34th Chaos Communication Congress

»Reverse engineering FPGAs«
2017-12-28, 13:00–14:00, Saal Clarke

In this talk I describe the basic makeup of FPGAs and how I reverse engineered the Xilinx 7 Series and Lattice iCE40 Series together with the implications.

FPGAs are used in many applications ranging from networking, wireless communications to high performance computing, ASIC prototyping and so forth.

They would be perfect to create true open source hardware but we would still be bound to use proprietary toolchains provided by the manufacturers.

To generate a valid configuration file this toolchain needs to know every single wire, switch, possible connection, logic block and the corresponding bits to configure each them.

In other words you are required to have the blueprints of the FPGA in your toolchain to be able to do the place&routing and generation of the bitstream file from your netlist.

Naturally manufacturers do not like to disclose this information, possibly because someone could reverse engineer valuable intellectual property cores.

I will explain each component used in FPGAs from Lattice and Xilinx, like switchboxes, the interconnect, logic blocks, memory blocks.

Furthermore I will talk about how I reverse engineered the 7 Series from Xilinx and the iCE40 from Lattice.

At the end I will demonstrate how to create your own bitstream by hand, implementing a small logic circuit and testing it live on a Zynq 7000 FPGA from Xilinx.

Speaker