[HN Gopher] How to Reverse Engineer a 12 EUR Intel PCIe FPGA Car...
___________________________________________________________________
How to Reverse Engineer a 12 EUR Intel PCIe FPGA Card IBM 98Y2610
Author : zdw
Score : 78 points
Date : 2024-12-09 05:53 UTC (17 hours ago)
(HTM) web link (www.circuitvalley.com)
(TXT) w3m dump (www.circuitvalley.com)
| lnsru wrote:
| It's not that hard to reverse engineer anything you know about.
| You know, there is FPGA, there is PCIe, FPGA model is also known.
| All externals interfaces are also known. High probability, that
| the board is not broken.
|
| Imagine obscure motherboard, produced 25-30 years ago. No current
| colleague has seen it before. Half designed internally, other
| half circuits licensed. All the ICs met very aggressive thermal
| glue and their names are gone. The client is to ready to pay
| anything for the repair. They sent you crate full of broken
| boards. That's where real reverse engineering starts.
| 082349872349872 wrote:
| real reverse engineering: https://www.smbc-
| comics.com/comics/1717609925-20240605.png
| gsf_emergency wrote:
| Forsooth! the "reverse" in
|
| https://en.wikipedia.org/wiki/Reverse_mathematics
|
| Has the same semantic value, that one may thus observe
|
| " _Sufficiently advanced mathematics is indistinguishable
| from engineering_ " -not ACC
|
| [I'm distraught that WSmith didn't draw the symbol for "
| _Eigen... F*ck you_ "]
|
| https://youtu.be/LUuogMZ0eP8
|
| (Healthy Imbecilic Artificial Divinity (mei))
| mikewarot wrote:
| Or imagine a Drake R8A receiver, described as "guaranteed NOT
| to work" that a friend picked up. It can be tricked into
| working, but it gives a "PWRLOS" display most of the time, and
| there is no discernable cause. Thanks to the obscure NEC
| uPD78213 cpu actually being available and documented, and
| having no internal rom... it's time to write a disassembler[1]
| (or later find out that MAME has one[2] thats pretty good),
| look at all the schematics, and figure out how the firmware
| works.
|
| *Still working on the disassembler, because I can _eventually_
| make mine interactive, add labels, comments, etc.
|
| [1] https://github.com/mikewarot/Res78213
|
| [2] https://docs.mamedev.org/debugger/memory.html#debugger-
| comma...
| lnsru wrote:
| One must love Drake R8A receiver! I would say, that having no
| internal ROM is an advantage in this situation.
| jandrese wrote:
| "No internal ROM" might mean that it relies on a bunch of
| custom PLA chips which would not be an improvement. With a
| ROM there is at least a chance you can dump it and run a
| disassembler on the contents to figure out what it is
| trying to do.
| lnsru wrote:
| Looks like there is regular EPROM in this case. Nothing
| too ugly. Except very old microprocessor.
| mikewarot wrote:
| Nope, I've got complete schematics, and a dump of the
| EPROM. It's going to take a while to figure out how the
| heck why it's hallucinating a power failure (the signals
| going into the CPU are appropriate).
| jandrese wrote:
| Oh, it has a ROM, just on an external chip. I
| misunderstood your original post. I thought they had
| somehow programmed the device without using ROM at all,
| which made it either very old school or very custom.
| evoke4908 wrote:
| Doesn't a PLA just boil down to a truth table that you
| can dump the same way? Or am I thinking of the other kind
| of programmable logic chip used for this purpose? GAL, I
| think?
| jandrese wrote:
| It is a truth table, but normally there isn't a way to
| dump them.
| buildbot wrote:
| Any idea how much a service like that actually costs? Say I had
| an old camera, how much would reversed engineering the CCD
| drive circuit cost?
| lnsru wrote:
| What's your expectation from CCD drive circuit? Understand
| enough and repair it? Make a similar device? Make a
| micrometer exact clone?
