Pulling Bits From ROM Silicon Die Images: Unknown Architecture

Table of Contents

Introduction

My journey into Integrated Circuit Reverse Engineering (ICRE) has only just begun but I am completely consumed with passion for this field. Besides the computer/electrical engineering aspect to ICRE, there is a lot of physics and chemistry knowledge that is needed. For a while, the chemistry component scared me, as I had little to no knowledge of chemistry. Not to mention, working with the products necessary to decapsulate and delayer chips is quit dangerous.

Preparation

First things first, I had to look into a bunch of really expensive items and solvents to buy. Here is a list of equipment and supplies I purchased.

Deciding on a Lab Sample

Ironically, when I first decapsulated the CH340G from the Arduino Nano v3 board, I actually had no idea I would be stumbling into an entire section of ROM before beginning the delayering. Normally, when picking out a ROM project, you should have a fairly good understanding of your target; this includes familiarization with the architecture and processor from reading the datasheets. Fortunately, this was not the case for me, and you’ll find out why later on in the paper.

A delayered Atmega328P

Flash vs ROM Microscopy

You might be asking yourself, why can’t you also just read data off the flash memory segments using a metallurgical microscope like you would ROM? First, we should discuss the difference. Mask ROM (MROM) contains firmware code that is burned into the silicon of the chip during the design phase of the semiconductor manufacturing process. MROM are produced by arranging transistors before the photolithography process begins. Under a microscope, they can look very different from one another:

TI TMS5200NL ROM vs CBM 65CE02 ROM from SiliconPr0n
Transistor Mock-Up in NAND Flash
Flash memory transistor cells

How Bits Are Read

The reason we are able to see individual bits (‘1’s & ‘0’s) under a metallurgical microscope is because the bits are physically coded into the die. As shown in Ken Shirriff’s paper on Extracting ROM Constants, bits are programmed into the MROM by changing the silicon doping pattern, creating transistors or leaving insulating regions. In Ken’s example, if the presence of a transistor in a row exists, then we can assume that it is a 1 bit transistor. Generally, a row in a NOR MROM will contain two stacked transistors top-to-bottom per column as seen below.

ROM Image from TMS320C52

Getting Our Sample Ready

In the case of the Arduino Nano, the CH340G is always located at the bottom of the PCB. I took my desoldering heat gun and applied around 200°C of heat right above the target IC chip pins. This will take the solder from the joints and melt it, allowing you to safely remove the chip from the board.

CH340 soldered onto the Arduino Nano (no chip markings)

Decapsulation Reactions

Now is the time to get extra cautious because it is extremely dangerous working with corrosive acids. We are going to take a glass pipette (as glass does not react with H₂SO₄) and take around 20mL of 98% concentrated sulfuric acid from the container and place it into a 100ml beaker. We can drop our sample into the acid using some tweezers then place the beaker on the hotplate.

Decapsulating inside of a fume hood
  1. It could potentially recirculate some of the sulfuric dioxide (SO₂) fumes, which in turn will keep the acid concentration high. If the acid concentration drops too low, the probability of corrosion increases. I’m not 100% sure on this though, so feel free to ping me if I’m incorrect about this. I know this will work well with nitric acid (HNO₃) as the nitrogen dioxide (NO₂) fumes can recirculate back to HNO₃ in the presence of water.
Chip in process of acid bath
Extracted silicon die from epoxy packaging

Examining the First Sample

Now that our chip is rid of residual burnt epoxy, it is time for our microscope imaging so we can truly see what lives inside of the die.

CH340G imaged using 5x objective lens
If you want to see a higher resolution here, click here.

Delayering Reactions

There are many ways to delayer a chip but we will only go over a couple of them. The first thing we will need is the PTFE (Teflon) beakers I mentioned earlier in this paper. Neither hydrochloric acid (HCl) nor hydrofluoric acid (HF) react with this type of material and this material can be heated nicely on a hot plate. Well, to be more specific, with HCl, we can use glass beakers but with HF we cannot.

