Reverse engineering masked ROMs, PLAs

Discussion in 'General Electronics' started by Eric Smith, Apr 8, 2005.

  1. Eric Smith

    Eric Smith Guest

    Ray Andraka wrote about reverse-engineering ASICs based on behavior vs.
    analyzing the mask layout:
    > it may take a bit of work to ferret out all the operation, but it is
    > likely still easier than trying to reverse engineer from masks.


    Speaking of such things, I have a number of old chips from which I want
    to extract masked ROM and PLA contents from. Since those are very
    regular strutures, and they in parts with single layer metal in 5 micron
    and larger geometry, it should be fairly easy. In fact, here's an
    example of someone doing this:
    http://www.pmonta.com/calculators/hp-35/

    He extracted code from 10 micron PMOS masked ROMs that were packaged in
    metal cans, by the simple expedient of removing the top of the can with
    a dremel tool or the like.

    I want to do basically the same thing with other chips from that era,
    but they're in plastic DIP packaging. I don't want to mess with
    high-temperature fuming nitric acid and such things. Can anyone
    recommend a lab that will do this, and take photomicrographs, at
    a "reasonable" price?

    Before everyone jumps on me about piracy, I'll explain that the ROM
    and PLA code in question is NOT copyrighted.

    Thanks!
    Eric
     
    Eric Smith, Apr 8, 2005
    #1
    1. Advertising

  2. Eric Smith

    Robert Baer Guest

    Eric Smith wrote:

    > Ray Andraka wrote about reverse-engineering ASICs based on behavior vs.
    > analyzing the mask layout:
    >
    >>it may take a bit of work to ferret out all the operation, but it is
    >>likely still easier than trying to reverse engineer from masks.

    >
    >
    > Speaking of such things, I have a number of old chips from which I want
    > to extract masked ROM and PLA contents from. Since those are very
    > regular strutures, and they in parts with single layer metal in 5 micron
    > and larger geometry, it should be fairly easy. In fact, here's an
    > example of someone doing this:
    > http://www.pmonta.com/calculators/hp-35/
    >
    > He extracted code from 10 micron PMOS masked ROMs that were packaged in
    > metal cans, by the simple expedient of removing the top of the can with
    > a dremel tool or the like.
    >
    > I want to do basically the same thing with other chips from that era,
    > but they're in plastic DIP packaging. I don't want to mess with
    > high-temperature fuming nitric acid and such things. Can anyone
    > recommend a lab that will do this, and take photomicrographs, at
    > a "reasonable" price?
    >
    > Before everyone jumps on me about piracy, I'll explain that the ROM
    > and PLA code in question is NOT copyrighted.
    >
    > Thanks!
    > Eric

    ....and, pray tell, how do you get to that conclusion?
    Every time one generates a document or a pattern (in this case the
    codes, masks, etc), such items *by FEDERAL law* are copyrighted!
    In fact, your missive to this NG, and my answer here is copyrighted!
    Now, if anyone wanted to make some lawyers rich and go to court over
    mis-use of copyrighted material, then copyright *registration* would be
    considered as the ultimate proof that judges cannot go against.
     
    Robert Baer, Apr 9, 2005
    #2
    1. Advertising

  3. Eric Smith

    Eric Smith Guest

    I wrote:
    > Before everyone jumps on me about piracy, I'll explain that the ROM
    > and PLA code in question is NOT copyrighted.


    Robert Baer wrote:
    > ...and, pray tell, how do you get to that conclusion?


    By knowing some of the details of US Copyright Law (Title 17 of the
    United States Code).

    > Every time one generates a document or a pattern (in this case the
    > codes, masks, etc), such items *by FEDERAL law* are copyrighted!


    In the US, that wasn't the case before the Berne Copyright Convention took
    effect, March 1, 1989. See 17 U.S.C. 405(a):

    Sec. 405. Notice of copyright: Omission of notice on certain copies
    and phonorecords

    (a) Effect of Omission Copyright on With respect to copies and
    phonorecords publicly distributed by authority of the copyright owner
    before the effective date of the Berne Convention Implementation Act
    of 1988, the omission of the copyright notice described in sections
    401 through 403 from copies or phonorecords publicly distributed by
    authority of the copyright owner does not invalidate the copyright in
    a if work

    * (1) the notice has been omitted from no more than a relatively
    small number of copies or phonorecords distributed to the
    public; or

    * (2) registration for the work has been made before or is made
    within five years after the publication without notice, and a
    reasonable effort is made to add notice to all copies or
    phonorecords that are distributed to the public in the United
    States after the omission has been discovered; or

    * (3) the notice has been omitted in violation of an express
    requirement in writing that, as a condition of the copyright
    owner's authorization of the public distribution of copies or
    phonorecords, they bear the prescribed notice.

