# **Degate**

The stakes and challenges of silicon reverse engineering https://www.degate.org

#### D. Bachelot<sup>1</sup>

<sup>1</sup>ESIEA NEVERHACK

FSiC 2024,

June 20, 2024



### Who am I?



#### Dorian Bachelot<sup>1</sup>

- Currently a Lead Product & Software Architect in Cybersecurity/AI at NEVERHACK<sup>2</sup>.
- Previously a master student doing research on hardware reverse-engineering at ESIEA<sup>3</sup>'s CNS laboratory.

Degate

• Main maintainer of Degate (since 2018).



<sup>1</sup>https://dorianb.net

<sup>&</sup>lt;sup>2</sup>https://neverhack.com

<sup>3</sup>https://esiea.fr

- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- 3 MIFARE Classic Chip Reverse Engineering Case
- Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- MIFARE Classic Chip Reverse Engineering Case
- 4 Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





FSiC 2024, June 20, 2024

- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- MIFARE Classic Chip Reverse Engineering Case
- 4 Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





## What is Silicon Chips RE?



Same idea than with software RE (from binary, to assembly and to code), chips RE go from silicon, to images, to transistors, to gates, to netlist and to algorithm.

With proper preparation and knowledge, we can go into silicon, analyze transistors, retrieve gates/wires/vias and reconstruct implemented algorithms. This can be used to analyze old hardware, build software emulators, search for vulnerabilities and backdoors, break/test a protection, secret extraction or check intellectual property.

Used in IC industry for fault/failure detection & analysis, but not at the same scale



#### How to Access Silicon?

Can be very costly (plasma & laser) and destructive... But also accessible with simpler methods (like chemical/mechanical). More on [4].

- **Decapsulation** (heat, acid, mechanical, plasma, laser...)
- **Delayering** (chemical, abrasive, laser, plasma...)
- Cleaning (ultrasound, acid...)











### How to Retrieve Images?

Using each layer (invasive) or directly using the chip (non-invasive):

- Take very-high resolution images from **optical microscope** (basic, confocal);
- Scan from an **electron microscope** (SEM, TEM...) ;
- Generate a 3D model using **electron tomography**;









## How to Perform the Analysis?

#### Overview:

- Choose a zone of interest,
- Identify each gate type, annotate, and place in a "gate library",
- Find other gates instance from gate library,
- Link gates by tracing wires and vias,
- Export to **netlist** (e.g. by translating each gate to VHDL/Verilog code).







### How to identify a transistor?

- Search, at transistor layer, for doped zones.
- Spot the zebras.
- Use logic to identify the type of each transistor (e.g. PMOS are bigger to compensate with lower hole mobility).
- Search for wires (to identify inputs and outputs).

(Inverter, Wikipedia)









(PMOS [10])

# How to Identify a Gate?







#### NAND gate!









## How to Retrieve the Netlist from Analyzed Gates?

```
module isrflipflop(q.qbar.clk.rst.sr):
    output reg a:
    output gbar:
    input clk. rst:
    input [1:0] sr:
    assign qbar = ~q:
    always @(posedge clk)
    begin
        if (rst)
            a \le 0:
        else
            case(sr)
                 2'b00: q <= q:
                 2'b01: a \le 0:
                 2'b10: a <= 1:
                 2'b11: a \le 1'bx:
            endcase
    end
endmodule
```

- Each gate can be described with hardware description language (HDL), like Verilog or VHDL.
- Wires & vias can also be described.
- That's all we need to obtain the netlist!

We can, from HDL, simulate the extracted netlist and find incoherence (example with gtkwave below):



# How to Get the Algorithm/Specification from Netlist? [3]

After retrieving the **netlist**, we are left with a **huge and "unorganized" number of gates**. The **specification discovery** phase aims to **retrieve IC's algorithm/functionality** from the extracted netlist.

