Sign up
| log in
| help
| legal notice
acronym: r3talk
title: Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope!
startdate: 2024-12-19
starttime: 20:05
endtime: 21:00
timezone: Europe/Vienna
city: Graz
country: AT
address: realraum, Brockmanngasse 15, 8010 Graz
exact: True
coordinates: 47.0654887055, 15.450553894
tags: realraum talk r3talk ics reverseengineering hardware
urls:
ical https://grical.realraum.at/s/?query=r3talk+%21realraum&view=ical
description:
Welcome to the first of a regular monthly series of small talks in realraum.
The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell.
Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope!
Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot.
A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future.
This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more.
In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is.
I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots.
by giulioz
| f | 1 | acronym: r3talk | f | 1 | acronym: r3talk |
| 2 | title: Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | 2 | title: Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | ||
| 3 | startdate: 2024-12-19 | 3 | startdate: 2024-12-19 | ||
| 4 | starttime: 20:05 | 4 | starttime: 20:05 | ||
| 5 | endtime: 21:00 | 5 | endtime: 21:00 | ||
| 6 | timezone: Europe/Vienna | 6 | timezone: Europe/Vienna | ||
| 7 | city: Graz | 7 | city: Graz | ||
| 8 | country: AT | 8 | country: AT | ||
| 9 | address: realraum, Brockmanngasse 15, 8010 Graz | 9 | address: realraum, Brockmanngasse 15, 8010 Graz | ||
| 10 | exact: True | 10 | exact: True | ||
| 11 | coordinates: 47.0654887055, 15.450553894 | 11 | coordinates: 47.0654887055, 15.450553894 | ||
| 12 | tags: realraum talk r3talk ics reverseengineering hardware | 12 | tags: realraum talk r3talk ics reverseengineering hardware | ||
| t | t | 13 | urls: | ||
| 14 | ical https://grical.realraum.at/s/?query=r3talk+%21realraum&view=ical | ||||
| 13 | description: | 15 | description: | ||
| 14 | Welcome to the first of a regular monthly series of small talks in realraum. | 16 | Welcome to the first of a regular monthly series of small talks in realraum. | ||
| 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | 17 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | ||
| 16 | 18 | ||||
| 17 | 19 | ||||
| 18 | 20 | ||||
| 19 | Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | 21 | Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | ||
| 20 | 22 | ||||
| 21 | 23 | ||||
| 22 | 24 | ||||
| 23 | Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot. | 25 | Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot. | ||
| 24 | 26 | ||||
| 25 | A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. | 27 | A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. | ||
| 26 | 28 | ||||
| 27 | This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. | 29 | This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. | ||
| 28 | 30 | ||||
| 29 | In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. | 31 | In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. | ||
| 30 | 32 | ||||
| 31 | I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. | 33 | I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. | ||
| 32 | 34 | ||||
| 33 | 35 | ||||
| 34 | by giulioz | 36 | by giulioz |
| f | 1 | acronym: r3talk | f | 1 | acronym: r3talk |
| 2 | title: Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | 2 | title: Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | ||
| 3 | startdate: 2024-12-19 | 3 | startdate: 2024-12-19 | ||
| 4 | starttime: 20:05 | 4 | starttime: 20:05 | ||
| 5 | endtime: 21:00 | 5 | endtime: 21:00 | ||
| 6 | timezone: Europe/Vienna | 6 | timezone: Europe/Vienna | ||
| 7 | city: Graz | 7 | city: Graz | ||
| 8 | country: AT | 8 | country: AT | ||
| 9 | address: realraum, Brockmanngasse 15, 8010 Graz | 9 | address: realraum, Brockmanngasse 15, 8010 Graz | ||
| 10 | exact: True | 10 | exact: True | ||
| 11 | coordinates: 47.0654887055, 15.450553894 | 11 | coordinates: 47.0654887055, 15.450553894 | ||
| 12 | tags: realraum talk r3talk ics reverseengineering hardware | 12 | tags: realraum talk r3talk ics reverseengineering hardware | ||
| 13 | description: | 13 | description: | ||