    In the case of the ROMs and PLAs I want to extract, none of the
    conditions for preservation of a copyright without notice have been
    met.

    Also, these parts were sold before the Semiconductor Chip Protection Act
    of 1984 (17 USC 901 et seq.) was enacted, so they are not elgible for
    protection as mask works.

    > In fact, your missive to this NG, and my answer here is copyrighted!


    True, because the Berne Convention is in effect. I'm including quotes
    from your message here as a matter of fair use.

    > Now, if anyone wanted to make some lawyers rich and go to court
    > over mis-use of copyrighted material, then copyright *registration*
    > would be considered as the ultimate proof that judges cannot go
    > against.


    Technically registration is still a legal requirement, even though
    a copyright notice is not.

    However, the main practical effect of registration is that it allows you
    to collect actual damages for infringement. Without registration, you
    can only collect statutory damages, though they can be fairly substantial.

    Eric
     
    Eric Smith, Apr 9, 2005
    #3
  4. Eric Smith

    Guy Macon Guest

    Content-Transfer-Encoding: 8Bit


    Eric Smith wrote:

    >the Berne Copyright Convention took effect [0n], March 1, 1989.
    >See 17 U.S.C. 405(a):
    >
    > Sec. 405. Notice of copyright: Omission of notice on certain copies
    > and phonorecords
    >
    > (a) Effect of Omission Copyright on With respect to copies and
    > phonorecords publicly distributed by authority of the copyright owner
    > before the effective date of the Berne Convention Implementation Act
    > of 1988, the omission of the copyright notice described in sections
    > 401 through 403 from copies or phonorecords publicly distributed by
    > authority of the copyright owner does not invalidate the copyright in
    > a if work
    >
    > * (1) the notice has been omitted from no more than a relatively
    > small number of copies or phonorecords distributed to the
    > public; or
    >
    > * (2) registration for the work has been made before or is made
    > within five years after the publication without notice, and a
    > reasonable effort is made to add notice to all copies or
    > phonorecords that are distributed to the public in the United
    > States after the omission has been discovered; or
    >
    > * (3) the notice has been omitted in violation of an express
    > requirement in writing that, as a condition of the copyright
    > owner's authorization of the public distribution of copies or
    > phonorecords, they bear the prescribed notice.
    >
    >In the case of the ROMs and PLAs I want to extract, none of the
    >conditions for preservation of a copyright without notice have been
    >met.


    Just for reference, here is a list of when copyrights run
    out in various situations. Corrections/comments welcome.

    **************************************************

    DATE OF WORK: Published before 1923

    PROTECTED FROM: In public domain

    TERM: None

    **************************************************

    DATE OF WORK: Published from 1923 - 63

    PROTECTED FROM: When published with notice [3]

    TERM: 28 years + could be renewed for 47 years,
    now extended by 20 years for a total renewal
    of 67 years. If not so renewed, now in
    public domain

    **************************************************

    DATE OF WORK: Published from 1964 - 77

    PROTECTED FROM: When published with notice 28 years
    for first term;

    TERM: now automatic extension of 67 years for
    second term

    **************************************************

    DATE OF WORK: Created before 1-1-78 but not published

    PROTECTED FROM: 1-1-78 (Effective date of 1976
    Copyright Act)

    TERM: Life + 70 years or 12-31-2002, whichever is greater

    **************************************************

    DATE OF WORK: Created before 1-1-78 but published
    between then and 12-31-2002

    PROTECTED FROM: 1-1-78, (Effective date of 1976
    Copyright Act)

    TERM: Life + 70 years or 12-31-2047 whichever
    is greater

    **************************************************

    DATE OF WORK: Created 1-1-78 or after

    PROTECTED FROM: When work is fixed in tangible
    medium of expression

    TERM: Life + 70 years [1] (or if work of corporate
    authorship, the shorter of 95 years from
    publication, or 120 years from creation [2]

    **************************************************

    Notes:

    [1] Term of joint works is measured by life of the
    longest-lived author.

