OT Extracting code from chips, deompiling

OT Extracting code from chips, deompiling

What is the current status of things.

1) Primarily, if a chip has computer code burned into it, can the code be retrieved by someone in possession of the chip?**

2) Assuming the answer to 1 is yes, what is the state of decompiling? Without the comments and data types, how often can the logic or the exact pre-compiled code be determined well enough to make one's own devices?

**Related to this, 3) can the circuity in an IC or LSIC, intergrated circuit or iirc large scale integrated circuit, be determined by disassembling the IC?

Is stealing design secrets harder than when everything was mechanical? Much harder? Impossible?

Reply to
micky
Loading thread data ...

That's a big question. Some chips have built in security and some are wide open, depends on the programmer and the chips capabilities.

Decompiling is another matter. While it may be possible to extract the code in some cases, it may not be useful once you have it.

Reverse engineering a chip by disassembling the chip itself would be near impossible for Joe Average. Maybe the NSA can do it with sophisticated tools.

Finally... theft of intellectual property is still theft.

Reply to
Terry Schwartz

Usually. If the code protection modes aren't enabled, you can just read it back over the JTAG connector.

Dunno. If you have the binary, you can disassemble it, for sure.

Yes. There are outfits that specialize in decapping ICs and producing transistor-level schematics, including estimated transistor characteristics from doping profiles, area, and so on. It's a very mainstream thing to do, but it costs a lot so you don't do it for niche products.

IIRC they can also read out the flash by probing the decapped chip.

Mechanical parts can have all sorts of secrets, e.g. for metals, cold working, heat treatment, surface modification (case hardening or metalliding), powder metallurgy and hot isostatic pressing (HIPping).

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

(Top posting fixed)

Reverse engineering is legal everywhere AFAIK. It doesn't get you around patents or copyrights, but any trade secret that can be discovered by examining an article offered for sale is no longer a trade secret. That includes the ideas in the binary, but not their expression, i.e. the binary itself, which is copyrighted.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

Those can all be reverse engineered given expertise, time, and proper equipment. However, the one thing that cannot be reverse engineered in a mechanical system are the product tolerances. This becomes critical when dealing with tiny parts like MEMS devices, rotating memory components, and tight tolerance fasteners. Long ago, I was marginally involved in some industrial espionage. The only things taken were some key component tolerances. Everything else could be deduced or measured from the purchased product.

Also, the end result of reverse engineering is not always an exact clone of the original product. More commonly, it's a "work alike" device, that has all the key features and patent violations, and carries its own collection of component and product tolerances. Close is usually good enough.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
 Click to see the full signature
Reply to
Jeff Liebermann

Yes. There's a fair few people chemically/mechanically de-encapsulating old chips where the design documents are lost/unavailable, and given a good enough picture of the bare die, and some optical analysis, you can recover the circuit with reasonable accuracy.

It's been done with Sinclair related ULAs/CLAs, and similar projects for other 1980s era chips.

How hard this gets on modern technology, where everything is tinier, layered, and sometimes designed deliberately to thwart reverse engineering is another thing ...

From raw pictures, to schematics and working simulation of an Oric ULA, documented in detail here. NSA not involved :)

formatting link

formatting link

--
--------------------------------------+------------------------------------ 
Mike Brown: mjb[-at-]signal11.org.uk  |    http://www.signal11.org.uk
Reply to
Mike

Reply to
micky

Except in the case if you've implicitly or explicitly agreed to a EULA when you purchase the hardware or software that prohibits you from doing any kind of de-compilation or reverse engineering, then you've breached your contract and all bets are off.

I'm pretty sure there are some e.g. video game systems where the language is such that simply by opening the box and using the product you wave all reverse engineering rights to extracting, de-compiling, or modifying the hardware or software.

LTSpice's EULA for example prohibits "de-compiling or modifying" their binaries or device models, whether that includes somehow decrypting their just-encrypted device models to examine them I don't know, the act of simply de-crypting a file isn't decompiling anything and you're not modifying the model itself.

Reply to
bitrex

To what degree any of that is actually Constitutional I'm not sure either, the NFL seems to have for a long time been getting away with putting language in their telecasts and ticket sales that it's against your "user contract" to even publish a written description of events you saw with your own eyes on an NFL TV broadcast or at an NFL game.

Reply to
bitrex

You can write a contract pretty well any way you like. It's pretty tough to enforce a hardware EULA on something you bought at a tag sale though. ;)

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

At least for usage as opposed to dis-assembling the hardware the way some consumer manufacturers deal with the problem of used sales is their widget requires an Internet connection and user account to operate; it's a brick unless it can connect to the Internet and self-validate that it hasn't been mucked with and the secondhand user also signs off on all the stuff that the original owner did.

Not uncommon nowatimes for software distributors to only allow software to be downloaded to a machine that has an Internet connection using a special installer, keyed to the hardware configuration of the machine and run on that particular machine. If you want to install on a machine with no Internet connection, or download on a machine with a faster connection and transfer you're out of luck. If your hardware configuration changes whether you're out of luck or not depends on if the software-seller feels generous

Reply to
bitrex

Good luck doing that after decapping the flash and reading it out via SEM. ;)

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs 
Principal Consultant 
 Click to see the full signature
Reply to
Phil Hobbs

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.