# Degate

The stakes and challenges of silicon reverse engineering https://www.degate.org

**D.** Bachelot<sup>1</sup>

**HTB Meetup Rennes**,

September 05, 2024



◆□▶ ◆□▶ ◆三▶ ◆三▶ 三三 - のへで

Who am I?



#### **Dorian Bachelot**<sup>1</sup>

- Currently on the job market (contact at pro@dorianb.net).
- Previously a master student doing **research on hardware reverse-engineering** at ESIEA<sup>2</sup>'s CNS laboratory.

Degate

• Main maintainer of Degate (since 2018).



<sup>2</sup>https://esiea.fr

D. Bachelot



2 Degate

3 MIFARE Classic Chip Reverse Engineering Case









# Chips Reverse Engineering Introduction

2 Degate

3 MIFARE Classic Chip Reverse Engineering Case

#### 4 References

5 Bonus



э



イロト 不得下 イヨト イヨト

# Chips Reverse Engineering Introduction

2 Degate

3 MIFARE Classic Chip Reverse Engineering Case

#### 4 References

5 Bonus



э



イロト 不得下 イヨト イヨト

# What is Silicon Chips RE?



Same idea than with software RE (from binary, to assembly and to code), chips RE go from silicon, to images, to transistors, to gates, to netlist and to algorithm.

With proper preparation and knowledge, we can go into silicon, analyze transistors, retrieve gates/wires/vias and reconstruct implemented algorithms. This can be used to analyze old hardware, build software emulators, search for vulnerabilities and backdoors, break/test a protection, secret extraction or check intellectual property.

Used in IC industry for fault/failure detection & analysis, but not at the same scale.



#### How to Access Silicon?

Can be very costly (plasma & laser) and destructive... But also accessible with simpler methods (like chemical/mechanical). More on [4].

- **Decapsulation** (heat, acid, mechanical, plasma, laser...)
- **Oelayering** (chemical, abrasive, laser, plasma...)
- Oleaning (ultrasound, acid...)



Degate

# How to Retrieve Images?

Using each layer (invasive) or directly using the chip (non-invasive):

- Take very-high resolution images from optical microscope (basic, confocal) ;
- Scan from an electron microscope (SEM, TEM...) ;
- Generate a 3D model using electron tomography ;



#### Introduction

# How to Perform the Analysis?

Overview:

- Choose a zone of interest.
- Identify each gate type, annotate, and place in a "gate library",
- **③** Find other **gates instance** from gate library,
- Link gates by tracing wires and vias,
- Second Export to **netlist** (e.g. by translating each gate to VHDL/Verilog code).





#### How to identify a transistor?

- Search, at transistor layer, for doped zones.
- Spot the zebras.
- Use logic to identify the type of each transistor (e.g. PMOS are bigger to compensate with lower hole mobility).
- Search for wires (to identify inputs and outputs).





 $\Rightarrow$ 

Degate

## How to Identify a Gate?



P & N zones and 2 inputs

V+ & V-, and output



NAND gate!

| A | В | Y |
|---|---|---|
| 0 | 0 | 1 |
| 1 | 0 | 1 |
| 0 | 1 | 1 |
| 1 | 1 | 0 |



э

(a) < (a) < (b) < (b)

D. Bachelot

# How to Retrieve the Netlist from Analyzed Gates?

```
module isrflipflop(q.qbar.clk.rst.sr);
    output reg q:
    output gbar:
    input clk. rst:
    input [1:0] sr:
    assign gbar = ~q:
    always @(posedge clk)
    begin
        if (rst)
            a \leq 0:
        else
            case(sr)
                 2'b00: q <= q:
                 2'b01: a \le 0:
                 2'b10: a <= 1:
                 2'b11: a \le 1'bx:
            endcase
    end
endmodule
```

- Each gate can be described with hardware description language (HDL), like Verilog or VHDL.
- Wires & vias can also be described.
- That's all we need to obtain the netlist!

We can, from HDL, simulate the extracted netlist and find incoherence (*example with gtkwave below*):



# To Summarize



D. Bachelot

#### HTB Meetup Rennes, September 05, 2024 13 / 35

# Chips Reverse Engineering Introduction

#### 2 Degate

3 MIFARE Classic Chip Reverse Engineering Case

#### 4 References

5 Bonus



э



イロト 不得 トイヨト イヨト

## Introduction

**Degate** is a multi-platform software for semi-automatic Very-Large-Scale Integration (VLSI) chips reverse engineering of digital logic in chips.

- $\sim$ 70k LoC
- Supports Mac, Linux & Windows,
- Qt based,
- Multi-language support,
- Gate definition,
- Gate template, via & wire matching,
- Rule checks,

Δ ...





#### History

A long story, with technical debt and major IC evolution (in transistor count), along with a small community.



D. Bachelot

#### Usage

Degate help to reverse VLSI chips by creating an analyzed gate library, doing template matching to find gates instances from this library, matching wires & vias, exporting netlist and navigating really huge images.

Focus on modern ICs with standard cells, and supports any 2D capture/imaging method (SEM, optical...).





Overview of the chip, for zone of interest selection.

A sub-project can then be created on the zone of interest, and specific layers can be added (independent from the rest).

| 6    |          |
|------|----------|
|      |          |
| _ 11 | degate o |
| _    |          |
|      |          |





Each sub-project can contains multiple layers (pre-aligned images).

