@Jancumps
You don't want to believe everything you read on 'dangerous prototypes', both of these subject papers are massive fields in their own rights, it's not a job for a lazy Saturday afternoon…… ( you can see that post was from 2 years ago and I added another reference to show 'portability' result in about 9 hours or less!!!!)
Basically one paper outlines a method where you can ' jiggle' and monitor the power-supply of the FPGA to get at the internal security keys. ( used to protect the FPGA), technically speaking it is NOT hacking the bit file. it is key recovery via power analysis and a massive subject in its own right.
with these keys you can supposedly 'decrypt' an encrypted 'bit' file ( there are XILINX encrypted & non-encrypted bit files, easy way to identify if the hardware is using encryption, is to identify if the hardware has the encryption key battery fitted, if not , then it does not house encryption keys in the FPGA RAM area)
*NOTE …. Decryption IS NOT getting access to the schematic or even the gate level data. Consider it like a password protected ZIP file, all it gives you is access to the unencrypted data of THE bit file.
This allows you to load that BIT file onto an IDENTICAL clone of the hardware, or even program your clone with the 'stolen' keys, so the CLONE device behaves like the original.
(XILINX encryption keys are meant to prevent CLONERS first and decompilers second)
The second paper
'From the bitstream to the netlist', is a long way from fully decoding a bitstream, since you would have to model each and every logic cell in the TARGET FPGA to identify what VHDL produced it.
This would give you a database reference list to compare against the bit file configuration data ( and it would not even cover IP cores).
Disassembly or reverse engineering of the bit file into schematics/ logic gates is entirely a separate topic and is a closely guarded secret of XILINX.
Since the binary 1:1 mapping of the internal logic switches and routing fabric is a trade secret.
You can actually make a start:
1. Design a SIMPLE gate in XSE
2. compile a bit file
3. compare the bitfile to the SIMPLE gate you designed and its location in the FPGA
4. go back to 1 several hundred thousand (or millions depending on the FPGA )times with different gate designs ( to map each bit/ result to actual results in the file)
try to compare your target bit file with your results by identifying identical bit values to give you the logic gate construction.
HC