The Art Of The Silicon Chip

June 6, 2017 by Jenny List 23 Comments

If you have followed the group of reverse engineers whose work on classic pieces of silicon we feature regularly here at Hackaday, you may well be familiar with the appearance of the various components that make up their gates and other functions. What you may not be familiar with, however, are the features that can occasionally be found which have no function other than the private amusement of the chip designers themselves. Alongside the transistors, resistors, and interconnects, there are sometimes little pieces of artwork inserted into unused spaces on the die, visible only to those fortunate enough to own a powerful microscope.

Fortunately those of us without such an instrument can also take a look at these works, thanks to the Smithsonian Institution, who have brought together a gallery of them on the web as part of their chip collection. In it we find cartoon characters such as Dilbert, favourites from children’s books such as Waldo, and the Japanese monster Godzilla. There are animals, cows, a leopard, a camel, and a porpoise, and of course company logos aplenty.

In a sense, these minuscule artworks are what our more strident commenters might describe as Not A Hack, but to dismiss them in such a manner would be to miss their point. Even in an age of huge teams of integrated circuit designers working with computerized tools rather than the lone geniuses of old with their hand drafting, we can still see little flashes of individuality with no practical or commercial purpose and with no audience except a very few. And we like that.

Also take a look at the work of [Ken Shirriff] for a masterclass in IC reverse engineering.

Gimbal SDI Camera Mod

June 4, 2017 by Michael Uttmark 4 Comments

Sometimes when you need something, there is a cheap and easily obtainable product that almost fits the bill. Keyword: almost. [Micah Elizabeth Scott], also known as [scanlime], is creating a hovering camera to follow her cat around, and her Feiyu Mini3D 3-axis brushless gimbal almost did everything she’d need. After a few modifications, [Micah] now has a small and inexpensive 3-axis gimbal with a Crazyfire HZ-100P SDI camera and LIDAR-Lite distance sensor.

At thirty minutes long, [Micah’s] documenting video is rife with learning moments. We’ve said it before, and we’ll say it again: “just watch it and thank us later.” [Micah Elizabeth Scott] has a way of taking complicated concepts and processes and explaining things in a way that just makes sense (case in point: side-channel glitching) . And, while this hack isn’t exactly the most abstractly challenging, [Micah’s] natural talent as a teacher still comes through. She takes you through what goes right and what goes wrong, making sure to explain why things are wrong, and how she develops a solution.

Throughout her video, [Micah] shares small bits of wisdom gained from first-hand experience. From black hot glue to t-glase (a 3D printing filament), we learned of a few materials that could be mighty useful.

We’re no strangers to the work of [Micah Elizabeth Scott], she’s been on the scene for a while now. She’s been a Hackaday Prize Judge in 2015 and 2016 and is always making things we love to cover. She’s one of our three favorite hackers and has a beautiful website that showcases her past work.

Video after the break.

Continue reading “Gimbal SDI Camera Mod” →

Integrated Circuit Reverse Engineering, 1970s Style

June 2, 2017 by Jenny List 11 Comments

We are used to stories about reverse engineering integrated circuits, in these pages. Some fascinating exposés of classic chips have been produced by people such as the ever-hard-working [Ken Shirriff].

You might think that this practice would be something new, confined only to those interested in the workings of now-obsolete silicon. But the secrets of these chips were closely guarded commercial intelligence back in the day, and there was a small industry of experts whose living came from unlocking them.

Electron micrograph of a wire bond to the Z80 CTC die

Integrated Circuit Engineering Corporation were a Scottsdale, Arizona based company who specialised in semiconductor industry data. They have long since been swallowed up in a series of corporate takeovers, but we have a fascinating window into their activities because their archive is preserved by the Smithsonian Institution. They reverse engineered integrated circuits to produce reports containing detailed information about their mechanical properties as well as their operation, and just such a report is our subject today. Their 1979 examination of the Zilog Z80 CTC (PDF) starts with an examination of the package, in this case the more expensive ceramic variant, then looks in detail at the internal construction of the die itself, and its bonding wires. We are then taken in its typewritten pages through an extensive analysis of the circuitry on the die, with gate-level circuits to explain the operation of each part.

The detail contained in this report is extraordinary, it is clear that a huge amount of work went into its production and it would have been of huge value to certain of Zilog’s customers and competitors. At the time this would have been extremely commercially sensitive information, even if it now seems like a historical curiosity.

The Z80 CTC is a 4-channel counter/timer peripheral chip for the wildly succesful Z80 8-bit microprocessor, in a 28-pin dual-in-line package. We were surprised to find from a quick search that you can still buy this chip from some of the usual suppliers rather than the surplus houses, so it may even still be in production.

