Differences

This shows you the differences between two versions of the page.

--- starting [2012/08/02 06:37] – mcmaster
+++ starting [2020/09/24 18:15] (current) – [Circuit analysis] Updated the Degate link. dorianbdev
@@ Line 1: / Line 1: @@
+For quick start, check out one or all of these:
+  * CMOS
+    * "Epoxy to schematic" (EHSM 2012)
+      * [[http://www.youtube.com/watch?v=tE2X5_Eekgw|Video]]
+      * [[http://siliconpr0n.org/uv/epoxy_to_schematic.pdf|Slides]]
+    * "The Layman's Guide to IC Reverse Engineering" [[http://siliconzoo.org/tutorial.html|link]]
+  * NMOS/PMOS
+    * Understanding the Intel 4004: [[http://uvicrec.blogspot.com/2011/09/understanding-intel-4004.html|link]]
+    * William's Special Chip 1 (SC1) [[http://uvicrec.blogspot.com/2013/03/williams-special-chip-1-sc1.html|link]]
+    * NMOS IC Reverse Engineering, Featuring the YM2151: [[https://www.wdj-consulting.com/blog/nmos-sample.html|link]]
+  * Bipolar
+    * "Reverse-engineering the TL431": [[http://www.righto.com/2014/05/reverse-engineering-tl431-most-common.html|link]]
+    * "Blick auf den Chip: Toslink Empfänger Sharp GP1FAV51RK0F": [[http://privatfrickler.de/blick-auf-den-chip-im-toslink-empfanger-sharp-gp1fav51rk0f-hochaufgelostes-panorama/|link]]
+      * "View of the chip: Toslink receiver Sharp GP1FAV51RK0F": [[http://translate.google.com/translate?hl=en&sl=de&u=http://privatfrickler.de/blick-auf-den-chip-im-toslink-empfanger-sharp-gp1fav51rk0f-hochaufgelostes-panorama/&prev=/search%3Fq%3Dhttp://privatfrickler.de/blick-auf-den-chip-im-toslink-empfanger-sharp-gp1fav51rk0f-hochaufgelostes-panorama/%26num%3D20%26client%3Dubuntu%26hs%3DFqZ%26channel%3Dfs|English]]
+If you are looking for a more in-depth introduction to the field, you will likely find the course notes for [[http://security.cs.rpi.edu/courses/hwre-spring2014/|CSCI 6974 Hardware Reverse Engineering]] helpful. azonenberg is the TA for the course and wrote most of the lecture notes and labs.
 ====== Circuit analysis ======
@@ Line 26: / Line 43: @@
 Unfortunately, I do not know of any publicly available standard logic cell chips with full teardowns.
-Next you'll find that you'll want to start working on automation and digitizing the shots instead of just staring at them and drawing them out on paper etc.  For basic usage check out [[tutorial:digitizing_with_inkscape|digitizing with inkscape]] and for more automated analysis check out [[http://www.degate.org/|Degate]].
+Next you'll find that you'll want to start working on automation and digitizing the shots instead of just staring at them and drawing them out on paper etc.  For basic usage check out [[tutorial:digitizing_with_inkscape|digitizing with inkscape]] and for more automated analysis check out [[http://www.siliconpr0n.org/wiki/doku.php?id=capture/#degate|Degate]].
 ====== Circuit preparation ======
-Above is great and all as you'll know how to analyze data but we completely glaved over how to actually open a chip and image it.
+Above is great and all as you'll know how to analyze data but we completely glazed over how to actually open a chip and image it.
 Unfortunately, the physical world tends to be a lot more dangerous than sitting in front of the computer so make sure you
 can do the following safely.
@@ Line 37: / Line 54: @@
 Start by learning about basic reflected light (epi-illumination) microscopy and ideally get ahold of one.
 I like the Olympus BH series as they seem to be a pretty good compromise between price and performance on the surplus market.
-If you are thrifty you could probably get a basic BH for $200 but expect to pay as much as $500 for a basic but complete BH2 setup.
+If you are thrifty you could probably get a basic BH for $200 but expect to pay as much as $500 for a basic but complete BH2 setup.  If you can front the cash, get a BH2 as it can be upgraded considerably and makes a better long term investment.
 Ceramic chips with metal lids tend to be the easiest to open.
-See ceramic page for details.
+See [[decap:ceramic|ceramic page]] for details.
 Bare wafers are also around but they tend to be poorly marked rejects and so probably aren't the best as a learning tool.
-Once you get bored with that you'll want to learn to decapsulate ("decap") plastic chips as they are more modern / common.
+Once you get bored with that you'll want to learn to [[decap:epoxy|decapsulate ("decap") plastic chips]] as they are more modern / common.
-See this page for details.
+I'd [[decap:epoxy_acid#sulpheric_acid|suggest H2SO4]] as its readily available and puts off relatively fewer fumes than alternatives.
-I'd suggest H2SO4 as its readily available and puts off relatively fewer fumes than alternatives.
 With the chip decapsulated you can see the top metal but not lower layers.  See the [[delayer:start|delayering]] pages on how to dive down.  These techniques tend to take more skill and experience but are required to get the full die image.