Integrated Circuit (IC) Reverse-Engineering is at a same time a known topic for chip vendors and one of the most obscure one for people working in the cyber-security field.
On the other hand, several integrators are suffering from some competitors that can sell the same products for a much cheaper price, not having to support the same R&D and support costs.
The pay-Tv industry suffered from heavy piracy in the 2000’s and made IC security evolved significantly over the years. Pirates had to use more and more sophisticated equipments to follow this increase in complexity such as Focused Ion Beam, Scanning Electron Microscope and micro-probing station. With the increase in bandwidth and the wide spread of Internet, this piracy evolved to key and stream sharing where the Integrated-Circuits no longer had to be hacked in order to propose unofficial services.
Pirates of this era had to find another source of income and off-branded products became of interest for them. This market of selling compatible products such as printer cartridges, video game controllers, etc allowed an access to global mass markets which translated to much bigger revenues. This off-branded product market represents annual revenues far exceeding the billion dollar mark.
This talk will demonstrate how genuine printer cartridges are hacked from reverse-engineering and invasive techniques to create perfect emulations that are flooding the market in a completely legal way.
It is going to show a work in progress on a secure microcontroller and highlight the common techniques used to “design” compatible products from chip depackaging to emulating the device. By doing so, the talk will discuss not only the work performed in the lab such as deprocessing, Scanning Electron Microscopy but also netlist extraction as well as finding vulnerabilities at the transistor level to dump embedded firmware and being able to emulate the target device.
Focused on a specific example, the talk will describe techniques that are applicable to a vast number of Integrated-Circuits that are not only used for consumer products but also for more sensitive and critical applications.