I've got to add that this is pretty much how Intel's x86 processors were reverse engineered [1] for use in Soviet IBM PC clones like Poisk [2]. Most resources on the Web talk about clones of CPUs up to and including the 80286 but I am told there was at least one successful attempt at cloning an earlier version of the 80386. The smaller sub-1 µm process used by Intel for later 80386 and 80486 units proved too much, however.
There are actually substantially more steps involved in reverse engineering more modern SOCs. After depackaging the chips you have to strip the metal layers, special protective layers etc to get to the base layers. Modern processes can have upwards of 8 metal layers along with a top layer composed of filled metal (there are issues with processing if a relatively uniform amount of metal isn't on each layer).
After you get the images of the metal layers (you likely can't do this optically for things down near Metal1) you can image the poly and diffusions. You can probably guess which transistors are which based on which power rails they would have been connected to.
Things might be easier if you know what standard cell library the designers used when laying out the chip, as then you'd more easily be able to identify the base logical functions faster.
If you're being thorough you'd also have to make sure you obtain measurements of the widths of each of the transistors (so you can later figure out the relative drive strength which matters for things like identifying keeper circuits or more precision analog elements etc).
Determining some transistor behavior make require even more complicated tests to identify doping levels and if you were trying to duplicate the process you'd have to identify a large number of other materials (for example if they use copper you'd want to find what chemical they used to control the diffusion etc).
Yes, and that does not even get into the extremely complex principle of the process technology itself, mixed with the design placement techniques that tend to be very closely tied to the process.
Reverse engineering Digital can be conceivable by looking at blocks, but for analog it can be incredibly difficult.
I am still looking to find soviet 286 (??1847??286), but it seems it is extremely rare. If anyone have one - contact me ASAP :-)
Just to be fair - I didn't find that soviet "clones" were clones - layout was changed significantly. Centralized planning demanded 100% compatible chips to make near-100% compatible computers, that's the root of all evils.
Awesome work. A simple suggestion: make clear that the labels point to the right picture, say with a horizontal line separating them, since the description for the next image is right below the one before it.
It's metallographic microscope BM-158J with some unnamed 5 megapixel camera attachment. To make large photo I had to take 20-100 shots, and then stitch them into 1 large photo.
Even though the details may already be well known, someone with some stock could consider sending these guys a 'clipper chip' in celebration of its defeat. http://en.wikipedia.org/wiki/Clipper_chip
It seems like you could avoid the heating needs as much by using hydrogen peroxide with the sulfuric to make Piranha solution, which is a great and voracious organic compound eater.
Initially I was trying that, but 98% sulfuric acid and 40% hydrogen peroxide needed like 3 days to etch plastic (with like 10 fresh "mixes"). Now I can try that with higher concentrations, would be great if It could lower temperature.
Amazing how the insides of these chips are composed of similar looking traces and microcomponents to the PCBs that house them on a larger order of magnitude.
Intel used to make posters available (back in the Pentium-II days) and they were really cool. I used to have one that I had to leave behind at a previous job.
In the current copyright environment, I'm not sure they could be made available. Which stinks, as just looking at them & trying to figure out what the sections did (ALU, cache, registers, etc) is sort of inspiring.
Intel, AMD, Freescale, etc. should partner up with art.com or someone else who can print out large posters (and ship them wrinkle-free) Maybe donate any profits to a engineering-for-teens program of some kind.
So if I get this correctly from the other comments, reversing a current-day modern CPU chip is much, much harder?
Is it at all possible? On what kind of budget?
Say there's a number hidden on a modern CPU chip, a cryptographic key. That's one of the things "Trusted Computing" architecture uses, right? Is there any way to retrieve that key? With a really large budget? Or is it truly impossible, tamperproof beyond any macroscopic objects, not accessible without destroying the data itself?
Because if that is so, that'd be disgusting, and I understand one of Richard Stallman's paranoid precautions quite a bit better--afaik the netbook he uses has one of the few brands of chips whose design is "open". Of course if it's tiny enough, you still don't know if what's in it is exactly what the design says should be in it (like running binaries instead of compiling from source), but I suppose that is the best one can do.
It's crazy then, that with our drive for faster and faster computers, at some point, we may lock ourselves out.
Cloning whole chip is probably economically not viable, but definitely possible (it's cheaper to design from scratch with modern automatic design tools), but retrieving secret keys is a popular task.
For a company having all the tools (electron microscope with bells and whistles, polishing machines, microprobes) it might take hundreds to thousands of human-hours (0.1-1+ million $).
Absolutely possible, people reverse engineer parts of our chips and I'm pretty sure a well supplied failure analysis lab could do some of the work as well.
It's certainly doable to reverse engineer out a cryptographic key from a chip, but most of the people who could afford to do this wouldn't really need to do so. Secure elements are typically substantially more protected than standard logic. The structures can be designed in a manner to be very difficult to access without damaging them rendering them unreadable.
Such a cryptographic key would likely be scattered in pieces around the chip, delivered through winding busses below enough critical logic connections and power rails so that the chip wouldn't be as vulnerable to a focused ion beam attack or infrared analysis. This makes it difficult to observe without destroying enough of the chip that live examination would not be possible. There are also tricks that would be used to mitigate the risk of differential power attacks etc.