H₂O₂ (aq.) + HCl  (aq.) → H₂O + HOCl (aq.)
2HOCl + Cu → Cu(HOCl)₂
SiO₂ + 4HF → SiF₄ + 2H₂O
Delayered CH340
Top Right Corner: MROM of the CH340

Automate Extraction of ROM Bits

Enter rompar, an interactive tool used for extracting binary data out of MROM images using computer vision. It can be a bit intimidating at first, and there is a bit of a learning curve, but after a few runs with it, it is not so bad. The first thing we are going to want to do is prep our image, either using Gimp or any photo editing tool of your choice. The point is, we want to isolate and expand the MROM region of the image, crop it out, and sharpen it.

➜ python3 rompar.py image1-50x-ROM.jpg 16 1
Changing edit mode to GRID
Changing edit mode to GRID
Image is 11694x4318; 3 channels
process_image time 0.18801593780517578
read_data: computing
grid line redraw time: 6.4373016357421875e-06
grid circle redraw time: 1.1920928955078125e-05
render_image time: 0.22574210166931152
Rompar IR screen
Close up of bits in IR mode
Blue grid for ROM columns
Circled binary bits

Decoding the Bits

Now that we have our bit matrix file, it’s time to convert that into a readable and disassembled firmware file. We have one of two ways to go about doing this, zorrom or bitviewer. Generally, if we already know the architecture, use zorrom, a utilities tool to convert the data between physical and logical representations of a chip’s memory layout. Zorrom’s README states, “For example, a photograph of a boot ROM that has been converted into a 2D array of bits (.txt) can be converted into a machine readable binary (.bin). This .bin can then be emulated, disassembled, etc. as you’d do with any normal firmware file”. It has a great API to write and customize how the ROM should be read, i.e., the layout, endianness, whether or not it requires bit flipping, and output bit orders.

Metal layer (left), Substrate layer (Right)
Bitviewer opening screen
Bitview 16-bit columns
05C0: FE 73 FF DB EF ...  .s...t...t.b.|.j
05D0: FE 50 C6 5F D6 ... .P._._.Q...P....
05E0: DD 74 DF F8 ED ... .t...&.m...S.p..
05F0: FF 6D ED 00 FF ... .m...y...|.....>
0600: FF 7A FF 6A ED ... .z.j.<.g.Z.X.s..
0610: D9 74 CE 65 ED ... .t.e...W.p...[..
0620: E6 F0 F5 5B F0 ... ...[.W.W.W.W....
Inverted bits from Bitview
0770: 10 03 10 09 ...  .............U..
0780: 10 53 10 00 ... .S...B...2......
0790: 10 30 10 00 ... .0...-..3...3...
07A0: 33 F3 10 00 ... 3...3...3...3...
07B0: 2F A4 10 00 ... /.....(.....+...
07C0: 10 23 29 08 ... .#)...../.. .'/.
07D0: 10 02 10 03 ... ..../.....+..P.S
07E0: 2F A4 10 72 ... /..r.e/..i.r/..n
07F0: 10 6D 2F A4 ... .i/..t.a+.. .l..
JMP table
➜ python3 txt2bin.py --arch ch340t ch340_binary.txt ch340_fw.bin

Disassembling the Unknown

The biggest question thus far is how do we disassemble something that we do not know the architecture for? If it weren’t for the hard-coded strings we found, how would we have known we got the bytes in the right order? Well, the answer is not so simple or straightforward. We are going to use IDA Pro as our main disassembler tool but we will have to write our own custom plugin.

Delayered CH340 with Annotations
Partially disassembled view of the ch340 code

Cleanup: Acid-Base Neutralization

Sulfuric acid (H₂SO₄) can be neutralized by using an extremely strong base called sodium hydroxide (NaOH). This acid reacts with NaOH to produce sodium sulfate (Na₂SO₄) and water. This is an acid-base neutralization reaction which after balancing the equation, we can see it will need a proper 2:1 ratio of basic solution to acid.

2NaOH (aq) + HSO₄ (aq) → 2HO (l) + NaSO (aq)
testing pH levels of neutralized sulfuric acid

References & Thank You’s

Security Researcher | Reverse Engineer | Embedded Systems

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store