    [2] Works for hire, anonymous and pseudonymous
    works also have this term. 17 U.S.C. § 302(c).

    [3] Under the 1909 Act, works published without
    notice went into the public domain upon
    publication. Works published without notice
    between 1-1-78 and 3-1-89, effective date of
    the Berne Convention Implementation Act, retained
    copyright only if, e.g., registration was made
    within five years. 17 U.S.C. § 405.

    Source: Tom Field / Lolly Gasaway.

    --
    Guy Macon <http://www.guymacon.com/>
     
    Guy Macon, Apr 9, 2005
    #4
  5. Eric Smith

    Joe Seigh Guest

    On 08 Apr 2005 19:16:09 -0700, Eric Smith <> wrote:

    > I wrote:
    >> Before everyone jumps on me about piracy, I'll explain that the ROM
    >> and PLA code in question is NOT copyrighted.

    >
    > Robert Baer wrote:
    >> ...and, pray tell, how do you get to that conclusion?

    >
    > By knowing some of the details of US Copyright Law (Title 17 of the
    > United States Code).
    >
    >> Every time one generates a document or a pattern (in this case the
    >> codes, masks, etc), such items *by FEDERAL law* are copyrighted!

    >
    > In the US, that wasn't the case before the Berne Copyright Convention took
    > effect, March 1, 1989. See 17 U.S.C. 405(a):
    >


    IANAL, but I believe that requirement for copyright notice applied to
    published works then. But I don't know whether PLA code was considered
    an expression that was copyrightable then or that distributing IC
    constituted publication even. You probably need a real IP lawyer
    to answer that. But since you're incurring the liablity here, it's
    your call.

    If you were considering putting this stuff under an opensource license
    it might be more problematic since you would not be the original author
    by your own admission. You'd probably want to document why you think
    the work is in the public domain.


    --
    Joe Seigh
     
    Joe Seigh, Apr 9, 2005
    #5
  6. Eric Smith wrote:

    > Ray Andraka wrote about reverse-engineering ASICs based on behavior vs.
    > analyzing the mask layout:
    >> it may take a bit of work to ferret out all the operation, but it is
    >> likely still easier than trying to reverse engineer from masks.

    >
    > Speaking of such things, I have a number of old chips from which I want
    > to extract masked ROM and PLA contents from. Since those are very
    > regular strutures, and they in parts with single layer metal in 5 micron
    > and larger geometry, it should be fairly easy. In fact, here's an
    > example of someone doing this:
    > http://www.pmonta.com/calculators/hp-35/


    This seems to have emerged from another newsgroup so the context of the
    original question is not clear. However, I think that those who need to
    perform reverse engineering of anything (and I have done more than my fair
    share of it - by neccessity) should be on clear ground as far as IP issues
    are concerned.

    My own reverse engineering work was always for a client who owned the
    equipment and IP rights but had lost the documentation for systems that
    needed to be modified. If you are doing it for reasons other than that then
    the wicket is getting very sticky.

    --
    ********************************************************************
    Paul E. Bennett ....................<email://>
    Forth based HIDECS Consultancy .....<http://www.amleth.demon.co.uk/>
    Mob: +44 (0)7811-639972
    Tel: +44 (0)1235-811095
    Going Forth Safely ....EBA. http://www.electric-boat-association.org.uk/
    ********************************************************************
     
    Paul E. Bennett, Apr 9, 2005
    #6
  7. Eric Smith

    Robert Baer Guest

    Eric Smith wrote:

    > I wrote:
    >
    >>Before everyone jumps on me about piracy, I'll explain that the ROM
    >>and PLA code in question is NOT copyrighted.

    >
    >
    > Robert Baer wrote:
    >
    >>...and, pray tell, how do you get to that conclusion?

    >
    >
    > By knowing some of the details of US Copyright Law (Title 17 of the
    > United States Code).
    >
    >
    >> Every time one generates a document or a pattern (in this case the
    >>codes, masks, etc), such items *by FEDERAL law* are copyrighted!

    >
    >
    > In the US, that wasn't the case before the Berne Copyright Convention took
    > effect, March 1, 1989. See 17 U.S.C. 405(a):
    >
    > Sec. 405. Notice of copyright: Omission of notice on certain copies
    > and phonorecords
    >
    > (a) Effect of Omission Copyright on With respect to copies and
    > phonorecords publicly distributed by authority of the copyright owner
    > before the effective date of the Berne Convention Implementation Act
    > of 1988, the omission of the copyright notice described in sections
    > 401 through 403 from copies or phonorecords publicly distributed by
    > authority of the copyright owner does not invalidate the copyright in
    > a if work
    >
    > * (1) the notice has been omitted from no more than a relatively
    > small number of copies or phonorecords distributed to the
    > public; or
    >
    > * (2) registration for the work has been made before or is made
    > within five years after the publication without notice, and a
    > reasonable effort is made to add notice to all copies or
    > phonorecords that are distributed to the public in the United
    > States after the omission has been discovered; or
    >
    > * (3) the notice has been omitted in violation of an express
    > requirement in writing that, as a condition of the copyright
    > owner's authorization of the public distribution of copies or
    > phonorecords, they bear the prescribed notice.
    >
    > In the case of the ROMs and PLAs I want to extract, none of the
    > conditions for preservation of a copyright without notice have been
    > met.
    >
    > Also, these parts were sold before the Semiconductor Chip Protection Act
    > of 1984 (17 USC 901 et seq.) was enacted, so they are not elgible for
    > protection as mask works.
    >
    >
    >> In fact, your missive to this NG, and my answer here is copyrighted!

    >
    >
    > True, because the Berne Convention is in effect. I'm including quotes
    > from your message here as a matter of fair use.
    >
    >
    >> Now, if anyone wanted to make some lawyers rich and go to court
    >>over mis-use of copyrighted material, then copyright *registration*
    >>would be considered as the ultimate proof that judges cannot go
    >>against.

    >
    >
    > Technically registration is still a legal requirement, even though
    > a copyright notice is not.
    >
    > However, the main practical effect of registration is that it allows you
    > to collect actual damages for infringement. Without registration, you
    > can only collect statutory damages, though they can be fairly substantial.
    >
    > Eric

    The Semiconductor Chip Protection Act is not relevant; the masks
    could be covered as works of art.
    As far as age goes, you are correct - if an item is old enough, then
    notice would be needed.
    Without registration, collection of statutory damages would be rather
    difficult as one would have to prove ownership and priority.
    Registration is equivalent to "overkill" proof.
     
    Robert Baer, Apr 10, 2005
    #7
  8. Eric Smith

    Pi Guest

    On 08 Apr 2005 12:53:25 -0700, Eric Smith <> wrote:

    >Ray Andraka wrote about reverse-engineering ASICs based on behavior vs.

    <snip>
    >Can anyone recommend a lab that will do this, and take photomicrographs, at
    >a "reasonable" price?
    >Before everyone jumps on me about piracy, I'll explain that the ROM
    >and PLA code in question is NOT copyrighted.


    So why not look at what they do, the functionality and re-create it
    with new parts? That way you avoid legal problems.

    Regards,
    Pieter
     
    Pi, Apr 10, 2005
    #8
  9. "Pi" <> wrote in message
    news:...
    > On 08 Apr 2005 12:53:25 -0700, Eric Smith <> wrote:
    >
    > >Ray Andraka wrote about reverse-engineering ASICs based on behavior

    vs.
    > <snip>
    > >Can anyone recommend a lab that will do this, and take

    photomicrographs, at
    > >a "reasonable" price?
    > >Before everyone jumps on me about piracy, I'll explain that the ROM
    > >and PLA code in question is NOT copyrighted.

    >
    > So why not look at what they do, the functionality and re-create it
    > with new parts? That way you avoid legal problems.
    >
    > Regards,
    > Pieter


    I think maybe IDC in Arizona, (Phoenix), and MOSAID used to do a lot of
    this delayering and taking picture stuff. Else, anybody that is in the
    Failure Analysis business for Semiconductors. Lucky for you these are
    from a vintage that makes it conceivable to me. Doing what the chinese
    probably did to that crypto equipment on something modern is way beyond
    my scope.

    del
     
    Delbert Cecchi, Apr 12, 2005
    #9
  10. Eric Smith

    Clint Sharp Guest

    In message <ACF6e.561771$>,
    Delbert Cecchi <> writes
    >Doing what the chinese
    >probably did to that crypto equipment on something modern is way beyond
    >my scope.

    Any references to the story?
    >
    >del
    >
    >


    --
    Clint Sharp
     
    Clint Sharp, Apr 12, 2005
    #10
  11. "Clint Sharp" <> wrote in message
    news:...
    > In message

    <ACF6e.561771$>,
    > Delbert Cecchi <> writes
    > >Doing what the chinese
    > >probably did to that crypto equipment on something modern is way

    beyond
    > >my scope.

    > Any references to the story?
    > >
    > >del
    > >
    > >

    >
    > --
    > Clint Sharp


    I was referring to the US Electronic Intelligence or something plane
    that got kidnapped out of international airspace near china and forced
    to land. Got the crew back in a while. As I recall we got the airframe
    back in boxes. It was rumored the crew didn't have enough time to
    destroy all. Probably within last 10 or so years. Google should turn
    it up. EC137 may have been the aircraft type.

    I don't know what happened to the electronics but I can guess.

    del cecchi
     
    Delbert Cecchi, Apr 13, 2005
    #11
  12. Eric Smith

    Kelly Hall Guest

    Delbert Cecchi wrote:

    > I was referring to the US Electronic Intelligence or something plane
    > that got kidnapped out of international airspace near china and forced
    > to land. Got the crew back in a while. As I recall we got the airframe
    > back in boxes. It was rumored the crew didn't have enough time to
    > destroy all. Probably within last 10 or so years. Google should turn
    > it up. EC137 may have been the aircraft type.


    A Chinese F-8 and a US EP-3 collided during an intercept; the F-8 was
    lost and the EP-3 performed an emergency landing at Hainan airfield. A
    fairly standard cock-up between great powers.

    Kelly
     
    Kelly Hall, Apr 13, 2005
    #12
  13. On Wed, 13 Apr 2005 03:44:48 GMT, Kelly Hall <> wrote:
    >A Chinese F-8 and a US EP-3 collided during an intercept; the F-8 was
    >lost and the EP-3 performed an emergency landing at Hainan airfield. A
    >fairly standard cock-up between great powers.


    And I'm certain that it wasn't deliberate just to hand bogus equipment to the Chinese. (Excuse me,
    somebody's knocking on my door.)


    --
    #include <standard.disclaimer>
    _
    Kevin D Quitt USA 91387-4454 96.37% of all statistics are made up
    Per the FCA, this address may not be added to any commercial mail list
     
    Kevin D. Quitt, Apr 13, 2005
    #13
  14. Kelly Hall <> wrote in message news:<QA07e.2350$>...
    > Delbert Cecchi wrote:
    >
    > > I was referring to the US Electronic Intelligence or something plane
    > > that got kidnapped out of international airspace near china and forced
    > > to land. Got the crew back in a while. As I recall we got the airframe
    > > back in boxes. It was rumored the crew didn't have enough time to
    > > destroy all. Probably within last 10 or so years. Google should turn
    > > it up. EC137 may have been the aircraft type.

    >
    > A Chinese F-8 and a US EP-3 collided during an intercept; the F-8 was
    > lost and the EP-3 performed an emergency landing at Hainan airfield. A
    > fairly standard cock-up between great powers.
    >
    > Kelly


    the theme for this episode of Jag:
    http://www.tvtome.com/tvtome/servlet/GuidePageServlet/showid-242/epid-99581/

    though the ending is a bit different ;)

    -Lasse
     
    Lasse Langwadt Christensen, Apr 14, 2005
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rastislav Struharik

    Reverse engineering an EDIF file?

    Rastislav Struharik, Nov 10, 2003, in forum: Electronic Design
    Replies:
    8
    Views:
    801
    Joonas Timo Taavetti Kekoni
    Jan 2, 2004
  2. Paul Mathews
    Replies:
    0
    Views:
    379
    Paul Mathews
    Mar 5, 2004
  3. T

    Reverse engineering

    T, Sep 25, 2004, in forum: Electronic Design
    Replies:
    13
    Views:
    597
    Guy Macon
    Sep 26, 2004
  4. Rastislav Struharik

    Reverse engineering an EDIF file?

    Rastislav Struharik, Nov 10, 2003, in forum: CAD
    Replies:
    8
    Views:
    611
    Joonas Timo Taavetti Kekoni
    Jan 2, 2004
  5. Philipp Klaus Krause

    Security fuses / reverse engineering

    Philipp Klaus Krause, Jun 25, 2006, in forum: Electronic Design
    Replies:
    7
    Views:
    1,623
    martin griffith
    Jun 26, 2006
Loading...

Share This Page