Jeri makes integrated circuits

[Jeri Ellsworth] made this silicon inverter at home, by hand. It took her two years to get the process figured out and achieve something we didn’t think was possible. The complexity of manufacture, and the wide range of tools and materials needed seem insurmountable but she did it anyway. Her home chip fab Flickr set is well commented and details her work area and part of the processing. If you’re hurting for more check out her 40 minute Metalab talk which we’ve embedded after the break.

If her name sounds familiar but you just can’t place it you may know her from The Fatman and Circuit Girl. We’ve also featured some of her hacks, such as her Pinball challenge against [Ben Heckendorn], and her giant Etch-a-Sketch.

Continue reading “Jeri makes integrated circuits”

Make your own LEDs


Ever wanted to make your own LED? You might be tempted to after reading how easy it is. No, this won’t really be a practical LED that you would use to light a project, but it is very cool anyway. [Michael] picked up a box of Moissanite, or Silicon Carbide, on eBay for roughly $1. Making the LED is as easy as putting your positive lead to the crystal and touching it with a sewing needle attached to a negative lead. He has tips on how to get the best results as well as a little bit of history of LEDs on the site.

[thanks Andreas]

Intel 4004 internals


The silicon wizards at Flylogic have certainly posted an interesting chip this time around. The Intel 4004 was the first widely used microprocessor. The logic gates are much larger than you’d find in modern chips. The unique feature is that each gate is designed to make the most efficient use of the silicon instead of the standardized shapes you find now. They’ve uploaded a full image of the chip.

For an introduction to silicon hacking, we reccomend [bunnie]’s talk from Toorcon and [Karsten]’s talk from 24C3. You can find many more posts on the topic in our silicon tag.

PSP 3000 hacked

Peripheral manufacturer Datel has been hard at work attempting to crack the PSP 3000 since its release. They’ve developed the Lite Blue Tool battery to force the PSP into service mode so hackers can run any arbitrary code they want. According to MaxConsole, Datel performed a silicon level investigation of the PSP’s chips to determine how to break into service mode. This means they decapsulated the the chips and reverse engineered any cryptographic protections. We’d love to hear exactly what chips were being used since some are fundamentally flawed.

Silicon hacking has always been a favorite topic of ours and we suggest you check out [Chris Tarnovsky]’s decapsulation technique to learn more about it.

Reverse engineering silicon logic

[Karsten Nohl] has recently joined the team on Flylogic’s blog. You may remember him as part of the team that reverse engineered the crypto in MiFare RFID chips. In his first post, he starts out with the basics of identifying logic cells. By studying the specific layout of the transistors you can reproduce the actual logic functions of the chip. The end of post holds a challenge for next week (pictured above). It has 34 transistors, 3 inputs, 2 outputs, and time variant behavior. Also, check out the Silicon Zoo which catalogs individual logic cells for identification.

HOPE 2008: The impossibility of hardware obfuscation

The Last HOPE is off and running in NYC. [Karsten Nohl] started the day by presenting The (Im)possibility of Hardware Obfuscation. [Karsten] is well versed in this subject having worked on a team that the broke the MiFare crypto1 RFID chip. The algorithm used is proprietary so part of their investigation was looking directly at the hardware. As [bunnie] mentioned in his Toorcon silicon hacking talk, silicon is hard to design even before considering security, it must obey the laws of physics (everything the hardware does has to be physically built), and in the manufacturing process the chip is reverse engineered to verify it. All of these elements make it very interesting for hackers. For the MiFare crack, they shaved off layers of silicon and photographed them. Using Matlab they visually identified the various gates and looked for crypto like parts. If you’re interested in what these logic cells look like, [Karsten] has assembled The Silicon Zoo. The Zoo has pictures of standard cells like inverters, buffers, latches, flip-flops, etc. Have a look at [Chris Tarnovsky]’s work to learn about how he processes smart cards or [nico]’s guide to exposing standard chips we covered earlier in the week.

Exposing and photographing silicon

Have you ever wanted to break open your IC and see where those pins really go? [nico] goes through his process of dissolving ICs to their core and photographing the tiny die. The technique involves liquefying the package in sulfuric acid until all the packaging material and pins are gone. He even explains how to use sodium bicarbonate (common baking soda) to neutralize the solution thus allowing for simple sink disposal. Although silicon hacking is generally done by funded hackers with a really nice lab, it is certainly possible to execute some of these techniques with limited equipment and chemical access. For instance, if you can’t get sulfuric acid, send your IC off to a failure analysis lab like MEFAS. For more information and stories on silicon hacking, check out [Chris Tarnovsky]’s process for hacking smartcards and [bunnie]’s talk Hacking silicon: secrets behind the epoxy curtain.