| 14 | Welcome to the first of a regular monthly series of small talks in realraum. | 14 | Welcome to the first of a regular monthly series of small talks in realraum. | ||
| 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | ||
| n | n | 16 | |||
| 17 | |||||
| 16 | 18 | ||||
| 17 | Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | 19 | Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! | ||
| t | t | 20 | |||
| 21 | |||||
| 18 | 22 | ||||
| 19 | Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot. | 23 | Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot. | ||
| 20 | 24 | ||||
| 21 | A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. | 25 | A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. | ||
| 22 | 26 | ||||
| 23 | This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. | 27 | This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. | ||
| 24 | 28 | ||||
| 25 | In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. | 29 | In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. | ||
| 26 | 30 | ||||
| 27 | I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. | 31 | I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. | ||
| 28 | 32 | ||||
| 29 | 33 | ||||
| 30 | by giulioz | 34 | by giulioz |
| f | 1 | acronym: r3talk | f | 1 | acronym: r3talk |
| n | 2 | title: Vortrag: TITLE TITLE TITLE TODO | n | 2 | title: Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! |
| 3 | startdate: 2024-12-19 | 3 | startdate: 2024-12-19 | ||
| n | 4 | starttime: 19:15 | n | 4 | starttime: 20:05 |
| 5 | endtime: 20:15 | 5 | endtime: 21:00 | ||
| 6 | timezone: Europe/Vienna | 6 | timezone: Europe/Vienna | ||
| 7 | city: Graz | 7 | city: Graz | ||
| 8 | country: AT | 8 | country: AT | ||
| 9 | address: realraum, Brockmanngasse 15, 8010 Graz | 9 | address: realraum, Brockmanngasse 15, 8010 Graz | ||
| 10 | exact: True | 10 | exact: True | ||
| 11 | coordinates: 47.0654887055, 15.450553894 | 11 | coordinates: 47.0654887055, 15.450553894 | ||
| n | 12 | tags: realraum talk r3talk | n | 12 | tags: realraum talk r3talk ics reverseengineering hardware |
| 13 | description: | 13 | description: | ||
| 14 | Welcome to the first of a regular monthly series of small talks in realraum. | 14 | Welcome to the first of a regular monthly series of small talks in realraum. | ||
| 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | ||
| 16 | 16 | ||||
| n | 17 | TITLE TITLE TITLE TODO | n | 17 | Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! |
| 18 | by giulioz | 18 | |||
| 19 | Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot. | ||||
| 20 | |||||
| 21 | A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. | ||||
| 22 | |||||
| 23 | This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. | ||||
| 24 | |||||
| 25 | In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. | ||||
| 26 | |||||
| 27 | I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. | ||||
| 19 | 28 | ||||
| 20 | 29 | ||||
| t | 21 | Lorem Ipsum | t | 30 | by giulioz |
| f | 1 | acronym: r3talk | f | 1 | acronym: r3talk |
| n | 2 | title: Vortrag: | n | 2 | title: Vortrag: TITLE TITLE TITLE TODO |
| 3 | startdate: 2024-12-19 | 3 | startdate: 2024-12-19 | ||
| 4 | starttime: 19:15 | 4 | starttime: 19:15 | ||
| 5 | endtime: 20:15 | 5 | endtime: 20:15 | ||
| 6 | timezone: Europe/Vienna | 6 | timezone: Europe/Vienna | ||
| 7 | city: Graz | 7 | city: Graz | ||
| 8 | country: AT | 8 | country: AT | ||
| 9 | address: realraum, Brockmanngasse 15, 8010 Graz | 9 | address: realraum, Brockmanngasse 15, 8010 Graz | ||
| 10 | exact: True | 10 | exact: True | ||
| 11 | coordinates: 47.0654887055, 15.450553894 | 11 | coordinates: 47.0654887055, 15.450553894 | ||
| 12 | tags: realraum talk r3talk | 12 | tags: realraum talk r3talk | ||
| 13 | description: | 13 | description: | ||
| 14 | Welcome to the first of a regular monthly series of small talks in realraum. | 14 | Welcome to the first of a regular monthly series of small talks in realraum. | ||
| 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | 15 | The focus being on low-entry but hopefully high-value knowledge sharing either in form of a talk or show+tell. | ||
| 16 | 16 | ||||
| t | 17 | TITLE TITLE TITLE | t | 17 | TITLE TITLE TITLE TODO |
| 18 | by giulioz | 18 | by giulioz | ||
| 19 | 19 | ||||
| 20 | 20 | ||||
| 21 | Lorem Ipsum | 21 | Lorem Ipsum |
