EEVblog Electronics Community Forum
Electronics => Beginners => Topic started by: miker7940 on March 31, 2016, 06:23:41 am
-
Hi everyone,
So I have a chip on board I need to reverse engineer. I have done the rest of the circuit but now it is down to this one chip on board. I have extracted the die, however destroyed the connection wires in the process. I have access to items to view the die - but i'm not sure what to do from there.
-
Well, it is possible to reverse engineer a Die, but it is combined with a lot of effort and expensive tools. The process in general is to picture the top layer, then remove this top layer, and picture the next layer till you are at the bottom of the Die (can be up to 16 metal layers + resistor layers + cap layers and finally the transistors on the substrate).
In the end its a really pricey process.
-
Well, it is possible to reverse engineer a Die, but it is combined with a lot of effort and expensive tools. The process in general is to picture the top layer, then remove this top layer, and picture the next layer till you are at the bottom of the Die (can be up to 16 metal layers + resistor layers + cap layers and finally the transistors on the substrate).
In the end its a really pricey process.
You're right, that does sound expensive :(
Do you reckon a better way to do it would be to look at what it does, and then try and find a replacement IC/MCU that can do the job?
Cheers.
-
If you have the die you might as well throw it under a microscope. It's very common to see a part number, manufacturer logo or other identifying mark on there and it's often the largest visible feature.
i.e. this part is pretty easily identifiable as National Semi, fabbed or layed out in 1996, part number is LMC555 http://s.zeptobars.com/National-LMC555-HD.jpg (http://s.zeptobars.com/National-LMC555-HD.jpg)
-
If the OEM designer did his job correctly the CPU Flash holding the program is
unreadable by external stimulus (you). The only way of hacking it is to use a
SEM (Scanning Electron Microscope) and probe each Flash cell for its charge.
The good news is this is how designers protect their intellectual property from
theft.
Regards, Dana.
-
It's quite possible it will be a very proprietary / obscure device, quite possibly an ASIC. If they go to such measures as chip-on-board, it's quite possible that eventual program memory will not be flash but rather a mask ROM or OTP, which are easier to read out than flash.
Sent from my HTC One M8s using Tapatalk.
-
Okay,
So I have had a look at the die under a microscope.
It looks quite simple -which worries me. No markings at all.
Would it be possible to write a implementation of this Chip on board in AVR? (it is a memory bank controller) I will create a separate thread.
New thread: https://www.eevblog.com/forum/beginners/possible-to-replace-a-chip-on-board-with-a-avr-microcontroller/ (https://www.eevblog.com/forum/beginners/possible-to-replace-a-chip-on-board-with-a-avr-microcontroller/)