If IC reverse engineering takes your fancy, take a look at our archive of [Ken Shirriff] posts.

Thanks [fortytwo] for the tip.

How To Reverse Engineer A Chip

May 2, 2017 by Al Williams 27 Comments

Have you ever wondered how you could look at a chip and map out its schematic? [Robert Baruch] wants to show you how he does it and he does in a new video (see below). The video assumes you know how to expose the die because he’s made a video about that before.

This video focuses on using his Beaglebone-driven microscope stage to get high-resolution micrographs stitched together from smaller shots. A 3D-printed sample holder keeps the part from moving around. Luckily, there’s software to stitch the images together. Once he has the die photo, he will etch away the metal to remove the passivation, the metal layer, and the silicon dioxide under the metal and takes another set of photos.

Continue reading “How To Reverse Engineer A Chip” →

Help Wanted: Open Source Oscilloscope On Rigol Hardware

April 27, 2017 by Al Williams 40 Comments

We’ve often heard (and said) if you can’t hack it, you don’t own it. We noticed that [tmbinc] has issued a call for help on his latest project: developing new firmware and an FPGA configuration for the Rigol DS1054Z and similar scopes. It isn’t close to completion, but it isn’t a pipe dream either. [tmbinc] has successfully booted Linux.

There’s plenty left to do, though. He’s loading a boot loader via JTAG and booting Linux from the USB port. Clearly, you’d want to flash all that. Linux gives him use of the USB port, the LCD, the network jack, and the front panel LEDs and buttons. However, all of the actual scope electronics, the FPGA functions, and the communications between the processor and the FPGA are all forward work.

Continue reading “Help Wanted: Open Source Oscilloscope On Rigol Hardware” →

ESP32’s Freedom Output Lets You Do Anything

April 24, 2017 by Elliot Williams 39 Comments

The ESP32 is Espressif’s new wonder-chip, and one of the most interesting aspects of its development has been the almost entirely open-source development strategy that they’re taking. But the “almost” in almost entirely open is important — there are still some binary blobs in the system, and some of them are exactly where a hacker wouldn’t want them to be. Case in point: the low-level WiFi firmware.

So that’s where [Jeija]’s reverse engineering work steps in. He’s managed to decode enough of a function called ieee80211_freedom_output to craft and send apparently arbitrary WiFi data and management frames, and to monitor them as well.

This ability is insanely useful for a WiFi device. With low-level access like this, one can implement custom protocols for mesh networking, low-bandwidth data transfers, or remove the requirement for handshaking entirely. One can also spam a system with so many fake SSIDs that it crashes, deauth everyone, or generally cause mayhem. Snoop on your neighbors, or build something new and cool: with great power comes great responsibility.

Anyway, we reported on [Jeija]’s long distance hack and the post may have read like it was all about the antenna, but that vastly underestimates the role played by this firmware reverse-engineering hack. Indeed, we’re so stoked about the hack that we thought it was worth reiterating: the ESP32 is now a WiFi hacker’s dream.

Project 54/74 Maps Out Logic ICs

April 4, 2017 by Lewin Day 4 Comments

Integrated circuits are a fundamental part of almost all modern electronics, yet they closely resemble the proverbial “black box” – we may understand the inputs and outputs, but how many of us truly understand what goes on inside? Over the years, the process of decapping ICs has become popular – the removal of the package to enable peeping eyes to glimpse the mysteries inside. It’s an art that requires mastery of chemistry, microscopy and photography on top of the usual physics skills needed to understand electronics. Done properly, it allows an astute mind to reverse engineer the workings of the silicon inside.

There are many out there publishing images of chips they’ve decapped, but [Robert Baruch] wants more. Namely, [Robert] seeks to create a database of die images of all 5400 and 7400 series logic chips – the eponymous Project 54/74.

These chips are the basic building blocks of digital logic – NAND gates, inverters, shift registers, decade counters and more. You can build a CPU with this stuff. These days, you may not be using these chips as often in a production context, but those of you with EE degrees will likely have toyed around a few of these in your early logic classes.

There’s only a handful of images up so far, but they’re of excellent quality, and they’re also annotated. This is a great aid if you’re trying to get to grips with the vagaries of chip design. [Robert] is putting in the hard yards to image as many variations of every chip as possible. There’s also the possibility of comparing the same chip for differences between manufacturers. We particularly like this project, as all too often manufacturing techniques and technologies are lost and forgotten as the march of progress continues on. It looks like it’s going to become a great resource for those looking to learn more about integrated circuit design and manufacture!