This shows you the differences between two versions of the page.
| — |
designing_vs_reversing [2013/10/20 10:59] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | Most of the below applies to digital circuits. However, some of it can still apply to analog. The issue is that analog circuits are more of an art where variations in process, gate size, gate proximity, etc are critical. | ||
| + | Reverser advantages | ||
| + | * Circuit is assumed to be sane. It must do at least *something* useful if you want to tear it apart. Timing analysis is a huge part of designing ICs and this step can often simply be ignored and the design assumed sane | ||
| + | * The design is done. The system is already in place. There is nothing (strictly reversing speaking, not following re-implementation) about how we should design the IC | ||
| + | * Per unit cost is often low. Mass produced ICs are relatively cheap. Unfortunately, a target system may have to be purchased, which can be significantly more expensive than just the target IC. This can be mitigated by purchasing the same IC (if available) and creating an identical attack on it. | ||
| + | * Cost effective. Reversing a chip is usually only feasible if it costs less to reverse than it does to design. | ||
| + | * If it can be tested in factory, it can be tested for reversing | ||
| + | * Production in certain countries may avoid copyright issues | ||
| + | * Breadth of skill. Reverse engineers often bounce between many projects and acquire a wide range of skills | ||
| + | * Simple photographs may be sufficient to clone the design if that is all that is required | ||
| + | * Moving target for designer is expensive | ||
| + | * Many attack vectors if all that's needed is a key or algorithm (die imaging, power analysis, voltage glitching, differential cryptanalysis, timing attacks, etc) | ||
| + | |||
| + | Designer advantages | ||
| + | * Choice of battle ground. We can ultimately chose everything we are going to throw at the reverser | ||
| + | * Widely available toolsuits. Considerable effort has been put into CAD tools. EE RE tools on the other hand are generally lacking in the public space. | ||
| + | * Can simulate ICs before fabbing them. This can help to keep cost down and find problems before they exist in the field | ||
| + | * Strong financial backing. Fabrication projects often have tremendous financial backing, ranging into the billions USD. | ||
| + | * Copyright laws often protect IP | ||
| + | * Specialization. Designers may spend a long time on a particular design (family) and may know its weak points | ||
| + | * Can hire a reverse engineer to perform penetration testing before its sent into the field | ||