For quick start, check out one or all of these:

If you are looking for a more in-depth introduction to the field, you will likely find the course notes for CSCI 6974 Hardware Reverse Engineering helpful. azonenberg is the TA for the course and wrote most of the lecture notes and labs.

Circuit analysis

First gain a fundamental understanding of digital logic. For example, you should be able to tell the difference between and describe NOR and NAND gates and be familiar with basic logic rules like De Morgans laws. This site does not provide this information but there are plenty of resources out there to help you with this.

Next understand a high idea of what a MOSFET is and how it can work as a switch. Most information will be about constructing linear amplifiers and such but you really only need to start by knowing about the cutoff and saturation regions.

The two above can then be combined to learn how several MOSFETs can combine to form NOR/NAND gates. Focus on CMOS as its the most popular. However, if you are interested in vintage chips you might want to dig into NMOS/PMOS as well. I suggest staying away from bipolar logic (eg: TTL) as its much more complex. Start by reading schematics and don't worry about how they are physically constructed.

The above is what you'll likely know after coming out of an undergraduate level EE/CS program. So, now things get more interesting as its time to leave the cozy purely digital domain and learn basic layout. See the standard cell logic page for some examples of simple transistor layouts.

With the above you should now understand some building blocks and you can confront a full system. Flylogic has high res 4004 shots and the 4004 museum also has the masks and schematics posted. See an article linking to a bunch of stuff here. It is a very good chip to learn on as there is considerable information available. Another good candidate is the MOS 6502. Note that these are both custom layout NMOS/PMOS, not standard cell CMOS. Unfortunately, I do not know of any publicly available standard logic cell chips with full teardowns.

Next you'll find that you'll want to start working on automation and digitizing the shots instead of just staring at them and drawing them out on paper etc. For basic usage check out digitizing with inkscape and for more automated analysis check out Degate.

Circuit preparation

Above is great and all as you'll know how to analyze data but we completely glazed over how to actually open a chip and image it. Unfortunately, the physical world tends to be a lot more dangerous than sitting in front of the computer so make sure you can do the following safely.

Start by learning about basic reflected light (epi-illumination) microscopy and ideally get ahold of one. I like the Olympus BH series as they seem to be a pretty good compromise between price and performance on the surplus market. If you are thrifty you could probably get a basic BH for $200 but expect to pay as much as $500 for a basic but complete BH2 setup. If you can front the cash, get a BH2 as it can be upgraded considerably and makes a better long term investment.

Ceramic chips with metal lids tend to be the easiest to open. See ceramic page for details. Bare wafers are also around but they tend to be poorly marked rejects and so probably aren't the best as a learning tool. Once you get bored with that you'll want to learn to decapsulate ("decap") plastic chips as they are more modern / common. I'd suggest H2SO4 as its readily available and puts off relatively fewer fumes than alternatives.

With the chip decapsulated you can see the top metal but not lower layers. See the delayering pages on how to dive down. These techniques tend to take more skill and experience but are required to get the full die image.

starting.txt · Last modified: 2020/09/24 18:15 by dorianbdev
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki