GAL / PAL security fuse

[xcoder]

hello guys again i was messing with a berger lahr power stepper motor board
and i came across a gal16v8 that was erase faulty
i found out that i was protected fuse security thanks god i hade another board with broken mosfets

i just desolder the plc gal and remplace it

 but the problem is that i will receive a long range of same board and if i find that gals are broken again so i have to copy of them and impretty sure that the gal is protected since is berger lahr and its a division of schneider and it hase on same board a pic16c so !!!!if they wanted me to copy they will not put a pic 16c
the copy i did copy it just by modifying the reading voltage to bypass fuse protection
but the gal isnt that easy
i did some research on the subject and i find out a guy like me did same researchs and came across same guys who find some solutions

i found a guy who deal with arcade games jama and things like that did a wild range of testing on gal and experiments on them and he build a a device that can bypass security fuse on the gal16v8 and others
but the project is down cant download the zip file couldnt find it else ware
http://dreamjam.co.uk/emuviews/elec/pal.php
he builded a computer baord just for pal and gal testing brute forcing and exploiting !!!!!
but the problem is if the gal or pal ic a registred type you cant copy it since hase flipflop and it needs a clock generator i know about the microscope way and companies that examine and dump the program by laser and ultrasound microscopes but its expensive !!!!
so guys if there is anyway or anyone came across this problem and find a solution i would love to know some informations

ah and i found that a guy on a amiga forum leaked some informations about reading registred GALS /PALS by delaying the voltages reading voltage and programming voltages since he is a fan of amiga computers and amiga have a floppy disk reader dongle that prevent illegal copying and it hase a gal inside and he find a way to mage the ic ignore security fuse but he dont want to spit all the informations i did send him 3 emails but without luck guess he keep it private thanks anyway guys
hope this noob question would find a genius here

[amyk]

What you've linked to is just a bruteforce "try all the combinations"... which for a device with only 8 inputs and combinatorial outputs won't take very long. Once you add registers though, it gets a lot more difficult but could still be done by exploring the state space. Do a bit of RE on the board, figure out which are inputs/outputs (and which are actually used), then hook the GAL up to an MCU and check if it's registered first.

There's some interesting reading here: http://www.fpgarelated.com/showthread/comp.arch.fpga/34217-1.php

[xcoder]

thanks dude i did some reading i guess there is a solution for registred gal and pals
but need more testing i will sacrifice some of my time to do more testing maybe i find a way