If serious, this just illustrates my point. With the technology to basically "zoom in" or "magnify" anything they want, and I believe use x rays if I am not mistaken, I thought it was VERY possible to do. It was mentioned previously that there are LAYERS and the more LAYERS the more EXPENSIVE it would be. Sort of ties into your thinking WulfyStylez of being very small.
I asked not to be a jerk, but to show that opinions differ. Then wanted to know your background.
I asked not to be a jerk, but to show that opinions differ. Then wanted to know your background.
The 3DS SoC is manufactured on a 45nm process. A chip at that fabrication size can be examined fairly good with just a regular scientific microscope. What, did you think people were just going to snap pictures of it with a regular DSLR? No. Or maybe you thought fabrication size meant the actual size of the chip? It doesn't, it's half the distance between components in a chip, so parts would be a full 90nm apart.
Also, we don't need to see individual transistors. We only need to see the relevant overall structure, the functions of the chip, not the transistors that make them up. These functions are many orders of magnitude larger, made up of many thousands of transistors each.
Also, a company that can do professional decapping is very much going to have the right tools to take close images of the chip, or else they would not make any damn business with it anymore since the decapping would be UTTERLY USELESS in this day and age, especially considering we have chips down to 22nm now and going lower next year.
We can tell 'the functions of the chip' just by looking at public docs.
As for 'can be examined fairly good with just a regular scientific microscope.': http://siliconzoo.org/tutorial.html
I'm a Ph.D. student in the field of Computer Engineering with a B.Sc. in the same.
During my undergraduate I focused on computer architecture and VLSI design. I actually reverse-engineered and then reconstructed the original GameBoy SoC for one of my courses.
Based on my experience, I tend to agree with this gentleman here (WulfyStyles). I believe there is very little to be gleaned from viewing the physical layout of the 3DS chip that could not already be surmised from official Nintendo documentation. And that stuff should be out in the wild for developers and etc.
It's not that the structures would be impossible to see or otherwise, it's that seeing them wouldn't really help you all that much.
Basically, it'll look just like any other chip.
You've provided no proof against it. He didn't claim you couldn't do it with current day processors, just that it's harder, and he also uses a 22nm CPU as an example. The 3DS is 45nm, more than twice the size. Not to mention any professional lab worth its salt, that deals in this kind of stuff, should have a scanning electron microscope for the job.
We're talking about thousands of dollars here. If they say they will be able to provide imaging of the chips, close enough to see the interconnects at least faintly, that would be more than good enough.
And no, you can read about the functions that Nintendo wants you to know about, by looking at the public docs, but not all of them, nor the flaws. And I'm not talking about the high level functions that utilize more basic functions to operate.
That's the point. How silly would it be if, N documents his keyscrambler? With decapping there is a chance to figure out how the keyscrambler works and it's possible to obtain the bootrom + KeyX. But that are the only interesting things.
You guys are all acting like you'd be able to just grab the pictures and go. Deciphering functionality from layout is incredibly difficult, and is a very rare skill to have. Even simple structures like a MUX or one-hot encoder end up looking insane - even more so with today's processes. You also have to consider that layout is performed by computers using complex algorithms, not humans, so the layout is super efficient, not super easy to read.
You would need many skilled people with Ph.D.'s in computer architecture and a lot of time (I mean years, working everyday) before having the physical layout of the chip would be of any use to you at all.
For reference, you can find the final presentation my group gave on the GameBoy CPU here. We discuss the layout in the presentation. The squares with the crazy, angular and colored lines represent what the chip would actually look like on die. Good luck figuring out what that does.
Also, decapping destroys the chip, and it is my understanding (also verified by a colleague whose research focuses on memory technologies) that you can not determine data stored in modern E- or EEPROM simply by viewing the structure.
- Joined
- Nov 15, 2011
- Messages
- 5,210
- Trophies
- 0
- Age
- 40
- Location
- Deep in GBAtemp addiction
- Website
- gbadev.googlecode.com
- XP
- 1,709
- Country
Public docs are fine and dandy but things like private encryption keys and signatures or boot ROMs burnt into the chip are not going to be in those. That's the kind of things you can't quite pull out of it by just looking at the top layer of the chip with a normal microscope. There's also plenty of stuff that's not in public docs. There are some documents that the manufacturer will only release to the buyer and when the contract states that the buyer can only be Nintendo ... you get the idea.
Totally off subject but I just want to say, mansonss, you're like the coolest guy ever. Just saying.
except talk is cheap...
Ontopic: Like others have said, while theres no downside to decapping, there may also be no upside. We just don't know until one is done.
The presentation was quite interesting. Definitely made me want to research the composition of these chips even more. But I just want to say that if man made it, man can tear it down. It might take years (such as the PS3) but it was still accomplished.
Talk is cheap. But this chip decapping is not lol.
Well, uh, thanks lol. Don't understand what I did, but yeah!
At any rate guys! I'm not certain when the money will be coming in, but it will be relatively soon. So until that happens (or someone gets to it before I do), just keep throwing some Ideas out there. It never hurts to state your opinion, positive or otherwise. Just don't get ignorant please. I will reply every once in a while and I will also be doing some research of my own. I know I'm not a prominent face in the 3ds hacking world, but hey, you never know what can happen. じゃあまたね
From my perspective it seems like this went above and beyond the complexity you were expecting when starting the project
Yup. And that was an 8-bit SoC.
Y-you mean to say I can't just throw a jpeg photo of the chip at IDA to get decompiled Verilog code instantly? Oh well, better start training a neural network now...
btw. your presentation is awesome
I personnaly cant see the jpg alone being useful, possibly if you were skilled in the art of decapping and were doing it yourself, if you take for instance the guy that hacked nagravision (http://www.wired.com/politics/security/news/2008/05/tarnovsky?currentPage=all) yes he got the encryption key from the card but that was from usign a scanning electron microscope and 2 pinpoint needles onto a databus to persuade it to give over the key. I cant imagine that any decapping company would be up for intentionally trying to retrieve encryption keys due to the legal backlash
What happened to the fundraiser?
http://n-dev.net/donate.php
The donation site isn't even availabe anymore.
http://n-dev.net/donate.php
The donation site isn't even availabe anymore.
Similar threads
-
- Portal
-
-
@
Psionic Roshambo:
Here on crazy farm we have milk from every mammal known to man, including man!+1 -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
