able to see something, but I seriously doubt it.
Now I'm a little more curious about the x-rays. I think I;ll go rip apart a 286 motherboard for a PAL and do some tests this weekend. :)
I eventually want to rewrite all of the equations for speed, but getting a 100% copy of the OEM work was the goal.
Grant