Using specific algorithms you can automate some phase:

- Partitioning of the netlist (to retrieve a semblance of "code" structure).
- **Recovery** of the registers (*if applicable*).
- **Identification** of the extracted "groups" (partitions) of the netlist.
- Construction of a library of netlist components from the identified "groups".

These algorithms need to allow some degrees of error from the netlist extraction. This phase is  $\sim$ analogous with duplicated, standard & library functions identification for software engineering. A nice open source tool for this is  $HAL^4$  (compatible with Degate's outputs!).

<sup>&</sup>lt;sup>4</sup>https://github.com/emsec/hal

### To Summarize





[2]

- Chips Reverse Engineering
  - Introduction
    - Challenges
- 2 Degate
- 3 MIFARE Classic Chip Reverse Engineering Case
- Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





FSiC 2024, June 20, 2024

# Cost Perspective (1/2)

**Costly solutions will give best results**, and sometime reduce the difficulty for analysis software:

- Decapsulation/delayering: plasma, laser, FIB;
- Imaging: Scanning Electron Microscope (SEM), other electron microscope (TEM, STEM, LEEM, PEEM...);
- 3D modelization: electron tomography (3D);

Simpler methods rely on **mechanical & chemical** decapsulation/delayering and **optical microscopes** to obtain **very-high resolution but imperfect images**. Using images is more challenging: **color channels**, **impurity/damage/dust**, **single dimension**, **stitching**, **resolution**, **laborious work**...



# Cost Perspective (2/2)

**Chip samples cost** are also to consider (when doing invasive analysis, you'll maybe need multiple samples of the chip).

Compared to software reverse engineering, there is a **lot more costs associated**, and a **higher entry barrier**.



A new SEM microscope can cost from 70k\$ to over 1M\$. Used instruments can cost from 2,5k\$ to 550k\$. Resolution may vary a lot.

And that's **just for imaging**!



(Umeå University)

## **Analysis Perspective**

- Newest chips have ~3nm transistors and billions of them!
- Need automatic gate recognition, wire tracing and netlist reconstruction, which a human can't handle alone.
- Resulting images can be **millions of pixels large** (*width* > million pixels)!
- How to perform template matching/image recognition on such gigantic images?
- How to handle all possible formats (images, multi-layered images, SEM images, 3D tomography...)?
- There are so many steps where that can go wrong, or a small error slips into the analysis...
- Non-planerized IC exists (non repeated standard cells)!
- And what about obfuscation?





## Human Perspective

 Need a highly technical level in several disciplines, this will help for error spotting, choosing a zone of interest and more.

Need to understand "silicon" (how IC are made) and have low-level electronic

knowledge.

 Have the necessary equipment available.

- Be persistent and patient.
- Practice.
- And Have time!





## Importance for Cybersecurity

How can we trust software if we can't trust hardware (e.g. "specialized" ASIC)?

- Is there any vulnerability in the hardware implementation of an algorithm (e.g. crypto standard with predictable initialization, bad randomness...)?
- Is there any **hardware Trojan** (e.g. placed by the foundry)?
- If there is a vulnerability/backdoor, patching is impossible, far more impactful than software vulnerabilities.

Some examples of vulnerabilities found thanks to silicon RE:

- Legic Prime, NXP Hitag2, DECT DSC, CryptoRF, Atmel CryptoMemory & NXP Mifare Crypto-1 ( $\sim$ 2008, Nohl et al): weak (or potentially weak) cryptographic ciphers.
- Undisclosed ones?



#### Available Tools & Products

#### Commercial products:

- **CHIPJUICE**: Extracting Data from Highly Encrypted ICs.
- Internal tools: for sure, there is a lot of them.

#### Open Source tools:

- Degate
- psxrev: SONY PlayStation PCB/chips reverse engineering.
- Deroute: Tool for untangling wires.
- **dietools**: Series of tools for die shot reverse-engineering.