Two project mode: 1. For smaller images, will convert each images in Degate's format (for fast access) and 2. New (WIP, beta) mode for huge images (load only partial tiles in RAM, and doesn't change/import initial file).

degate



Each gate can be described with VHDL/Verilog, have a list of port (placed on image), a type associated etc.

| 6 |          |
|---|----------|
| - | degate   |
|   | degate p |
|   |          |





Each identified gate (from the gate library) can be matched manually or using template matching algorithms.



3

イロト 不同 ト 不同 ト 不同 ト



Template matching (will soon be ported to OpenCV) will use gate library to automate gate identification.

Currently it uses normalized cross-correlation (with some more steps).



▶ < ⊒ ▶



Wire matching, and specifically port interconnection, is the real challenge (and very error prone).

Currently it uses zero crossing edge detection.

| 4  |        |
|----|--------|
| -+ | degate |

Degate

#### Degate

### Small Demonstration



Helpers are available, like rudimentary (but to be improved) rule checking (e.g. for coherency).

| 6    |        |
|------|--------|
| - +1 | degate |
|      |        |
|      |        |

3

イロト 不良 とうほう ういしょう



Everything can be organized in "module", exported individually (in Verilog/VHDL), etc... "Divide et impera".



A B A B A B A
 A B A
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 B
 A
 A
 A

Chips Reverse Engineering
 Introduction

2 Degate

#### 3 MIFARE Classic Chip Reverse Engineering Case

#### 4 References

5 Bonus



э



イロト 不得下 イヨト イヨト

# MIFARE Classic Chip [2]

- **RFID card** from NXP launched in 1994.
- Used the **Crypto1 cypher** (until MIFARE Classic EV1, that are using **Hitag2** cipher).
- **Proprietary encryption** algorithm (stream cipher), security by obscurity.
- Cryto1 cipher is only **implemented in** hardware.
- Used (back in 2008) in more than **3.5 billions** cards (including many building access control systems).







Degate

# Degate's origins [5]



- K. Nohl & Starbug reverse-engineered the Cyrpto1 cypher from MIFARE Classic chips in 2007.
- Used acetone to dissolve the RFID cards.
- Used manual polishing for delayering.
- Image a total of 6 layers.
- Identify zone of interest, searching for 48-bit register & group of XOR gates.
- Used **standard optical microscope** (500x) & hugin tool for stitching.
- Identified around 70 types of gates.
- Used **home-made scripts** (which became the base of Degate) for **template matching** to identify all gates.
- Manually reconstructed connections between gates.



• Made a script to help detecting wires & vias.

# Consequences [5]

- Using the reverse-engineering results and protocol analysis, authors found **multiple weakness** in the cipher:
  - The cipher is vulnerable to **brute force** attack, key is too small.
  - RNG is predictable, it uses a 16-bit LFSR (linear feedback shift register) **initialized with constant value** and reset at each power-up.
  - There is only one secret key for each ID that can result to a specific session key, and all shifts are linear.
- Meaning that just by sniffing interactions with the card and the reader, we can compute the key and retrieve all the data of the card.
- NXP release a retro-compatible & "hardened" version of the Cipher (Hitag2), which was also weak, MIFARE Classic were "discontinued" in 2015.



- Authors analyzed other RFID devices after.
- Degate was created from this analysis, used for other RFID devices reverse-engineering and open-sourced in 2008.



Chips Reverse Engineering
 Introduction

2 Degate

3 MIFARE Classic Chip Reverse Engineering Case







э

D. Bachelot



HTB Meetup Rennes, September 05, 2024 30 / 35

イロト 不得 トイヨト イヨト

#### References I

- Mirko Holler, Manuel Guizar-Sicairos, Esther H. R. Tsai, Roberto Dinapoli, Elisabeth Müller, Oliver Bunk, Jörg Raabe, and Gabriel Aeppli. High-resolution non-destructive three-dimensional imaging of integrated circuits. *Nature*, 543(7645):402–406, March 2017.
- [2] Starbug Karsten Nohl. Pacsec silicon conference. 2009.
- [3] Nils Albartus Ran Ginosara Avi Mendelson Leonid Azriel, Julian Speith and Christof Paar. Azriel and julian speith and nils albartus and ran ginosara and avi mendelson and christof paar.

Cryptology ePrint Archive, Paper 2021/1278, 2021.



#### References II

#### [4] John McMaster.

SiliconprOn, https://siliconprOn.org/.

- [5] Karsten Nohl, David Evans, and Henryk Plotz. Reverse-Engineering a Cryptographic RFID Tag. page 9.
- [6] Martin Schobert.
   Gnu software degate.
   Webpage: http://www.degate.org.
- [7] Berlin Security Research Labs. Siliconzoo, http://siliconzoo.org.



1 E K

#### References III

#### [8] Ken Shirriff.

Ken shirriff's blog, https://www.righto.com/.

#### [9] Mikhail Svarichevsky.

Zeptobars, https://zeptobars.com/en/.

#### [10] Zonenberg Andrew Yener Bulent.

Csci 4974/6974 hardware reverse engineering, 2014.





Chips Reverse Engineering
 Introduction

2 Degate

3 MIFARE Classic Chip Reverse Engineering Case







э



イロト 不得 トイヨト イヨト

# Which gate is this?



990

ж

D. Bachelot

Bonus