physical chip reverse engineering
- antus
- Site Admin
- Posts: 8238
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
physical chip reverse engineering
Wow, some fantastic work from CAPS0ff pulling data out of old unknown and/or protected chips which were preventing archiving/emulation of old arcade hardware. This work allows people to restore original boards, or to preserve the software when the hardware fails. Love their work! There is also a back story from an Aussie who was contracting this work out previously to a 3rd party, which originally went well but then the guy stopped responding. He also damaged a number of rare chips. It seems caps0ff has gained access to this trove of hardware which is why some of the chips are damaged in the state that they are.
Generally speaking the process is to mill a spot for some acid on top of the chip, let that eat through to the IC core, identify the chip if its unknown from die markings under a microscope. Then put a drop of chemical over the flash but not the protection bits, then UV erase the board (resetting the security, but not touching the content) and then dump it out.
The repairing of the physically damaged chips is amazing, too!
http://caps0ff.blogspot.com.au/2017/
Generally speaking the process is to mill a spot for some acid on top of the chip, let that eat through to the IC core, identify the chip if its unknown from die markings under a microscope. Then put a drop of chemical over the flash but not the protection bits, then UV erase the board (resetting the security, but not touching the content) and then dump it out.
The repairing of the physically damaged chips is amazing, too!
http://caps0ff.blogspot.com.au/2017/
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Re: physical chip reverse engineering
Holy shit that stuff is amazing
According to chemistry, alcohol is a solution...
- delcowizzid
- Posts: 5493
- Joined: Sat Feb 28, 2009 8:38 pm
- Location: Wellington NZ
- Contact:
Re: physical chip reverse engineering
was just reading about this the other day when someone was looking at secure hardware usb bitcoin wallets they were saying the only way top get the password off one was to do this process and read the bits lol
If Its Got Gas Or Ass Count Me In.if it cant be fixed with a hammer you have an electrical problem
- vlad01
- Posts: 7780
- Joined: Mon Oct 08, 2012 6:41 pm
- cars: VP I S
VP I executive
VP II executive
VP II executive #2
VR II executive - Location: Kyneton, Vic
Re: physical chip reverse engineering
amazing stuff!
I'm the director of VSH (Vlad's Spec Holden), because HSV were doing it ass about.
Re: physical chip reverse engineering
Amazing to have understanding of whats happening at that kind of level!
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Re: physical chip reverse engineering
anything can be hacked given time and equipment.
- antus
- Site Admin
- Posts: 8238
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: physical chip reverse engineering
I tried this on a smart card IC once many many years ago. It was before the days of mobile phones with cameras* and after much experimentation with the hardware available to me on the day I found the best images came from my digital 8 video camera with 20x optical zoom. Heres some pics. Its a joke compared to what they're doing above, but it was fun. The acid is very dangerous stuff (both the fumes to your breathing, and as acid in liquid form) and needs to be treated with the utmost respect. You also need a fume box and a strong alkaline like bicarbonate of soda on hand to neutralize the acid when your done. I do not recommend anyone tries this.
5 days later.....
Unfortunately with the low resolution camera and only 20x optical I wasnt able to even see any manufacturer information from the IC, which was the primary aim. With the cheap lab tools available on ebay now though its a whole new world.
*Well phone cameras that count.
5 days later.....
Unfortunately with the low resolution camera and only 20x optical I wasnt able to even see any manufacturer information from the IC, which was the primary aim. With the cheap lab tools available on ebay now though its a whole new world.
*Well phone cameras that count.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Re: physical chip reverse engineering
Nice work Antus.
Ken is another guy that does this and analyses the chips, his website is here
http://www.righto.com/
There's also a AmpHour podcast interview with him here.
https://theamphour.com/361-an-interview ... -shirriff/
Ken is another guy that does this and analyses the chips, his website is here
http://www.righto.com/
There's also a AmpHour podcast interview with him here.
https://theamphour.com/361-an-interview ... -shirriff/
- antus
- Site Admin
- Posts: 8238
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: physical chip reverse engineering
Thanks for posting that, another good read I like the first article up there now, and the ebay sellers response - "must have been damaged in transit" (converting it from an sram to a dtmf tone generator IC) lol.
http://www.righto.com/2017/07/bitcoin-m ... -alto.html Bitcoin mining on a vintage Xerox Alto: very slow at 1.5 hashes/second
http://www.righto.com/2017/07/bitcoin-m ... -alto.html Bitcoin mining on a vintage Xerox Alto: very slow at 1.5 hashes/second
I've been restoring a Xerox Alto minicomputer from the 1970s and figured it would be interesting to see if it could mine bitcoins. I coded up the necessary hash algorithm in BCPL (the old programming language used by the Alto) and found that although the mining algorithm ran, the Alto was so slow that it would take many times the lifetime of the universe to successfully mine bitcoins.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Re: physical chip reverse engineering
Yeh the Alto, it's crazy what could have happened to computing if dedicated engineer's didn't persist and to this all this could have been invented back then.