physical chip reverse engineering

A place For General Chit Chat Etc
User avatar
antus
Site Admin
Posts: 8238
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

physical chip reverse engineering

Post by antus »

Wow, some fantastic work from CAPS0ff pulling data out of old unknown and/or protected chips which were preventing archiving/emulation of old arcade hardware. This work allows people to restore original boards, or to preserve the software when the hardware fails. Love their work! There is also a back story from an Aussie who was contracting this work out previously to a 3rd party, which originally went well but then the guy stopped responding. He also damaged a number of rare chips. It seems caps0ff has gained access to this trove of hardware which is why some of the chips are damaged in the state that they are.

Generally speaking the process is to mill a spot for some acid on top of the chip, let that eat through to the IC core, identify the chip if its unknown from die markings under a microscope. Then put a drop of chemical over the flash but not the protection bits, then UV erase the board (resetting the security, but not touching the content) and then dump it out.

The repairing of the physically damaged chips is amazing, too!

http://caps0ff.blogspot.com.au/2017/
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
Gareth
Posts: 2505
Joined: Fri Mar 14, 2014 8:37 pm
Location: Bacchus Marsh, Vic

Re: physical chip reverse engineering

Post by Gareth »

Holy shit :shock: that stuff is amazing :thumbup:
According to chemistry, alcohol is a solution...
User avatar
delcowizzid
Posts: 5493
Joined: Sat Feb 28, 2009 8:38 pm
Location: Wellington NZ
Contact:

Re: physical chip reverse engineering

Post by delcowizzid »

was just reading about this the other day when someone was looking at secure hardware usb bitcoin wallets they were saying the only way top get the password off one was to do this process and read the bits lol
If Its Got Gas Or Ass Count Me In.if it cant be fixed with a hammer you have an electrical problem
User avatar
vlad01
Posts: 7780
Joined: Mon Oct 08, 2012 6:41 pm
cars: VP I S
VP I executive
VP II executive
VP II executive #2
VR II executive
Location: Kyneton, Vic

Re: physical chip reverse engineering

Post by vlad01 »

amazing stuff!
I'm the director of VSH (Vlad's Spec Holden), because HSV were doing it ass about.
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: physical chip reverse engineering

Post by Tazzi »

Amazing to have understanding of whats happening at that kind of level!
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
User avatar
The1
Posts: 4694
Joined: Mon Jan 04, 2010 10:23 am

Re: physical chip reverse engineering

Post by The1 »

anything can be hacked given time and equipment.
User avatar
antus
Site Admin
Posts: 8238
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: physical chip reverse engineering

Post by antus »

I tried this on a smart card IC once many many years ago. It was before the days of mobile phones with cameras* and after much experimentation with the hardware available to me on the day I found the best images came from my digital 8 video camera with 20x optical zoom. Heres some pics. Its a joke compared to what they're doing above, but it was fun. The acid is very dangerous stuff (both the fumes to your breathing, and as acid in liquid form) and needs to be treated with the utmost respect. You also need a fume box and a strong alkaline like bicarbonate of soda on hand to neutralize the acid when your done. I do not recommend anyone tries this.
acs_19.jpg
acs_19.jpg (56.14 KiB) Viewed 4682 times
nitric_01_tools.jpg
nitric_01_tools.jpg (72 KiB) Viewed 4682 times
nitric_02_ACS_1.9_before.jpg
nitric_02_ACS_1.9_before.jpg (89.25 KiB) Viewed 4682 times
nitric_03_ACS_1.9_before.jpg
nitric_03_ACS_1.9_before.jpg (92.11 KiB) Viewed 4682 times
5 days later.....
20 overhead - large good q.jpg
20 overhead - large good q.jpg (28.21 KiB) Viewed 4682 times
acs-19_1.jpg
acs-19_1.jpg (43.87 KiB) Viewed 4682 times
acs-19_2.jpg
acs-19_2.jpg (45.36 KiB) Viewed 4682 times
Unfortunately with the low resolution camera and only 20x optical I wasnt able to even see any manufacturer information from the IC, which was the primary aim. With the cheap lab tools available on ebay now though its a whole new world.

*Well phone cameras that count.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
The1
Posts: 4694
Joined: Mon Jan 04, 2010 10:23 am

Re: physical chip reverse engineering

Post by The1 »

Nice work Antus.

Ken is another guy that does this and analyses the chips, his website is here
http://www.righto.com/

There's also a AmpHour podcast interview with him here.
https://theamphour.com/361-an-interview ... -shirriff/
User avatar
antus
Site Admin
Posts: 8238
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: physical chip reverse engineering

Post by antus »

Thanks for posting that, another good read :thumbup: I like the first article up there now, and the ebay sellers response - "must have been damaged in transit" (converting it from an sram to a dtmf tone generator IC) lol.


http://www.righto.com/2017/07/bitcoin-m ... -alto.html Bitcoin mining on a vintage Xerox Alto: very slow at 1.5 hashes/second
I've been restoring a Xerox Alto minicomputer from the 1970s and figured it would be interesting to see if it could mine bitcoins. I coded up the necessary hash algorithm in BCPL (the old programming language used by the Alto) and found that although the mining algorithm ran, the Alto was so slow that it would take many times the lifetime of the universe to successfully mine bitcoins.
:lol: :lol: :lol: :lol: :lol:
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
The1
Posts: 4694
Joined: Mon Jan 04, 2010 10:23 am

Re: physical chip reverse engineering

Post by The1 »

Yeh the Alto, it's crazy what could have happened to computing if dedicated engineer's didn't persist and to this all this could have been invented back then.
Post Reply