Slashdot Mirror

← Back to Stories (view on slashdot.org)

Semi-Automatic Hacking of Masked ROM Code From Microscopic Images

Posted by Soulskill on from the making-a-computer-read-a-computer dept.

An anonymous reader writes "Decapping chips and recovering code or data is nothing new, but the old problem of recovering Masked ROM through visual inspection (binary '0' and '1' can be distinguished within the images) is normally done by crowd sourcing a manual typing effort. Now a tool that semi-automates this process and then recovers the data automatically has been released."

10 of 42 comments (clear)

  1. Nice 8085 example by ranulf · · Score: 5, Interesting

    For a nice example of this being done by humans, see Ken Shirriff's decoding of the 8085 instruction decode logic.

  2. This is awesome... by jonwil · · Score: 4, Interesting

    Could be useful for future MAME work if someone is able to decap (and photograph) various otherwise un-dumpable mask-ROM-based MCUs and other chips.

    1. Re:This is awesome... by Rik+Sweeney · · Score: 4, Interesting

      Interestingly, this was done for Bubble Bobble to ensure that the emulation was perfect:

      http://mamelife.blogspot.co.uk/2006/08/completed-at-last.html

      --
      Summation 2
    2. Re:This is awesome... by Anonymous Coward · · Score: 4, Informative

      This is done for the SNES, and all known coprocessors have been perfectly emulated. Write-up here, with pictures and explanations.

    3. Re:This is awesome... by jonwil · · Score: 3, Informative

      The devs have said many times that decapping will NOT help emulate Raiden II

    4. Re:This is awesome... by Applekid · · Score: 3, Insightful

      I'd like to take a moment and thank all these people for working tirelessly in uncovering these secret bits of gaming history. I'm both envious of how smart these people are and grateful that they've spent their energy on something I just so happen to love.

      --
      More Twoson than Cupertino
  3. As said this is not really new... by rimcrazy · · Score: 5, Informative

    I use to work for a large semiconductor company that manufactures microcontrollers. (I won't say who but they really make very small micro chips) I got into hot water once as I was the geek they called into a meeting to explain to a customer just how secure their technology was and because the rom code was stored in EEPROM that all was safe and secure. Well, first, no one told me the issue that was bothering the customer and second, they just called me in cold and I was asked "Can someone reverse engineer the code that is stored in the device." Being Dilbert to a T I looked at the crowd and said, "Sure if you have enough money. Just decap the device, put it into a voltage contrast SEM and fire it up. You'll have nice pictures of bright and dark spots on the memory array and in no time you'll have the code". Customer went batshit. My boss gave me the look of death and I'm standing there saying "What?" "You asked me if it can be done" "I just told you how to do it. It's not cheap but it's possible".

    These days this is probably a lot more difficult as many, not all, but many IC's are mounted in a package face down as they use bump technology to do both die attach and signal connections.

    --
    "TV, a medium as it is neither rare nor well done." Ernie Kovacs
    1. Re:As said this is not really new... by Anonymous Coward · · Score: 3, Interesting

      I also work at a large semiconductor company. There is some interesting research in both mitigating and defeating chip security. One attack technique for breaking into chips is to hold the debug line high and scan a laser over the surface of the chip to randomly flip bits, hoping to flip the one that is locking the debug line low. If the hardware designers were not thinking about redundantly, physically separating things on the chip, you might enable debug mode which bypasses all the lockdowns and encryptions.

      Hardware designers are wise to this of course, and now there are often entirely separate ARM cores with no purpose other than as a data integrity watchdog on the 'main' system(s) that can shut everything down. There are some very popular chips which use 2 identical ARM cores, one of which is delayed by 2 cycles. There is a dedicated circuit that performs a CMP on the output of the two chips and shuts everything down if there are any differences.

      I have seen designs that hardware encrypt everything including the bus and the EEPROM, so all program code is stored in the EEPROM encrypted, so who cares if you can image it? The decryption key is stored, also encrypted, in the EEPROM as well. There is a separate master boot key which decrypts the memory decryption key stored in a special battery-backed RAM register, which does not leave an 'after-image'. If the hardware watchdog system detects any shenanigans, or if you try to remove the chip from the system without preserving the battery backing, the master key is simply flushed and the chip rebooted. At that point it looks like a blank chip that hasn't been through UV erase (random data everywhere).

      I'm not a uC or hardware guy so some of this might be old news, but I found it interesting at least.

  4. A better method: captcha by ctrl-alt-canc · · Score: 5, Funny

    Just split the ROM mask image into subimages, and ask engineers to decode a piece of the embedded code to access pr0n sites, and you will get the job done in a few minutes.

  5. Re:THIS is what we need more of on /. by Jorl17 · · Score: 4, Insightful

    And yet, only 18 comments. Why? This was the most awesome article in MONTHS.

    --
    Have you heard about SoylentNews?