"Jock" <ian.mcneil@nospam.com> wrote in message
news:cjrr8p$bt5$1@rdel.co.uk...
> Is it possible to take the FPGA.hex file, for example and given that you
> know the device, reverse-engineer it into either it's CLB map or back to
> it's high-level HDL code?
everything is possible if there is a commercial gain from doing it.
usually there isnt.
antti
Reply by Austin Lesea●October 4, 20042004-10-04
Jock wrote:
> Is it possible to take the FPGA.hex file, for example and given that you
> know the device, reverse-engineer it into either it's CLB map or back to
> it's high-level HDL code?
>
>
Austin replies:
In a word, yes.
Given that with the FPGA_Editor tool you can create test designs (a
single input through a LUT to a single output), you can eventually map
every bit to its corresponding function. The question here is time.
Once you have a hardware FPGA_Editor view of the design, you still do
not have the HDL representation.
The HDL is similar to a high level programming language like c++, but it
is dissimilar in that synthesis tools perform logic optimization. The
original HDL to the bitstream is a 'many to one' mapping. Many
different HDL designs could result in an identical bitstream.
So one can then examine the FPGA_Editor 'schematic' and reverse engineer
a HDL representation. One then verifies the HDL by synthesizing it, and
seeing how it matches the FPGA_Editor view.
Since there is no security in obscurity, the bistream in unencrypted
form is not considered secure. If someone wants to reverse engineer the
design, it might now be possible to do it without expending a lot of
time and money. If the obective is to clone the design without
analyzing it, or performing only enough analysis to change one or two
parameters (ie the clock divisor in the DCM) is quite simple.
But to steal the IP for a core, so you could implement it in an ASIC,
would be a difficult task to be sure. Do-able, but pretty tough. Might
be easier to just re-engineer the core and use the FPGA version to
verify it. That, at least, is legal.
It is almost certainly true that the reverse engineered HDL would not
look at all like the original source code, so copyright on the source
would be unenforceable. Copyright on the bitstream (or in China, a
mask), would be an enforceable way to take legal action against a clone.
Legal action is the last and worst remedy, so I suggest using
encryption if the IP is worth protecting.
There are a number of companies out there, who do reverse engineering
for a living. Sometimes it is for legal reasons (to see if a competitor
is infringing on a patent), and sometimes it is done because a company
loses its original design, and has to continue maintaining it. These
companies do not reverse engineer a design for illegal purposes
(otherwise they might be held liable in a lawsuit).
I would very much like to be able to apply a cost to reverse engineering
a FPGA, however, no one is willing to step up and state how much time
(or money) it took to reverse engineer a particular design. I can only
speculate.
Others on this board have proposed that there are better and faster
methods to get the design which I will refer to as 'social engineering'.
Austin
Reply by Jock●October 4, 20042004-10-04
Is it possible to take the FPGA.hex file, for example and given that you
know the device, reverse-engineer it into either it's CLB map or back to
it's high-level HDL code?