>
curriculum/Hardware Security
section 3 of 154 min read

3. Reverse Engineering: Looking at the Silicon

Side channels and fault injection assume you know what you are attacking. Reverse engineering builds that knowledge from a black box.

3.1 PCB-level RE

Photograph the board top and bottom. Identify chips by their markings; chase down datasheets. With a continuity tester, map nets: power, ground, signal, oscillator. Identify candidate JTAG, UART, SPI, I2C buses; we covered the patterns in Chapter 18. Look for unpopulated test points, debug headers, factory-only programming pads. Modern hobbyists use OpenScan or commercial tools like Allegro PCB Designer to build a partial schematic from photographs. The first step of most hardware attacks is just looking carefully at the board for ten minutes longer than the average user.

3.2 Decapping: chemical or mechanical

Plastic IC packages are made of epoxy with silica fillers, designed to survive mild chemical exposure but not concentrated acid. Decapping methods:

  • Mechanical. Grind down the back of the package with abrasives, then stop just before reaching the die. Slow and forgiving.
  • Chemical. Drip fuming nitric acid on the package surface in a fume hood. Acid eats epoxy without attacking silicon or metal bond wires. Done in minutes by a practiced operator. Genuinely dangerous. Inhaling fumes will hospitalize you, and a spill burns through skin in seconds.
  • Plasma etching. Industrial method using oxygen plasma, available at some university labs. Slow but exquisitely clean.

The result is a die exposed under a microscope, ready for imaging.

3.3 Imaging

  • Optical microscope. Resolves features down to roughly the wavelength of light, perhaps 0.3 µm with oil immersion. You see the top metal layer and large structural features. Bunnie Huang's "die shot" library and the Silicon Pr0n community archive thousands of decapped chips at this resolution.
  • SEM (scanning electron microscope). Resolves to a few nm. You see individual transistors, vias, and gate-level structure.
  • FIB (focused ion beam). Cuts cross-sections of the die so you can image the layer stack from the side, exposing internal metal layers.
  • X-ray CT. Non-destructive imaging of bond wires, internal vias, package construction. Used to spot remarked or substituted dies.

After imaging, layer-by-layer netlist extraction tools (like degate or commercial Tarrant Engineering software) can reconstruct the circuit. Bunnie's work on the iPod chip in the 2000s and Christopher Tarnovsky's 2010 reverse engineering of the Infineon TPM are the canonical demonstrations of how far you can push this with patience.

3.4 Microprobing

Place a sub-micron tungsten probe on a metal trace inside a decapped chip, read or inject signals on that internal wire. Used to extract keys from running secure elements, set up debug paths into otherwise locked logic, and confirm netlist hypotheses. Slow, expensive, surgical.

3.5 Firmware extraction

If you can read the firmware, you can analyze it. Methods:

  • Direct flash dump. Desolder the SPI flash chip, read it on a programmer like the MiniPro TL866 or the Dataman 48Pro2.
  • In-circuit programming. SOIC clip onto the flash chip without desoldering, read via SPI on a Raspberry Pi or Bus Pirate.
  • JTAG/SWD memory dump if the debug port is alive. We covered this in Chapter 21.
  • UART bootloader exploits. Many SoC vendors have factory bootloaders accessible over UART that allow unsigned reads of internal flash. The Allwinner FEL mode is a famous example.
  • Glitch-assisted readout. Glitch the readout-protection check on chips that nominally lock JTAG but verify the lock at runtime.

Once extracted, analyze with Ghidra (free, NSA-developed), IDA Pro (commercial, gold standard), Binary Ninja (modern, scriptable), and radare2/r2 (open source, scriptable). binwalk scans for embedded filesystems, encryption magic numbers, and recognizable headers. Found code is fed to the disassembler, control flow is reconstructed, and string analysis often turns up debug commands, default credentials, and even forgotten test keys. Most embedded CTF challenges and most real IoT compromises start exactly here.

3.6 Side-channel-assisted RE

You don't always need the firmware to know what's running. Power-trace pattern analysis, EM analysis with localized probes, and timing analysis can identify cryptographic algorithms (the recognizable rounded structure of an AES round, the modular-exponentiation hump-pattern of RSA), pinpoint coprocessor blocks, and even differentiate firmware versions. The chip's leakage is a fingerprint as well as a leak.