|
| In that case with old crap we used X-ray pcb inspection
| machine. Made enough pictures to recreate all the copper
| traces on paper. Was enough to understand how it works and
| repair.
| tyingq wrote:
| He doesn't mention it's a RS485 I/O card meant to fit into an CEC
| expansion box in a Z14 mainframe. Might be helpful terms to
| search if you're looking to find very similar parts...since there
| might be run on this one specifically. Found part number 98Y6848
| looking this way, which seems like an updated (or maybe just
| renumbered) version of this.
| trollbridge wrote:
| RS-485 is pretty much the standard to communicate with SDLC to
| another device. Think of this board as a serial port for a
| mainframe. Looks like the same card is intended for use in IBM
| POWER hardware too, running OS/400 or AIX (or Linux).
|
| Of course, an open question is who on earth is still using SDLC
| over RS-485 these days, but then again I still see new Dell
| servers fitted with RS-232 ports.
| MisterTea wrote:
| I hope serial never goes away. It's a time tested
| communications interface that is simple to implement and not
| a patent minefield.
| evoke4908 wrote:
| We've been using RS232 since 1960. I have 100% confidence
| that in a thousand years there will still be engineering
| terminals in starships emulating a VT100
| Aloha wrote:
| There will at least - in 75 years be something
| internally, a minimum layer of abstraction that looks a
| whole lot like VT100 escape codes in a character stream.
| It's probably one of the stickiest API's that I can think
| of.
| numpad0 wrote:
| RS-232/422/485 are better than surprise USB-C port that
| require outdated specific Rust compilers and random 32bit ARM
| binary and an archive.org copy of random repository along
| cryptic code comments in it to make it work. Obsoleting RS-*
| ports could very well trigger that event.
| f_devd wrote:
| What is this a reference to? I'm guessing an rlib was
| required without them considering ABI stablility, but I
| can't figure out the rest.
| anyfoo wrote:
| The problem though is that while serial is indeed much more
| commonplace than you might think (look at any device in
| your household, chances are high that it contains _at
| least_ one internal serial port that was used for
| development), it's all 3.3V or less with no negative
| voltages now. We don't really use the RS-232 physical
| interface much anymore, it's very unwieldy. (We also
| seldomly connect anything but the tx and rx lines, which is
| a bit of a shame for flow control, but often sufficient for
| what the ports are actually used for.)
|
| So if you interface with those "modern" incarnations of
| serial ports today, your built in RS-232 COM port is
| useless most of the time anyway, and you already resort to
| a small, cheap USB serial adapter board.
| gbraad wrote:
| It sells on taobao for 300 CNY
|
| The updated board: 98Y6848 sells for about 240 CNY
| KeplerBoy wrote:
| If you want to tinker with PCIe FPGAs I would rather look into
| DMA Cards developed for PCIleech, Nitefury/Litefury boards or
| Alinx boards.
|
| All of these options can be had for ~100$.
| deivid wrote:
| been looking for something like this, thanks!
| Beijinger wrote:
| LOL. What does it do? DMA Gladiator, FPGA DMA with Custom
| Unique PCILeech Firmware
|
| For cheating in games?
| KeplerBoy wrote:
| Yes, people use it for cheating in online games.
|
| PCIleech was originally a framework developed for general
| pentesting and redteaming. Under certain circumstances pcie
| devices have read and write access to the entirety of the RAM
| without any special software running on the connected PC. The
| pcie device can simply send packets requesting the contents
| of addresses and the bus happily responds. This enables all
| kinds of interesting things. Unfortunately games also store
| the position of enemy players in memory, so people use it to
| read those values from memory.
|
| But at least we got cheap fpga devices from that situation.
| buildbot wrote:
| There's also the ex-Azure catapult cards someone RE'd:
| https://j-marjanovic.io/stratix-v-accelerator-card-from-ebay...
|
| The nite/litefury boards are 100% the best starting place
| though.
___________________________________________________________________
(page generated 2024-12-09 23:01 UTC)