decapping

35 Articles

Looking For Pi In The 8087 Math Coprocessor Chip

May 20, 2020 by 14 Comments

Even with ten fingers to work with, math can be hard. Microprocessors, with the silicon equivalent of just two fingers, can have an even harder time with calculations, often taking multiple machine cycles to figure out something as simple as pi. And so 40 years ago, Intel decided to give its fledgling microprocessors a break by introducing the 8087 floating-point coprocessor.

If you’ve ever wondered what was going on inside the 8087, wonder no more. [Ken Shirriff] has decapped an 8087 to reveal its inner structure, which turns out to be closely related to its function. After a quick tour of the general layout of the die, including locating the microcode engine and ROM, and a quick review of the NMOS architecture of the four-decade-old technology, [Ken] dug into the meat of the coprocessor and the reason it could speed up certain floating-point calculations by up to 100-fold. A generous portion of the complex die is devoted to a ROM that does nothing but store constants needed for its calculation algorithms. By carefully examining the pattern of NMOS transistors in the ROM area and making some educated guesses, he was able to see the binary representation of constants such as pi and the square root of two. There’s also an extensive series of arctangent and log2 constants, used for the CORDIC algorithm, which reduces otherwise complex transcendental calculations to a few quick and easy bitwise shifts and adds.

[Ken] has popped the hood on a lot of chips before, finding butterflies in an op-amp and reverse-engineering a Sinclair scientific calculator. But there’s something about seeing constants hard-coded in silicon that really fascinates us.

Chip Decapping The Easy Way

March 11, 2020 by 27 Comments

Chip decapping videos are a staple of the hacking world, and few things compare to the beauty of a silicon die stripped of its protective epoxy and photographed through a good microscope. But the process of actually opening that black resin treasure chest seems elusive, requiring as it does a witch’s brew of solvents and acids.

Or does it? As [Curious Marc] documents in the video below, a little heat and some finesse are all it takes, at least for some chips. The method is demonstrated by [Antoine Bercovici], a paleobotanist who sidelines as a collector of old chips. After removing chips from a PCB — he harvested these chips from an old PlayStation — he uses hot air to soften the epoxy, and then flexes the chip with a couple of pairs of pliers. It’s a bit brutal, but in most of the Sony chips he tried for the video, the epoxy broke cleanly over the die and formed a cleavage plane that allowed the die to be slipped out cleanly. The process is not unlike revealing fossils in sedimentary rocks, a process that he’s familiar with from his day job.

He does warn that certain manufacturers, like Motorola and National, use resins that tend to stick to the die more. It’s also clear that a hairdryer doesn’t deliver enough heat; when they switched to a hot air rework station, the success rate went way up.

The simplicity of this method should open the decapping hobby up to more people. Whether you just want to take pretty pictures or if reverse engineering is on your mind, put the white fuming nitric acid down and grab the heat gun instead.

Continue reading “Chip Decapping The Easy Way”

Why Some Chips Have Inconvenient Pinouts

February 17, 2020 by 29 Comments

If you’ve ever handled a chip with a really strange or highly inconvenient pinout and suspected that the reason had something to do with the inner workings, you may be interested to see [electronupdate]’s analysis of why the 4017 Decade Counter IC has such a weirdly nonintuitive pinout. It peeks into an IC design dating from the 1970s to see an example of the kind of design issues that can affect physical layout.

Inside the 4017. Want to make sense of how lines and shapes on a silicon wafer make an IC work? With the right teachers, it’s simple.

In the case of the 4017, once decapped and the inner workings exposed, things became more clear. Inside the chip are a bunch of flip-flops and NAND gates, laid out in a single layer. Some of the outputs (outputs 5 and 1 for example, physically on pins 1 and 2 respectively) share the same flip-flop.

The original design placed the elements in a way that made the most logical sense for routing and layout, which resulted in nice and tidy inner workings but an apparently illogical pinout. A lot of this is probably feeling familiar to anyone who has designed and routed a single-layer PCB, where being limited to one layer makes it important to get the most connections as directly near one another as possible.

Chip design has of course come a long way since the 70s, but there is forever some level of trade-off to be made between outward tidiness and inner design harmony. The next time you’re looking at a part with an apparently illogical pinout, there’s a fair chance it makes far more sense on the inside.

If any of you are interested in decapping ICs yourselves to see what’s inside, we saw that it’s possible with commonly available chemicals, not just nasty ones.

Continue reading “Why Some Chips Have Inconvenient Pinouts”

Have LED Bulbs Reached Their Final (and Cheapest) Form?

February 16, 2020 by 129 Comments

[electronupdate] has done a lot of LED light bulb teardowns over the years, witnessing a drive towards ever-cheaper and ever-simpler implementations, and suspects that LED light bulb design has finally reached its ultimate goal. This teardown of a recent dollar store example shows that cost-cutting has managed to shave even more off what was already looking like a market saturated with bottom-dollar design.

The electrical components inside this glowing model of cost-cutting consists of one PCB (previously-seen dollar store LED bulb examples had two), eleven LEDs, one bridge rectifier, two resistors, and a controller IC. A wirewound resistor apparently also serves as a fuse, just in case.

Inside the unmarked controller IC. The design is as cheap as it is clever in its cost-cutting.

That’s not all. [electronupdate] goes beyond a simple teardown and has decapped the controller IC to see what lurks inside, and the result is shown here. This controller is responsible for driving the LEDs from the ~100 Volts DC that the bridge rectifier and large electrolytic cap present to it, and it’s both cheap and clever in its own way.

The top half is a big transistor for chopping the voltage and the bottom half is the simple control logic; operation is fast enough that no flicker is perceived in the LEDs, and no output smoothing cap is needed. The result, of course, is fewer components and lower cost.

Some of you may recall that back in the early days of LED lighting, bulbs that could last 100,000 hours were a hot promise. That didn’t happen for a variety of reasons and the march towards being an everyday consumable where cost was paramount continued. [electronupdate] feels they have probably reached that ultimate goal, at least until something else changes. They work, they’re cheap, and just about everything else has been successfully pried up and tossed out the door.

Vintage Fairchild IC Proves Tough To Decap

May 27, 2019 by 12 Comments

You’d think that something called “white fuming nitric acid” would be more than corrosive enough to dissolve just about anything. Heck, it’s rocket fuel – OK, rocket fuel oxidizer – and even so it still it wasn’t enough to pop the top on this vintage Fairchild μL914 integrated circuit, at least not without special measures.

As [John McMaster], part of the team that analyzed the classic dual 2-input NOR gate RTL chip from the 1960s, explains it, decapping modern chips is a straightforward if noxious process. Generally a divot is milled into the epoxy, providing both a reservoir for the WFNA and a roughened surface for it to attack. But the Fairchild chip, chosen for dissection for the Maker Faire Bay Area last week specifically because the features on the die are enormous by modern standards, was housed in an eight-lead TO-99 case with epoxy that proved nigh invulnerable to WFNA. [John] tried every chemical and mechanical trick in the book, going so far as to ablate epoxy with a Nd:YAG laser. He eventually got the die exposed, only to discover that it was covered with silicone rather than the silicon dioxide passivation layer of modern chips. Silicone can be tough stuff to remove, and [John] resorted to using lighter fluid as a solvent and a brush with a single bristle to clean up the die.

We applaud the effort that this took, which only proves that decapping is more art than science sometimes. And the results were fabulous; as Hackaday editor-in-chief [Mike Szczys] notes, the decapping led to his first real “a-ha moment” about how chips really work.

Continue reading “Vintage Fairchild IC Proves Tough To Decap”

Ken Shirriff Explains His Techniques For Reverse Engineering Silicon

December 5, 2018 by 8 Comments

When it comes to reverse engineering silicon, there’s no better person to ask than Ken Shirriff. He’s the expert at teasing the meaning out of layers of polysilicon and metal. He’s reverse engineered the ubiquitous 555 timer, he’s taken a look at the inside of old-school audio chips, and he’s found butterflies in his op-amp. Where there’s a crazy jumble of microscopic wires and layers of silicon, Ken’s there, ready to do the teardown.

For this year’s talk at the Hackaday Superconference, Ken walked everyone through the techniques for reverse engineering silicon. Surprisingly, this isn’t as hard as it sounds. Yes, you’ll still need to drop acid to get to the guts of an IC (of course, you could always find a 555 stuck in a metal can, but then you can’t say ‘dropping acid’), but even the most complex devices on the planet are still made of a few basic components. You’ve got n-doped silicon, p-doped silicon, and some metal. That’s it, and if you know what you’re looking for — like Ken does — you have all the tools you need to figure out how these integrated circuits are made.

Continue reading “Ken Shirriff Explains His Techniques For Reverse Engineering Silicon”

Lessons In Disposable Design From A Cheap Blinky Ball

October 30, 2018 by 45 Comments

Planned obsolescence, as annoying as it is when you’re its victim, still has to be admired. You can’t help but stand in awe of the designer who somehow managed to optimize a product to live one day longer than its warranty period. Seriously, why is it always the next day?

The design of products that are never intended to live long enough to go obsolete must be similarly challenging, and [electronupdate] did a teardown of a cheap LED blinky toy to see what’s involved. You’ve no doubt seen these seizure-triggering silicone balls before, mostly at checkout counters and the like where they’re sold at prices many hundreds of times what it took to make them. This particular device, which seems representative of the species, has two bright LEDs, a small controller chip, a trio of button cells for power, and a springy switch to activate it. All this is mounted to a cheap scrap of phenolic resin PCB, with the controller chip and one of the LEDs covered by a blob of clear epoxy.

This teardown one-ups most others, as [electronupdate] disrobes the chip and points a microscope at the die; the video below shows just how few transistors are employed and proposes a likely circuit. Everything about this ball just oozes cheapness, and it’s likely these things cost essentially nothing to build. Which makes sense for something destined for the landfill within a week or so.

Yes, this annoying blinky-thing is low-end garbage, but there are still design lessons to be learned from it. Anything that’s built for a broad market has to be built to a price point, and understanding those constraints is important to understanding how planned obsolescence works.

Continue reading “Lessons In Disposable Design From A Cheap Blinky Ball”