Connect with us

Reverse engineering masked ROMs, PLAs

Discussion in 'General Electronics' started by Eric Smith, Apr 8, 2005.

Scroll to continue with content
  1. Eric Smith

    Eric Smith Guest

    Ray Andraka wrote about reverse-engineering ASICs based on behavior vs.
    analyzing the mask layout:
    Speaking of such things, I have a number of old chips from which I want
    to extract masked ROM and PLA contents from. Since those are very
    regular strutures, and they in parts with single layer metal in 5 micron
    and larger geometry, it should be fairly easy. In fact, here's an
    example of someone doing this:

    He extracted code from 10 micron PMOS masked ROMs that were packaged in
    metal cans, by the simple expedient of removing the top of the can with
    a dremel tool or the like.

    I want to do basically the same thing with other chips from that era,
    but they're in plastic DIP packaging. I don't want to mess with
    high-temperature fuming nitric acid and such things. Can anyone
    recommend a lab that will do this, and take photomicrographs, at
    a "reasonable" price?

    Before everyone jumps on me about piracy, I'll explain that the ROM
    and PLA code in question is NOT copyrighted.

  2. Robert Baer

    Robert Baer Guest

    ....and, pray tell, how do you get to that conclusion?
    Every time one generates a document or a pattern (in this case the
    codes, masks, etc), such items *by FEDERAL law* are copyrighted!
    In fact, your missive to this NG, and my answer here is copyrighted!
    Now, if anyone wanted to make some lawyers rich and go to court over
    mis-use of copyrighted material, then copyright *registration* would be
    considered as the ultimate proof that judges cannot go against.
  3. Eric Smith

    Eric Smith Guest

    By knowing some of the details of US Copyright Law (Title 17 of the
    United States Code).
    In the US, that wasn't the case before the Berne Copyright Convention took
    effect, March 1, 1989. See 17 U.S.C. 405(a):

    Sec. 405. Notice of copyright: Omission of notice on certain copies
    and phonorecords

    (a) Effect of Omission Copyright on With respect to copies and
    phonorecords publicly distributed by authority of the copyright owner
    before the effective date of the Berne Convention Implementation Act
    of 1988, the omission of the copyright notice described in sections
    401 through 403 from copies or phonorecords publicly distributed by
    authority of the copyright owner does not invalidate the copyright in
    a if work

    * (1) the notice has been omitted from no more than a relatively
    small number of copies or phonorecords distributed to the
    public; or

    * (2) registration for the work has been made before or is made
    within five years after the publication without notice, and a
    reasonable effort is made to add notice to all copies or
    phonorecords that are distributed to the public in the United
    States after the omission has been discovered; or

    * (3) the notice has been omitted in violation of an express
    requirement in writing that, as a condition of the copyright
    owner's authorization of the public distribution of copies or
    phonorecords, they bear the prescribed notice.

    In the case of the ROMs and PLAs I want to extract, none of the
    conditions for preservation of a copyright without notice have been

    Also, these parts were sold before the Semiconductor Chip Protection Act
    of 1984 (17 USC 901 et seq.) was enacted, so they are not elgible for
    protection as mask works.
    True, because the Berne Convention is in effect. I'm including quotes
    from your message here as a matter of fair use.
    Technically registration is still a legal requirement, even though
    a copyright notice is not.

    However, the main practical effect of registration is that it allows you
    to collect actual damages for infringement. Without registration, you
    can only collect statutory damages, though they can be fairly substantial.

  4. Guy Macon

    Guy Macon Guest

    Content-Transfer-Encoding: 8Bit

    Just for reference, here is a list of when copyrights run
    out in various situations. Corrections/comments welcome.


    DATE OF WORK: Published before 1923

    PROTECTED FROM: In public domain

    TERM: None


    DATE OF WORK: Published from 1923 - 63

    PROTECTED FROM: When published with notice [3]

    TERM: 28 years + could be renewed for 47 years,
    now extended by 20 years for a total renewal
    of 67 years. If not so renewed, now in
    public domain


    DATE OF WORK: Published from 1964 - 77

    PROTECTED FROM: When published with notice 28 years
    for first term;

    TERM: now automatic extension of 67 years for
    second term


    DATE OF WORK: Created before 1-1-78 but not published

    PROTECTED FROM: 1-1-78 (Effective date of 1976
    Copyright Act)

    TERM: Life + 70 years or 12-31-2002, whichever is greater


    DATE OF WORK: Created before 1-1-78 but published
    between then and 12-31-2002

    PROTECTED FROM: 1-1-78, (Effective date of 1976
    Copyright Act)

    TERM: Life + 70 years or 12-31-2047 whichever
    is greater


    DATE OF WORK: Created 1-1-78 or after

    PROTECTED FROM: When work is fixed in tangible
    medium of expression

    TERM: Life + 70 years [1] (or if work of corporate
    authorship, the shorter of 95 years from
    publication, or 120 years from creation [2]



    [1] Term of joint works is measured by life of the
    longest-lived author.

    [2] Works for hire, anonymous and pseudonymous
    works also have this term. 17 U.S.C. § 302(c).

    [3] Under the 1909 Act, works published without
    notice went into the public domain upon
    publication. Works published without notice
    between 1-1-78 and 3-1-89, effective date of
    the Berne Convention Implementation Act, retained
    copyright only if, e.g., registration was made
    within five years. 17 U.S.C. § 405.

    Source: Tom Field / Lolly Gasaway.
  5. Joe Seigh

    Joe Seigh Guest

    IANAL, but I believe that requirement for copyright notice applied to
    published works then. But I don't know whether PLA code was considered
    an expression that was copyrightable then or that distributing IC
    constituted publication even. You probably need a real IP lawyer
    to answer that. But since you're incurring the liablity here, it's
    your call.

    If you were considering putting this stuff under an opensource license
    it might be more problematic since you would not be the original author
    by your own admission. You'd probably want to document why you think
    the work is in the public domain.
  6. This seems to have emerged from another newsgroup so the context of the
    original question is not clear. However, I think that those who need to
    perform reverse engineering of anything (and I have done more than my fair
    share of it - by neccessity) should be on clear ground as far as IP issues
    are concerned.

    My own reverse engineering work was always for a client who owned the
    equipment and IP rights but had lost the documentation for systems that
    needed to be modified. If you are doing it for reasons other than that then
    the wicket is getting very sticky.

    Paul E. Bennett ....................<email://>
    Forth based HIDECS Consultancy .....<>
    Mob: +44 (0)7811-639972
    Tel: +44 (0)1235-811095
    Going Forth Safely ....EBA.
  7. Robert Baer

    Robert Baer Guest

    The Semiconductor Chip Protection Act is not relevant; the masks
    could be covered as works of art.
    As far as age goes, you are correct - if an item is old enough, then
    notice would be needed.
    Without registration, collection of statutory damages would be rather
    difficult as one would have to prove ownership and priority.
    Registration is equivalent to "overkill" proof.
  8. Pi

    Pi Guest

    So why not look at what they do, the functionality and re-create it
    with new parts? That way you avoid legal problems.

  9. I think maybe IDC in Arizona, (Phoenix), and MOSAID used to do a lot of
    this delayering and taking picture stuff. Else, anybody that is in the
    Failure Analysis business for Semiconductors. Lucky for you these are
    from a vintage that makes it conceivable to me. Doing what the chinese
    probably did to that crypto equipment on something modern is way beyond
    my scope.

  10. Clint Sharp

    Clint Sharp Guest

  11. I was referring to the US Electronic Intelligence or something plane
    that got kidnapped out of international airspace near china and forced
    to land. Got the crew back in a while. As I recall we got the airframe
    back in boxes. It was rumored the crew didn't have enough time to
    destroy all. Probably within last 10 or so years. Google should turn
    it up. EC137 may have been the aircraft type.

    I don't know what happened to the electronics but I can guess.

    del cecchi
  12. Kelly Hall

    Kelly Hall Guest

    A Chinese F-8 and a US EP-3 collided during an intercept; the F-8 was
    lost and the EP-3 performed an emergency landing at Hainan airfield. A
    fairly standard cock-up between great powers.

  13. And I'm certain that it wasn't deliberate just to hand bogus equipment to the Chinese. (Excuse me,
    somebody's knocking on my door.)
  14. the theme for this episode of Jag:

    though the ending is a bit different ;)

Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day