Yes, You Can Reverse Engineer this 74181

[Ken Shirriff] is the gift that keeps on giving this new year. His latest is a reverse engineering of the 74181 Arithmetic Logic Unit (ALU). The great news is that the die image and complexity are both optimized for you to succeed at doing your own reverse engineering.

74181-openedWe have most recently seen [Ken] at work explaining his decapping and reverse engineering process at the Hackaday SuperCon followed soon after by his work on the 8008. That chip is crazy with complexity and a die-ogling noob (like several of us on the Hackaday crew) stands no chance of doing more than simply following along with what he explains. This time around, the 74181 is just right for the curious but not obsessed. Don’t believe me? The 8008 had around 3,500 transistors while the friendly 74181 hosts just 170. We like those odds!

A quick crash course in visually recognizing transistors will have you off to the races. [Ken] also provides reference for more complex devices. But where he really saves the day is in his schematic analysis. See, the traditional ‘textbook’ logic designs have been made faster in this chip and going through his explanation will get you back on track to follow the method behind the die’s madness.

[Ken] took his own photograph of the die. You can see the donor chip above which had its ceramic enclosure shattered with a brisk tap from a sharp chisel.

8008 Exposed

[Ken Shirriff] is no stranger to Hackaday. His latest blog post is just the kind of thing we expect from him: a tear down of the venerable 8008 CPU. We suspect [Ken’s] earlier post on early CPUs pointed out the lack of a good 8008 die photo. Of course, he wasn’t satisfied to just snap the picture. He also does an analysis of the different constructs on the die.

Ever wonder why the 8008 ALU is laid out in a triangle shape? In all fairness, you probably haven’t, but you might after you look at the photomicrograph of the die. [Ken] explains why.

Continue reading “8008 Exposed”

Ken Shirriff Takes Us Inside the IC, For Fun

[Ken Shirriff] has seen the insides of more integrated circuits than most people have seen bellybuttons. (This is an exaggeration.) But the point is, where we see a crazy jumble of circuitry, [Ken] sees a riddle to be solved, and he’s got a method that guides him through the madness.

In his talk at the 2016 Hackaday SuperConference, [Ken] stepped the audience through a number of famous chips, showing how he approaches them and how you could do the same if you wanted to, or needed to. Reading an IC from a photo is not for the faint of heart, but with a little perseverance, it can give you the keys to the kingdom. We’re stoked that [Ken] shared his methods with us, and gave us some deeper insight into a handful of classic silicon, from the Z80 processor to the 555 timer and LM7805 voltage regulator, and beyond.

Continue reading “Ken Shirriff Takes Us Inside the IC, For Fun”

The Surprising Story Of The First Microprocessors

If you maintain an interest in vintage computers, you may well know something of the early history of the microprocessor, how Intel’s 4-bit 4004, intended for a desktop calculator, was the first to be developed, and the follow-up 8008 was the first 8-bit device. We tend to like simple stories when it comes to history, and inventions like this are always conveniently packaged for posterity as one-off events.

In fact the story of the development of the first microprocessors is a much more convoluted one than it might appear, with several different companies concurrently at the forefront of developments. A fascinating recent IEEE Spectrum piece from [Ken Shirriff] investigates this period in microprocessor design, and presents the surprising conclusion that Texas Instruments may deserve the crown of having created the first 8-bit device, dislodging the 8008 from its pedestal. Continue reading “The Surprising Story Of The First Microprocessors”

Get Your Ticket to SuperCon, the Greatest Hardware Creation Con

The world’s most excellent conference on hardware creation, the Hackaday SuperConference, is back. Get your tickets now for two magical days in Pasadena this November.

This exclusive gathering of hackers, designers, and engineers is where brilliant people geek out with their peers. Talks tell the story of research, prototyping, product design, manufacturing, and getting that new hardware out into the world. Nowhere else can you get such a concentrated dose of Sistine-Chapel-like details about what is being built in businesses small and large, basements, University labs, and everywhere else.

Early tickets are $128, get your pass to the conference now! This ticket gets you in the door for talks, breakfast and lunch on both days, a conference badge, and the party on Saturday night. SuperCon also includes hands-on workshops — these have limited capacity and some have material costs, more about this next week.

