Hacker News new | past | comments | ask | show | jobs | submit login

What does it take to reverse engineer the silicon? I thought I'd seen an project for automating it, but I can't find it.



Even reversing the silicon won't likely help— and, uhh. Reversing a state of the art CPU is not do-at-home stuff.

The reason it won't help is that the design is _explicitly_ microcoded. E.g. RDRAND triggers running loadable microcode which is supposed to read the real RNG and AES it. Maybe there is an unrelated "bug" that allows that microcode to be corrupted after some particular instruction sequence happens. All your investigation would turn up everything looking like normal.


It looks like the microcode is also encrypted. But perhaps that encryption could be reverse engineered from silicon? The Silicon Zoo tutorial noted that Pentium I-era chips were "easily viewable" [1], probably with optical microscopes. So perhaps some parts of some newer Intel processors can be done at home. So, the "plan of attack" (ha!):

* decap an Intel CPU and scan it

* decode the microcode encryption

* figure out how the hardware RNG works with the microcode (it's AES? ok.)

* and then analyzing the system of microcode and hardware for robustness and security.

Yeah, this is hand-wavey and probably incredibly implausible. But it seems like an interesting and challenging project or three.

[1] http://siliconzoo.org/tutorial.html


Ah. Some relevant information on reverse engineering silicon:

* Degate, a somewhat automated "aid in reverse engineering of digital logic in integrated circuits" - http://www.degate.org/

* Silicon Zoo offers a tutorial / background info on this - http://siliconzoo.org/tutorial.html

* A blog about IC reverse engineering - http://uvicrec.blogspot.com/ (from the owner of http://siliconpr0n.org/ , which is currently down)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: