byuu's message board

For discussion of projects related to www.byuu.org/


1, 2  Next
Fun with decapping 
Author Message
User avatar

Joined: Tue 13 Sep 2011, 14:54:16

Posts: 779
Post Fun with decapping

_________________
Why does Link's uncles house have only one bed if they live together?

Thu 26 Dec 2013, 21:56:13
User avatar

Joined: Fri 10 Apr 2009, 18:17:56

Posts: 3308
Location: Germany
Post Re: Fun with decapping
Nice.

_________________
"The first time I watched [FLCL] I was like 12 or 13 and I was scared and confused." - isthisagoodusername
"I think it's more natural for human beings to be anxious. I think happiness is nothing but an illusion." - Hideaki Anno
"If you can't joke about incest in anime then what kind of world are we living in?!" - gothicmaster

Fri 27 Dec 2013, 01:24:32
User avatar

Joined: Tue 13 Sep 2011, 14:54:16

Posts: 779
Post Re: Fun with decapping
"rompar" should make it very easy to read out mask scans. Nice.

_________________
Why does Link's uncles house have only one bed if they live together?

Fri 27 Dec 2013, 02:44:34

Joined: Fri 03 May 2013, 06:51:50

Posts: 410
Location: NJ
Post Re: Fun with decapping
I wonder if we can take a step further and create an Open Source project that can take a PCB image as input and output a schematic, netlist, gerber files, et al. Kinda like this, except Open Source and not using a misleading picture (I somehow doubt the PCB on the left is a class AB amplifier).

_________________
"It wouldn't be a byuu.org forum thread if the thread topic didn't derail at least once."- Some byuu.org forum member
"Clearly the answer to [cross platform portability] is to write a DOS application and then everybody can run DOSBox. Except for [cr1901], who can run it natively."- Screwtape

Fri 27 Dec 2013, 04:41:11

Joined: Thu 02 Jun 2011, 01:36:41

Posts: 380
Location: Oklahoma, USA
Post Re: Fun with decapping
That would be nearly impossible for some PCB's if you go from just an image. Many PCB's have several internal layers of traces, and a simple image wouldn't be enough. You'd have to have the board delayered and get an image of every single layer, noting which layers are connected where.

Fri 27 Dec 2013, 06:05:53
User avatar

Joined: Tue 13 Sep 2011, 14:54:16

Posts: 779
Post Re: Fun with decapping
Caedhros wrote:
That would be nearly impossible for some PCB's if you go from just an image. Many PCB's have several internal layers of traces, and a simple image wouldn't be enough. You'd have to have the board delayered and get an image of every single layer, noting which layers are connected where.


*cough*X-ray*cough*

_________________
Why does Link's uncles house have only one bed if they live together?

Fri 27 Dec 2013, 07:02:18

Joined: Thu 02 Jun 2011, 01:36:41

Posts: 380
Location: Oklahoma, USA
Post Re: Fun with decapping
Sure Xray works, but not everyone has an Xray machine. That's also a tedious process, I've done it before ;)

Fri 27 Dec 2013, 07:32:16

Joined: Thu 05 Aug 2010, 18:46:09

Posts: 138
Post Re: Fun with decapping
Caedhros wrote:
Sure Xray works, but not everyone has an Xray machine.

That's why you have to be nice to your dentist. ;)

Are xrays good enough to distinguish separate layers though? And especially where the vias are connected?

Fri 27 Dec 2013, 14:02:20

Joined: Thu 02 Jun 2011, 01:36:41

Posts: 380
Location: Oklahoma, USA
Post Re: Fun with decapping
That kinda depends on the board and how precise your Xray machine is. The one we have at work lets you control how deep you scan into the object so you can see the separate layers, but its kind of blended together and very hard to tell. We generally use it to check for shorts in solder joints on BGA's or similar devices.

Fri 27 Dec 2013, 17:19:39

Joined: Fri 10 Apr 2009, 15:00:08

Posts: 13668
Post Re: Fun with decapping
I feel like I've seen rompar demonstrated before. Feels extremely familiar. Maybe he did another talk on it elsewhere.

So, what these guys are doing is certainly really cool. I totally understand the costs of FIB workstations makes them unobtainable for most people and even companies.

But if I am hiring a company to stress test the security of my silicon, I want someone who has proper equipment. Not a rag-tag team of guys building MacGuyver boxes to spray acids onto chips. They may have succeeded in breaking them even with shit tools, which is a really huge problem. But if they fail to break into one, the black hats trying to get in most likely will be able to get access to better tools, if there's enough money to be made.

