Author Topic: Component number erasing  (Read 2072 times)

0 Members and 1 Guest are viewing this topic.

Offline htassell

  • Supporter
  • ****
  • Posts: 29
  • Country: au
Component number erasing
« on: September 23, 2012, 12:59:14 pm »
I'm in the process of upgrading a pair of large Chinese laser cutters and am replacing the original shithouse usb controllers with proper DSP controllers.

I've seen the comments about manufactureres removing component values, but these control boards are the worst I have seen. Literally every multi-pin component  has had its value sanded off, except for a few voltage regulators. For good measure they've also decided to sand the values off the optoisolators and even some through-hole diodes.

I've been told that these extreme measures are not gone to to prevent reverse engineering per se, rather, they are to stop the companies who originally wrote the code for the laser and motion control from persuing them ( from what I've been able to gather, all of the code that controls the laser is pretty much just lifted straight from another manufacturer's controller).

I tested this out, and indeed, all communications are encrypted which certainly points towards wanting to hide something. To test it, I sent the exact same step command from the PC running the control software (with dongle) and sniffed the USB port on the controller board - a different string of random bits arrived each time.

That's some pretty major effort to go to to prevent reverse engineering their reverse engineering.








 

Offline tom66

  • Super Contributor
  • ***
  • Posts: 3969
  • Country: gb
  • Electron Fiddler, FPGA Hacker, Embedded Systems EE
Re: Component number erasing
« Reply #1 on: September 23, 2012, 01:30:13 pm »
Well, you can make some guesses...

The chip in the socket is probably a serial flash of some kind.

The centre TQFP with four caps around it looks like a strangely familiar layout to a dsPIC or PIC24F; but that would be rare in Chinese equipment. As a quick test, measure the voltage across each of those caps - one should read 2.5V (I suspect the one opposite the crystal.)

The small thin body SOIC are probably discrete logic or buffers; you can test the input and guess the outputs to determine a truth table.

The SOIC with some precision blue resistors around it is probably an opamp - possibly a differential instrumentation amplifier - hard to tell.
 

Offline poorchava

  • Super Contributor
  • ***
  • Posts: 1583
  • Country: pl
  • Troll Cave Electronics!
Re: Component number erasing
« Reply #2 on: September 24, 2012, 06:57:37 am »
The one which has 2.5V across it should be either 1uF or more likely 10uF tantalum (core voltage regulator)
I love the smell of FR4 in the morning!
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 6863
Re: Component number erasing
« Reply #3 on: September 25, 2012, 08:53:53 am »
It's almost trivial to figure out what the MCUs are from the power and oscillator connections. The TQFP44 is likely an AVR, ATmega16/32 or something in that series. The pinouts match. The TQFP64 near to the USB I can't identify (not familiar with the oscillator in that position), maybe USB VID:PID may hold a clue. If I were to guess, 8051-based MCU with integrated USB.

What we really need is a site where you can find parts by pinout.
 

Offline Gall

  • Frequent Contributor
  • **
  • Posts: 311
  • Country: ru
Re: Component number erasing
« Reply #4 on: September 25, 2012, 09:05:27 pm »
The SOIC with some precision blue resistors around it is probably an opamp - possibly a differential instrumentation amplifier - hard to tell.
U26 pinuot seems to be standard quad opamp (i.e. TL074).
U27 seems to be connected to U26 and seems to be of the same type.
The difficult we do today; the impossible takes a little longer.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf