Philipp Klaus Krause said:
PLDs like the ATF16V8B from atmel have security fuses to prevent
reverse-engineering.
How difficult and expensive would it be to reverse-engineer a device
where such a security fuse is used?
Possibly not very, but it depends. I suspect some of the other responders
have been thinking of reverse engineering the chip. I'm guessing that you
don't want to reverse engineer the chip, you simply want to read out the
data programmed into it. If so, don't reverse engineer the chip, just
replace the fuse.
The fuse material depends on the process - in modern CMOS processes, like
you're probably dealing with here, the fuse is most likely made from a
silicided poly layer. The fuse itself is a small section of poly - minimum
width and maybe 2x or 3x longer than it is wide. It's contacted on both ends
with a row of vias, with contacts extending up to M1, the first metal layer.
The poly can't be repaired, but the metal can be shorted with FIB - Focused
Ion Beam. Time on an FIB machine will cost you around $500 per hour, and
you're probably looking at 15 to 30 minutes to cut through the glass to
expose the metal, then deposit the new metal. Before you do that, you're
going to need to find where to make the repair. For that, you'll need
someone with a good microscope and a reasonable idea of what the circuits
look like. That will probably cost $100 per hour or more, and if you're
looking for a precise answer, you'll probably have to spend $1000 or more
for the engineer. If you're in luck, Atmel didn't cover their fuses with
metal when they were done with them, and you'll be able to find them and get
to them easily. If they did, you'll have to spend a little more time reverse
engineering the fuse circuit (but not the entire chip). You could probably
find out whether it's an easy or a hard job for less than $500, and if it's
an easy job, it could probably be done for less than $1000 total. If Atmel
made things a little more difficult to get to, it could cost much more.
-- Mike --