The bigger threats to secure elements are sloppy design with DFT/DFM (Design For Test) features. Most complex chips have at a minimum a mechanism of connecting a large number of the designs flops to what's like a huge shift register. If you knew enough of the design you could try to locate the output of a block which has access to the secure value, scan in a vector that makes it easy to recover the value (e.g. an XOR element you can force to XOR with 0's) and scan it out.
There are also other DFT feature like on-die logic analyzers, micro-breakpoint engines, code signing overrides etc. Virtually all of these features are physically disabled prior to volume manufacturing. If a company was sloppy this could expose things that shouldn't be exposed.
There are other attacks as well though. If you could compromise the signing keys for the microcode delivered to a processor like a modern x86 processor you could change the behavior of instructions. With custom microcode you could catch and override basically any instruction (for example you could change where a LOAD instruction stores data or make ADD do jmp etc). You could definitely use something like that in a malicious manner.
It is pretty cool technique. There are a few things you can do via FIBs but what I'm thinking of here involves cutting a very fine hole through carefully targeted areas of the chip to expose the element in question (or its wires) so we can observe them. We actually have had to do this for debugging a couple of times on 32nm chips (cutting down in and pico probing ). we mostly only got away with it because we had all the floor plans, masks, RTL, documentation and very fancy equipment though, it would have been very difficult otherwise.
Ions are charged atoms. In Vacuum you take a small inlet of gas (only very little), or heat up a small piece of solid until it evaborates, depending on what type of atom you want to use. Then ionize it (e.g. having a white glowing hot piece of wire in the vincinity) then accelerate it. With electrodes and coils (like, e.g. used in old CRT TVs/monitors) you can form have a narrow, focused beam you can move around. This all has to be done in vacuum, because the beams will stop in (dense) air immediately.
This is your "cannon" with which you can very precisely aim and shoot at a target.
Where is this done?
The microscopes used for the very delicate structures in modern microchips are normally electron microscope (not using light but electrons for imaging). They operate in a vacuum which is very handy, because in that vacuum the focused ion beams can operate.
So you have your chip in your electron microscope, and you know that buried below some other structure is a signal hidden from plain view (maybe on purpose on a secure chip, but maybe you are debugging your own design and it just happens that this is where you suspect the answer to why the chip is not operating as required).
So you set your ion-beam to "heavy noble gas, e.g. Xeon" and shoot particles to drill a small hole until you have a trench down to the interesting signal. But that trench is not wide enough to allow your (huge!) probe needle to contact. You you switch to "deposit metal" and, with much less impact velocity for your particles, like with a small brush, you put in a conductive trace from within the trench to some part on the (still intact) silicon-dioxide protective layer on top of the chip. This is where you put your probe needle that can then access the buried signal.
In the public/unclassified world, Flylogic (Chris Tarnovsky)has it down to about 3-6h to extract a key from a moderately protected device (TPM; generally FIPS 140-2 level 3 (physical), using about $1mm in equipment and one guy. This is after years of developing expertise in general, and spending maybe 2-3 months part-time attacking a single model of chip (although within a family, it looks like new models are usually quite similar in layout and protection mechanisms).
Attacking modules instead of chips is a little harder, especially because the modules themselves are more expensive, so expending hundreds of them in early testing is more expensive. But, for a national organization, totally feasible.
If you really want trusted computing, you need defense in depth; the devices need to be in a semi-trusted environment, so a theft/tamper event can be detected, and keys revoked, within the attack window. So, it's ultimately not possible in a feasible way for consumer-possessed devices (trusted computing for DRM); OTOH it works great in a server environment (if someone breaks in, you just invalidate all keys in the facility within a few hours).
HSMs (which have more active tamper response) are a lot better than TPMs (which are purely passive). You could probably trust an HSM even if it falls into enemy hands, unless the enemy is the HSM designer or NSA, for less than $50mm. The problem is there's no decent HSM for less than about $15k now (Thales/SafeNet duopoly). And HSMs have had implementation bugs in the past.
Basically, yes. Those are silicon chips, with alternate layers of glass (SiO2) and metal deposited on top. The metal layers connect transistors that were built in the silicon chip proper in the first steps of fabrication.
They are called integrated circuits because, instead of using a board to connect many pieces of silicon, a single piece of silicon has the whole circuit. More at the usual place, http://en.wikipedia.org/wiki/Integrated_circuit
These images would be a fantastic resource on Wikimedia Commons (for use in Wikipedia articles). The licensing (Creative Commons Attribution 3.0 Unported License) is compatible as per [1] and [2].
I've got things started with the 74HC595 die photo at [3] and [4].
I was having flashbacks to my days and nights spent testing wafers at a semiconductor fab. Spend a shift using a misaligned microscope and walk outside and see THREE moons. But I have mad soldering skills from building probe cards.
[1] http://www.cpu-world.com/info/exUSSR-chips.html
[2] http://www.oldcomputermuseum.com/poisk.html
reply