( ESNUG 291 Item 8 ) ----------------------------------------------- [5/27/98]
Subject: ( ESNUG 290 #0 ) Want To Copy Source Code From Inside Microchip
> I got a microchip, its width and length is about 5mm(millimetres), and
> it has probably 40 pins. I want to copy out the source program (set of
> microinstructions) written inside it, and write the codes to a new
> microchip. Because this microchip is so small, it's difficult to find
> the matched tools. Do anyone know what equipment should I use to
> accomplish this job? And what's the type of the equipment, where can
> I get it? Or if any company can do this, would you please let me know.
> Your helps would be highly appreciated.
>
> - Wenqiang
> Chinese Linux User Group Guangzhou, China
From: Sy Wong <sywong@hermix.markv.com>
Wenqiang,
I hope that you are not playing a joke about your need to read the
microcode and also not necessrily intent on stealing. The ESNUG readers
probably will laugh at me also because my experiences were so old.
Actually I did look at a 16-bit microprocessor chip in the mid-70s to
trace the signal progress to find metal breaks. That chip was on
sapphire substrate and had only one metal layer. Modern chips with many
layers may not be possible. I was not stealing design because I designed
that chip myself, all 4400 transistors. The joksters will probably also
laugh at such small transistor counts but that was almost quarter of a
century ago.
That chip had 48 pads in a leadless carrier with top open for
observations. First a very thin layer of gold had to be sputtered on the
chip, cannot be too thin or too thick, which shorts out everything. The
chip was put at an angle in a SEM on special holder with all leads
brought out. When the accelerating voltage was adjusted just right, the
signal voltage will cause different secondary emissions to be collected
and showed up as different contrasts. Very ticklish adjustments. The
processor was asynchronous so that we could single step some test program
through to trace the signal from pads to the inside. With that we did
find the metal breaks and corrected the etching process with new
equipment.
I imaging you can check the microcode or instruction codes in internal
memories also if it is single metal and not obscured. Most
microprocessors are not asynchronous and none I know even in early 80s
used only a single metal layer. Also, my features were humongous by
today's standards, 7.5u. Today's features may be too small and layers
too many. The problem is also you need several chips to adjust the gold
thickness just right. I had entire wafers (huge 2" dia!) to play with.
Also, I had a Ph.D SOS expert from Rockwell as my one-man processing lab
with SEMs to show me how. You probably do not have such help. Needless
to say, it was very, very time-consuming.
Hope this will cool your desire to read the micro-code. I cannot think
of a good reason why anybody wants to do such reverse engineering. If
you are designing a chip with the same instruction set, the time would be
better spent in designing your own microcode or even hardwire it.
May be the ESNUG jokesters were trying to give you good advice but they
need not be so crude.
- Sy Wong
MarkV
|
|