On the software side, it's cool stuff, definitely. But I feel like they spend way too much time on it. That program seems to have a thousand modes and key bindings. Crazy shit. If I wanted to extract bits, I don't think I would have packed in that many features. Add enough to get the job done, and move on to the next task.

Fri 27 Dec 2013, 19:46:06

Joined: Tue 21 Feb 2012, 05:42:15

Posts: 2564
Post Re: Fun with decapping
I guess it depends. As a business, your interest is likely in lowering the risk of a security leak. You can't eliminate it. Even if your own company architects a chip for a particular purpose, you have to worry about people inside the company with malicious intent, unintentional flaws, etc. So the point is probably just to reduce the risk of a security breach.

While it'd be nice to do super-detailed analysis of every microchip used in a secure setting, it'd be nearly impossible for a business to do so. Diminishing returns.

The government, however? As long as they can figure out a way to siphon tax money, they have every reason to take over-protective measures. Which also doesn't mean they will, either.

_________________
"It's easy to win forgiveness for being wrong; being right is what gets you into real trouble." --Bjarne Stroustrup

Fri 27 Dec 2013, 20:03:40

Joined: Wed 09 Feb 2011, 13:29:34

Posts: 425
Post Re: Fun with decapping
byuu wrote:
Add enough to get the job done


Are you rooting for good enough software now ? ;)

Fri 27 Dec 2013, 20:09:56

Joined: Thu 05 Aug 2010, 18:46:09

Posts: 138
Post Re: Fun with decapping
byuu wrote:
But if I am hiring a company to stress test the security of my silicon, I want someone who has proper equipment. Not a rag-tag team of guys building MacGuyver boxes to spray acids onto chips. They may have succeeded in breaking them even with shit tools, which is a really huge problem. But if they fail to break into one, the black hats trying to get in most likely will be able to get access to better tools, if there's enough money to be made.

Maybe they're so much cheaper than the next best competitor that a "multi-stage" test makes sense? I.e. if they manage to get in, you can save the money for the expensive lab.

Or maybe it was just that up to now, noone knew of their MacGyver methods. And as long as they get results it doesn't really matter; it's only when they don't get in and you (falsely) deem yourself safe that it might become a problem.

Fri 27 Dec 2013, 20:21:58
User avatar

Joined: Fri 10 Apr 2009, 18:17:56

Posts: 3308
Location: Germany
Post Re: Fun with decapping
byuu wrote:
On the software side, it's cool stuff, definitely. But I feel like they spend way too much time on it. That program seems to have a thousand modes and key bindings. Crazy shit. If I wanted to extract bits, I don't think I would have packed in that many features. Add enough to get the job done, and move on to the next task.

Seems to be what they've done: Reading out the bits manually sucks, so they added some helper features. This sped up the process so much that there wasn't a need for a fully-automated solution (training neural nets or whatever). And if you're working half a year on something, adding 4 modes is no problem, especially if it's only intended for you and maybe your partner.

_________________
"The first time I watched [FLCL] I was like 12 or 13 and I was scared and confused." - isthisagoodusername
"I think it's more natural for human beings to be anxious. I think happiness is nothing but an illusion." - Hideaki Anno
"If you can't joke about incest in anime then what kind of world are we living in?!" - gothicmaster

Fri 27 Dec 2013, 21:38:45

Joined: Fri 10 Apr 2009, 15:00:08

Posts: 13668
Post Re: Fun with decapping
> Or maybe it was just that up to now, noone knew of their MacGyver methods.

I knew of everything but the idea of using hydrofluoric acid to clean up the mask ROM visibility. Given that that shit literally melts your bones if it gets on you, I think I'd pass on handling that anyway :P

neviksti had a lot of these techniques down, and some better/safer ones (etchant sand to expose the mask ROM better ... someone mentioned it in the video), but I don't think he had a microprobe station. That seems like a very nice idea for when a FIB workstation is waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay out of your price range.

I mean yeah, I definitely love having affordable ways to get at chips in the hobbyist range. That's freaking awesome, and these guys are awesome.

> it's only when they don't get in and you (falsely) deem yourself safe that it might become a problem.

Exactly. The best you're going to get with weak methods is notification of what weak methods result in. I suppose if you only want okay security, then they're a good company to go to. But when people are actually melting your ICs and reverse engineering your instruction sets, well, you're not dealing with your average hacker at that point anyway. If you want IC security, you want some serious shit. Like that first guy only briefly touched ... modern chips have security meshes on them. It's a giant network of millions of wires. If you break one, the chip detects it and reacts violently to destroy / erase all of the internal memory. Trying to probe a chip with this stuff is extremely complex, and nobody with this level of technique is going to manage it.

Fri 27 Dec 2013, 23:56:27
1, 2  Next

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum