Fail Of The Week: The Semiconductor Lapping Machine That Can’t Lap Straight

May 21, 2018 by Dan Maloney 34 Comments

It seemed like a good idea to build a semiconductor lapping machine from an old hard drive. But there’s just something a little off about [electronupdate]’s build, and we think the Hackaday community might be able to pitch in to help.

For those not into the anatomy and physiology of semiconductors, getting a look at the inside of the chip can reveal valuable information needed to reverse engineer a device, or it can just scratch the itch of curiosity. Lapping (the gentle grinding away of material) is one way to see the layers that make up the silicon die that lies beneath the epoxy. Hard drives designed to spin at 7200 rpm or more hardly seem a suitable spinning surface for a gentle lapping, but [electronupdate] just wanted the platter for its ultra-smooth, ultra-flat surface.

He removed the heads and replaced the original motor with a gear motor and controller to spin the platter at less than 5 rpm. A small holder for the decapped die was fashioned, and pinched between the platter hub and an idler. It gently rotates the die against the abrasive-covered platter as it slowly revolves. But the die wasn’t abrading evenly. He tried a number of different fixtures for the die, but never got to the degree of precision needed to see through the die layer by layer. We wonder if the weight of the die fixture is deflecting the platter a bit?

Failure is a great way to learn, if you can actually figure out where you went wrong. We look to the Hackaday community for some insight. Check out the video below and sound off in the comments if you’ve got any ideas.

Continue reading “Fail Of The Week: The Semiconductor Lapping Machine That Can’t Lap Straight” →

Fake Ram: Identifying A Counterfeit Chip

August 22, 2017 by Adam Fabio 26 Comments

[Robert Baruch‏] had something strange on his hands. He had carefully decapped 74LS189 16×4 static RAM, only to find that it wasn’t a RAM at all. The silicon die inside the plastic package even had analog elements, which is not what one would expect to find in an SRAM. But what was it? A quick tweet brought in the cavalry, in the form of chip analysis expert [Ken Shirriff].

[Ken] immediately realized the part [Robert] had uncovered wasn’t a 74 series chip at all. The power and ground pins were in the wrong places. Even the transistors were small CMOS devices, where a 74 series part would use larger bipolar transistors. The most glaring difference between the mystery device and a real LS819 was the analog elements. The mystery chip had a resistor network, arranged as an R-2R ladder. This configuration is often used as a simple Digital to Analog Converter (DAC).

Further analysis of the part revealed that the DAC was driven by a mask ROM that was itself indexed using a linear feedback shift register. [Ken] used all this information to plot out the analog signal the chip would generate. It turned out to be a rather sorry looking sine wave.

The mystery part didn’t look like any function generator or audio chip of the era. [Ken] had to think about what sort of commodity part would use lookup tables to generate an audio waveform. The answer was as close as his telephone — a DTMF “touch tone” generator, specifically a knockoff of a Mostek MK5085.

Most investigators would have stopped there. Not [Ken] though. He delved into the construction and function of the DTMF generator. You can find the full analysis on his site. This isn’t [Ken’s] first rodeo with decapped chips. He’s previously examined the Intel 8008 and presented a talk on silicon reverse engineering at the 2016 Hackaday Superconference. [Robert] has also shown us how to pop the top of classic ceramic integrated circuits.

What Lies Within: SMT Inductor Teardown

May 24, 2017 by Dan Maloney 10 Comments

Ever wonder what’s inside a surface-mount inductor? Wonder no more as you watch this SMT inductor teardown video.

“Teardown” isn’t really accurate here, at least by the standard of [electronupdate]’s other component teardowns, like his looks inside LED light bulbs and das blinkenlights. “Rubdown” is more like it here, because what starts out as a rather solid looking SMT component needs to be ground down bit by bit to reveal the inner ferrite and copper goodness. [electronupdate] embedded the R30 SMT inductor in epoxy and hand lapped the whole thing until the windings were visible. Of course, just peeking inside is never enough, so he set upon an analysis of the inductor’s innards. Using a little careful macro photography and some simple image analysis, he verified the component’s data sheet claims; as an aside, is anyone else surprised that a tiny SMT component can handle 30 amps?

Looking for more practical applications for decapping components? How about iPhone brain surgery?

Continue reading “What Lies Within: SMT Inductor Teardown” →

Project 54/74 Maps Out Logic ICs

April 4, 2017 by Lewin Day 4 Comments

Integrated circuits are a fundamental part of almost all modern electronics, yet they closely resemble the proverbial “black box” – we may understand the inputs and outputs, but how many of us truly understand what goes on inside? Over the years, the process of decapping ICs has become popular – the removal of the package to enable peeping eyes to glimpse the mysteries inside. It’s an art that requires mastery of chemistry, microscopy and photography on top of the usual physics skills needed to understand electronics. Done properly, it allows an astute mind to reverse engineer the workings of the silicon inside.

There are many out there publishing images of chips they’ve decapped, but [Robert Baruch] wants more. Namely, [Robert] seeks to create a database of die images of all 5400 and 7400 series logic chips – the eponymous Project 54/74.

These chips are the basic building blocks of digital logic – NAND gates, inverters, shift registers, decade counters and more. You can build a CPU with this stuff. These days, you may not be using these chips as often in a production context, but those of you with EE degrees will likely have toyed around a few of these in your early logic classes.

There’s only a handful of images up so far, but they’re of excellent quality, and they’re also annotated. This is a great aid if you’re trying to get to grips with the vagaries of chip design. [Robert] is putting in the hard yards to image as many variations of every chip as possible. There’s also the possibility of comparing the same chip for differences between manufacturers. We particularly like this project, as all too often manufacturing techniques and technologies are lost and forgotten as the march of progress continues on. It looks like it’s going to become a great resource for those looking to learn more about integrated circuit design and manufacture!

IPhone Brain Surgery

February 24, 2017 by Dan Maloney 44 Comments

You think you’re good at soldering? Can you solder a CPU? A CPU inside an iPhone? A decapped CPU inside an iPhone? Can you solder inside a decapped CPU inside of an iPhone?

If you can’t, fear not – someone can, and we found him or her courtesy of a video that [Bunnie Huang] tweeted a while back. There’s not much information in the video, but from what we can gather it comes from an outfit called G-Lon Technology in Guang Zhou. Their Facebook page suggests that they teach cellphone repair, and if they take their repairs this far, we’d say the students are getting their tuition’s worth.

The reason for the repair is unclear, although the titles refer to a “CPU to U0301 AP31 AR31 broken repair,” which we take to refer to a boot error that can be repaired by exposing a couple of pads inside the CPU and wiring them to another chip. We’d love to hear comments from anyone familiar with the repair, but even in the absence of a clear reason for undertaking this, the video is pretty impressive. The epoxy cap of the CPU is painstakingly ground away under a microscope, then tiny tools are used to scrape down to the correct layers. Solder mask is applied, hair-thin wires are tacked to the pads, and a UV-curing resin is applied to fill the CPU’s new gaping hole and to stabilize the wires. It seems like a lot of work to save an iPhone, but it sure is entertaining to watch.

Can’t get enough of poking around the innards of chips? We’ve got decapping stories aplenty: one, two, and three that you might like. We’ve even covered at least one CPU internal repair before too.

Continue reading “IPhone Brain Surgery” →

Decapsulation Reveals Fake Chips

September 12, 2016 by Brian Benchoff 37 Comments

A while back, [heypete] needed to get a GPS timing receiver talking to a Raspberry Pi. The receiver only spoke RS-232, and the Pi is TTL level serial. [Pete] picked up a few RS-232 to TTL conversion boards from an online vendor in China. These boards were supposedly based on the Max3232, a wonderchip that converts the TTL serial to the positive and negative voltages of RS-232 serial. The converters worked fine for a few weeks, before failing, passing a bunch of current, and overheating.

On Mouser and Digikey, the Max3232 costs about $1.80 in quantity one, and shipping is extra. You can pick up a ‘Max3232 converter board’ from the usual online marketplaces for seventy five cents with free shipping. Of course the Chinese version is fake. [Pete] had some nitric acid, and decided to compare the die of the real and fake Max3232s.

After desoldering two fake chips from their respective converter boards, and acquiring a legitimate chip straight from Maxim, [Pete] took a look at the chips under the microscope. The laser markings on the fakes are inconsistent, but there was something interesting to be found in the date code markings. It took two to four weeks for the fake chips to be etched with a date code, assembled into a converter board, shipped across the planet, put into [Pete]’s project, run for a little bit, and fail spectacularly. That’s an astonishing display of manufacturing, logistics, and shipping times. Update: The date codes on the fakes had 2013 laser etched on the plastic package, and 2009 on the die. The real chips had a date code just a few weeks before [Pete] decapped them — a remarkably short life but they gave in to a good cause.

Following the Zeptobars and CCC (PDF) guides to dropping acid, [Pete] turned his problem into solution and took a look at the dies under a microscope. The legitimate die was significantly larger, and the fake dies were identical. The official die used gold bond wires, but the fake ones didn’t.

Unfortunately, [Pete] isn’t an expert in VLSI, chip design, failure analysis, or making semiconductors out of sand. Anything that should be obvious to the layman is not, and [Pete] has no idea why these chips would work for a week, then overheat and fail. If anyone has an idea, hit [Pete] up and drop a note in the comments.

A Peek Under The Hood Of The 741 Op-Amp

October 31, 2015 by Dan Maloney 9 Comments

First introduced as an IC back in 1968, but with roots that go back to 1941, the 741 has been tweaked and optimized over the years and is arguably the canonical op-amp. [Ken Shirriff] decided to take a look inside everybody’s favorite op-amp, and ended up with some good-looking photomicrographs and a lot of background on the chip.

Rather than risk the boiling acid method commonly used to decap epoxy-potted ICs, [Ken] wisely chose a TO-99 can format to attack with a hacksaw. With the die laid bare for his microscope, he was able to locate all the major components and show how each is implemented in silicon. Particularly fascinating is the difference between the construction of NPN and PNP transistors, and the concept of “current mirrors” as constant current sources. And he even whipped up a handy interactive chip viewer – click on something in the die image and find out which component it is on the 741 schematic. Very nice.

We’ve seen lots of chip decappings before, including this reveal of TTL and CMOS logic chips. It’s nice to see the guts of the venerable 741 on display, though, and [Ken]’s tour is both a great primer for the newbie and a solid review for the older hands. Don’t miss the little slice of history he included at the end of the post.