[HN Gopher] Pulling Bits from ROM Silicon Die Images: Unknown Ar...
___________________________________________________________________
Pulling Bits from ROM Silicon Die Images: Unknown Architecture
Author : mariuz
Score : 72 points
Date : 2021-03-22 15:23 UTC (7 hours ago)
(HTM) web link (ryancor.medium.com)
(TXT) w3m dump (ryancor.medium.com)
| Scoundreller wrote:
| Will give this a more thorough read later, but definitely has a
| Chris Tarnovsky feel of what he had posted about paytv cards.
|
| Whenever dealing with HF (hydrofluoric acid, not high frequency!)
| make sure you have your calcium-based antidotes handy and get
| yourself to a hospital if exposed. It's incredibly harmful, but
| may not feel that way.
| azalemeth wrote:
| Indeed. HF causes life-long disfigurement and can be fatal. IV
| calcium gluconate is the antidote in question, often prescribed
| until ECG changes become limiting. It is a small ion and
| literally eats your bones. I'm amazed you can buy it in a
| product from Amazon in the US.
|
| That warning aside, this article is _amazing_ --- very
| insightful. I 've no idea how to begin reversing an unknown
| architecture's firmware. I'm still not entirely sure I know the
| point of this, but it's definitely fun...
| Scoundreller wrote:
| Industrially, I've seen calcium topical formulations as
| something to hold you over.
| 404mm wrote:
| This is pretty mind blowing. I'm barely grasping the idea of
| being capable of manufacturing something _this_ small. But
| reversing the process is straight up there with unscrambling
| eggs. Just wow.
| PaulHoule wrote:
| From an image processing perspective I think this is just like
| reading a 2-d barcode like data matrix or QR or maybe reading a
| punchcard.
|
| Getting to the image though is an act of physical heroism that
| he builds up to gradually (e.g. how can you really be so afraid
| of H2SO4?) to the point where he is mixing acids with bleach at
| which point I'm intimidated.
| kens wrote:
| Two things make extracting the data more complex than
| something like a QR code or punchcard. First, the image
| quality from a die usually isn't perfect. There are often a
| few spots where it's hard to figure out visually, let alone
| with software.
|
| Second, the ROM layout isn't documented and there are a lot
| of possibilities. Big-endian or little-endian? Is a
| transistor a 1 or 0? What direction does the layout go? Are
| columns or rows more significant bits? So you end up with
| 2x2x2x... possibilities for interpretation. And that's
| assuming the ROM layout doesn't have something entirely
| unexpected, which happens quite often.
| superfamicom wrote:
| I was first introduced to this concept through emulation,
| specifically Super Nintendo & Arcade work and would eagerly watch
| change logs. It is amazing to see it really step by step, and
| even now it still feels like magic.
|
| - https://news.ycombinator.com/item?id=3675123
| monocasa wrote:
| Before them, flylogic was publicly documenting the same kind of
| work in 2007.
|
| https://web.archive.org/web/20080612172433/http://www.flylog...
___________________________________________________________________
(page generated 2021-03-22 23:01 UTC)