Continue reading “Get Your Ticket to SuperCon, the Greatest Hardware Creation Con”

[Ken Shirriff] Demystifies BeagleBone I/O

If you have ever spent a while delving into the bare metal of talking to the I/O pins on a contemporary microprocessor or microcontroller you will know that it is not always an exercise for the faint-hearted. A host of different functions can be multiplexed behind a physical pin, and once you are looking at the hardware through the cloak of an operating system your careful timing can be derailed in an instant. For these reasons most of us will take advantage of other people’s work and use the abstraction provided by a library or a virtual filesystem path.

If you have ever been curious enough to peer under the hood of your board’s I/O then you may find [Ken Shirriff]’s latest blog post in which he explores the software stack behind the pins on a BeagleBone Black to be of interest. Though its specifics are those of one device, the points it makes have relevance to many other similar boards.

He first takes a look at the simplest way to access a Beagle Bone’s I/O lines, through virtual filesystem paths. He then explains why relying so heavily on the operating system in this way causes significant timing issues, and goes on to explore the physical registers that lie behind the pins. He then discusses the multiplexing of different pin functions before explaining the role of the Linux device tree in keeping operating system in touch with hardware.

For some Hackaday readers this will all be old news, but it’s safe to say that many users of boards like the BeagleBone Black will never have taken a look beyond the safely abstracted ways to use the I/O pins. This piece should therefore provide an interesting education to the chip-hardware novice, and should probably still contain a few nuggets for more advanced users.

We’ve seen a lot of [Ken]’s work here at Hackaday over the years, mostly in the field of reverse engineering. A few picks are his explanation of the TL431 voltage reference, a complete examination of the 741 op-amp, and his reverse engineering of the 1970s Sinclair Scientific calculator.

We appreciate [Fustini]’s tip on this story.

BeagleBone Black image: BeagleBoard.org Foundation [CC BY-SA 3.0], via Wikimedia Commons.

Die Photos Of A Runner’s RFID Chip

A mass participation sporting event such as a road race presents a significant problem for its record keepers. It would be impossible to have ten thousand timekeepers hovering over stopwatches at the finish line, so how do they record each runner’s time? The answer lies in an RFID chip attached to the inside of the bib each runner wears, which is read as the runner crosses the line to ensure that their time is recorded among the hundreds of other participants.

[Ken Shirriff] got his hands on a bib from San Francisco’s “Bay to Breakers” race, and set about a teardown to lay bare its secrets.

The foil antenna pattern.
The foil antenna pattern.

Stripping away the foam covering of the RFID assembly revealed a foil antenna for the 860-960MHz UHF band with the tiny RFID chip at its centre. The antenna is interesting, it’s a rather simple wideband dipole folded over with what looks like a matching stub arrangement and an arrow device incorporated into the fold that is probably for aesthetic rather than practical purposes. He identified the chip as an Impinj Monza 4, whose data sheet contains reference designs for antennas we’d expect to deliver a better performance.

After some trial-by-fire epoxy removal the tiny chip was revealed and photographed. It’s a device of three parts, the power scavenging and analog radio section, the non-volatile memory that carries the payload, and a finite-state logic machine to do the work. This isn’t a proper processor, instead it contains only the logic required to do the one task of returning the payload.

He finishes off with a comparison photograph of the chip — which is about the size of a grain of salt — atop a 1980s 8051-series microcontroller to show both its tiny size and the density advancements achieved over those intervening decades.

Since RFID devices are becoming a ubiquitous part of everyday life it is interesting to learn more about them through teardowns like this one. The chip here is a bit different to those you’ll find in more mundane applications in that it uses a much higher frequency, we’d be interested to know the RF field strength required at the finish line to activate it. It would also be interesting to know how the system handles collisions, with many runners passing the reader at once there must be a lot of RFID chatter on the airwaves.

We’ve featured [Ken]’s work before, among many others in his reverse engineering of Clive Sinclair’s 1974 scientific calculator, and his explanation of the inner workings of the TL431 voltage reference. Though we’ve had many RFID projects on these pages, this appears to be the first teardown of one we’ve covered.