(Texplained)





- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- 3 MIFARE Classic Chip Reverse Engineering Case
- 4 Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





FSiC 2024, June 20, 2024

#### Introduction

**Degate** is a multi-platform software for semi-automatic **Very-Large-Scale Integration** (**VLSI**) chips reverse engineering of digital logic in chips.

- $\sim$  70k LoC
- Supports Mac, Linux & Windows,
- Qt based.
- Multi-language support,
- Gate definition.
- Gate template, via & wire matching,
- Rule checks.
- ..



## History

A long story, with technical debt and major IC evolution (in transistor count), along with a small community.



### Usage

Degate help to reverse VLSI chips by creating an analyzed gate library, doing template matching to find gates instances from this library, matching wires & vias, exporting netlist and navigating really huge images.

Focus on **modern ICs** with **standard cells**, and supports **any 2D capture/imaging method** (SEM, optical...).







Overview of the chip, for zone of interest selection.

A sub-project can then be created on the zone of interest, and specific layers can be added (independent from the rest).



FSiC 2024, June 20, 2024



Each sub-project can contains multiple layers (pre-aligned images).

Two project mode: 1. For smaller images, will convert each images in Degate's format (for fast access) and 2. New (WIP, beta) mode for huge images (load only partial tiles in RAM, and doesn't change/import initial file).



Each gate can be described with VHDL/Verilog, have a list of port (placed on image), a type associated etc.





Each identified gate (from the gate library) can be matched manually or using template matching algorithms.







Template matching (will soon be ported to OpenCV) will use gate library to automate gate identification.

Currently it uses normalized cross-correlation (with some more steps).



FSiC 2024, June 20, 2024



Wire matching, and specifically port interconnection, is the real challenge (and very error prone).

Currently it uses zero crossing edge detection.





Helpers are available, like rudimentary (but to be improved) rule checking (e.g. for coherency).







Everything can be organized in "module", exported individually (in Verilog/VHDL), etc...
"Divide et impera".





## **Engineering Challenges**

- Gate template, wires & vias matching.
- Very huge images handling.
- Error recovery/acceptance/identification.
- Multiple possible image format (e.g. .tiff, .png...)
   & image source (e.g. SEM, confocal...).
- 10+ years **old software** (mix of old & new C++).
- Collaborative analysis.
- Integrated gate analyzer.
- Explicit full **netlist exporter**.















### Research Challenges

- **3D** capture, imply rethinking Degate (New 3D mode? New software? Really accessible?), and **new algorithms** (e.g. for matching, tracing and gate identification).
- Machine learning/better algorithms for:
  - Auto-vectorization :
  - Gate auto identification (from vectorized analysis);
  - Gate auto wiring;
  - Auto vias & wires identification.
- Take advantage of certain capture methods such as SEM which makes automation easier.
- Making the field more accessible (more automation, new abstractions for analysis, communication...).
- Use Degate for advanced analysis and published results.



#### Contributions



#### **Dorian Bachelot**

- Rewrote  $\sim 70\%$  of Degate since 2019.
- Port from GTK to Qt, and added support for Windows and MacOS.
- Improved rendering, internationalization, gates handling, stability, usability, automation, continuous integration...
- Wrote a "full" user documentation and 5 vulgarization articles around IC reverse-engineering (in french)
- Did some (private) analysis: labs are very strict & security related findings are...
- Reworked the old image handler/importer, and created a new one (for very huge images).
- Try to (re)activate the community, preparing to launch new works on ML & other things.



- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- 3 MIFARE Classic Chip Reverse Engineering Case
- 4 Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





## MIFARE Classic Chip [2]

- RFID card from NXP launched in 1994.
- Used the Crypto1 cypher (until MIFARE Classic EV1, that are using Hitag2 cipher).
- Proprietary encryption algorithm (stream cipher), security by obscurity.
- Cryto1 cipher is only implemented in hardware.
- Used (back in 2008) in more than 3.5 billions cards (including many building access control systems).

A huge target with a suspicious cypher and security standards?





## Degate's origins [5]



- K. Nohl & Starbug reverse-engineered the Cyrpto1 cypher from MIFARE Classic chips in 2007.
- Used acetone to dissolve the RFID cards.
- Used manual polishing for delayering.
- Image a total of 6 layers.
- Identify zone of interest, searching for 48-bit register & group of XOR gates.
- Used standard optical microscope (500x) & hugin tool for stitching.
- Identified around 70 types of gates.
- Used home-made scripts (which became the base of Degate) for template matching to identify all gates.
- Manually reconstructed connections between gates.
- Made a script to help detecting wires & vias.



# Consequences [5]

- Using the reverse-engineering results and protocol analysis, authors found multiple weakness in the cipher:
  - The cipher is vulnerable to brute force attack, key is too small.
  - RNG is predictable, it uses a 16-bit LFSR (linear feedback shift register) initialized with constant value and reset at each power-up.
  - There is only one secret key for each ID that can result to a specific session key, and all shifts are linear.
- Meaning that just by sniffing interactions with the card and the reader, we can compute the key and retrieve all the data of the card.
- NXP release a retro-compatible & "hardened" version of the Cipher (Hitag2), which was also weak, MIFARE Classic were "discontinued" in 2015



- Authors analyzed other RFID devices after.
- Degate was created from this analysis, used for other RFID devices reverse-engineering and open-sourced in 2008.





- Chips Reverse Engineering
  - Introduction
    - Challenges
- 2 Degate
- MIFARE Classic Chip Reverse Engineering Case
- Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





### Future of Chips RE

- Simpler and cheaper IC capture (decap & delayer).
- Making the field more accessible (communication, more real-life and useful example/reference analysis...).
- Shared and open library of chips captures (~zeptobar & siliconpr0n + SiliconZoo).
- Machine learning to automate even more analysis steps (gate identification, wire extract, algorithm retrieving & analysis)?

There is 2 EU projects running around ICs reverse-engineering, but no information on tools, process and analysis sharing.









- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- 3 MIFARE Classic Chip Reverse Engineering Case
- 4 Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





#### References I

- Mirko Holler, Manuel Guizar-Sicairos, Esther H. R. Tsai, Roberto Dinapoli, Elisabeth Müller, Oliver Bunk, Jörg Raabe, and Gabriel Aeppli.
   High-resolution non-destructive three-dimensional imaging of integrated circuits.
   Nature, 543(7645):402–406, March 2017.
- [2] Starbug Karsten Nohl.
  Pacsec silicon conference.
  2009.
- [3] Nils Albartus Ran Ginosara Avi Mendelson Leonid Azriel, Julian Speith and Christof Paar. Azriel and julian speith and nils albartus and ran ginosara and avi mendelson and christof paar.
  - Cryptology ePrint Archive, Paper 2021/1278, 2021.



#### References II

- [4] John McMaster.
  SiliconprOn, https://siliconprOn.org/.
- [5] Karsten Nohl, David Evans, and Henryk Plotz. Reverse-Engineering a Cryptographic RFID Tag. page 9.
- [6] Martin Schobert.
  Gnu software degate.
  Webpage: http://www.degate.org.
- [7] Berlin Security Research Labs.
  Siliconzoo, http://siliconzoo.org.





#### References III

- [8] Ken Shirriff. Ken shirriff's blog, https://www.righto.com/.
- [9] Mikhail Svarichevsky.Zeptobars, https://zeptobars.com/en/.
- [10] Zonenberg Andrew Yener Bulent.
  Csci 4974/6974 hardware reverse engineering, 2014.





- Chips Reverse Engineering
  - Introduction
  - Challenges
- 2 Degate
- 3 MIFARE Classic Chip Reverse Engineering Case
- 4 Future of Chips Reverse Engineering
- 6 References
- 6 Bonus





# Which gate is this?



