Ground Off Part Number Leads To Chip Detective Work

Sometimes when a piece of electronics lands on the bench, you find that its chips have their markings sanded off. The manufacturer is trying to make the task of the reverse engineer less easy, thus protecting their market. [Maurizio Butti] found an unexpected one in an electronic switch designed for remote control systems, it had the simple job of listening to the PWM signal from a receiver in a model aircraft or similar and opening or closing a FET.

From previous experience he suspected it might be a microcontroller from STC based on the location of power, ground, Rx, and Tx pins. This 8051-compatible device could be readily reprogrammed, so he has able to create his own firmware for it. He’s published the code and it’s pretty simple, as it simply replicates the original. He acknowledges that this might seem odd, but makes the point that it is left open for future upgrades such as for example repeatedly cycling the output as in a flashing light.

We don’t see so much of the STC chips here aside from one of their earlier offerings, but the 8051 core features here more regularly as it’s found in Nordic’s NRF24 series of wireless-capable chips.

20 thoughts on “Ground Off Part Number Leads To Chip Detective Work

  1. As commented by an engineer at work about this practice “it won’t stop a engineer, just slow them down a little”. We were talking about a sample auto speedometer a Chinese firm had sent us (they were going to make them for us). Curious about what we were getting he examined the CB to find all ID ground off all the chips. But he went ahead and produced a schematic. Then wrote back to them sending the schematic and pointing out design changes we wanted to improve the reliability/performance of the speedometer.

      1. I’m sure that GLB synthesizer was where I first heard of the technique, in a review, about 1972 when I was 12 and elecronics still a relatively knew thing. Someone local offered some small kits, and I have a vague memory that he sanded off the parts numbers, though I also know that later he didn’t.

        But before GLB was a commercial entity, he had a synthesizer in 73, Feb 1970, fifty years ago. i’m sure that was tge first PLL synthesizer in a ham magazine (though I think it had first been published in a repeater magazine). RTL and lots of it, but soon better circuits.

        1. Considering I read the ARRL Handbook at 9 in the year you were born, saying electronics was sorta new in 72 strikes me as a curious statement. Perhaps you meant non tube type active components. My transistor radio was a gift in 1960, a cpl years after having played w a 30MHz surplus military receiver.

          1. But electronics was still new to me in 1972, having gone through the books in the children’s library (mostly actually about electricity than electronics), and found the hobby electronic magazines in Jan 1971.

            So when I read the review of the GLB synthesizer, I was too new to it to know if it had long been a practice to sand off markings.

    1. The manufacturer of the chip (IC) stamps the name on it, the only way the folks using it could know what it is and how to orient it. The manufacturer of the board or device often then sands off the label once the device is assembled to make reverse engineering more difficult.

    2. There are two possible reasons:
      1. The chip manufacturer sanded the markings off the chips when they failed QC, to reduce the risk that they would leak on to the gray market and damage the company’s reputation when unknowing buyers get defective parts with the manufacturer’s logo on them. These then leaked on to the gray market and integrated into bottom-of-the-barrel devices anyway.

      2. The chips were purchased with intact markings, and the board manufacturer sanded them off in an attempt to inhibit reverse engineering. Like most obfuscation techniques, this was little more than an inconvenience.

  2. Hmm, what if they are using chips that didn’t pass tests, or the mfr doesn’t want to support.

    It might be more of the chip Manufacturer not wanting to be associated with the device manufacturer.

    On the project, if there is a spare ADC I’d love to see a 0-5k or hall throttle direct into one of these motor controllers, clean everything up. Maybe even serial data? Or a nrf wireless remote.

  3. I was at a solar conference representing our control systems. While checking out the competition, I looked at a control that had it’s IC numbers sanded off. It wasn’t that complicated and I recognized the pin layout and components around the op amp and comparator. I proceeded to tell the people in the booth the ICs they used and recommended some better protection for the op amp inputs. The look on their faces was worth any free advice I gave.

  4. I bought an RGB encoder card off eBay for my Apple ][ Europlus, made in the UK in I figure late 70s early 80s. It has half a dozen chips on it and they had all been sanded off. I don’t have the manual for it but I’m guessing it didn’t have the schematic in it :)

  5. Ah yes Mr Name Req reminds me that computer expansion cards were big culprits. The most egregious one I recall at the moment are those PC POST code testing cards that had some buffers, decode logic, couple of 7 seg displays, and all the chips sanded so you didn’t know that your $200+ “high spec professional testing tool” had a buck worth of standard 74 series on it.

  6. Why do they do this. It is only a minor impediment to a competing manufacturer wishing to reverse engineer their product. The only people this hurts is those wishing to repair this junk instead of sending it to the land fill. If someone can’t identify the chips they can’t repair it. Best case scenario the precious metals and working identifiable chips are recovered by an ewaste recycler before going into a landfill.

  7. Just stumbled across the great Don Lancaster’s take in March 1993 Electronics Now…

    Starts discussing the folly of software copy protection then segues into…

    “For most hardware offerings, even grinding a part number off the key integrated circuit will have the exact opposite of the intended effect. All that does is cause lots of high-energy people to puzzle out what the chip is and where to get one. The universal hacker popularity for that BA1404 stereo FM broadcaster can be directly traced back to one firm stupidly grinding off one too many part numbers.”

    He then goes on to discuss the evils of epoxy encapsulation merely for obfuscation purposes, pointing out it wrecks thermals and pinions ferrites which then do not behave properly as some properties rely on magnetostriction.

  8. I worked for a company in the late 80s and architected their Mac graphics accelerators … the first one we did was just SRAM and pals on a daughter card …. We were surprised at just how easy it was to do so we had the SRAM and pals private labelled with our own logo so as to put the competition off the track

Leave a Reply to RandomNutCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.