Decapping Chips the Easy Hard Way presented at DEFCON 2013

by Zac Franken, Adam ( Major Malfunction ) Laurie,

Summary : For some time it has been possible to discover the inner workings of microprocessors with the help of a microscope and some nasty chemicals such as fuming nitric acid. However, unless you have access to a university or work science lab, this is beyond the reach of most hackers, and, even it were to be attempted, difficult and potentially extremely dangerous.
In this talk we will go through our own adventures in tackling the issue from the point of view of the back-room hacker/researcher, and how we have solved many of the problems using only tools and devices that were freely and cheaply available from online sources such as Ebay.
There is also the secondary problem of what to do with the chip once you've decapped it. For example: if you've taken microscopic images of a masked ROM, in theory you can extract the code, but in practice you're looking at thousands of tiny dots, each of which represent a 0 or a 1, which, once correctly read and compiled into HEX, will represent the original byte code. Many projects (e.g. MAME) have used crowd-sourcing as a means of converting the images by eye, but we will present a software tool that semi-automates this process and we'll demonstrate how what was once the works of tens if not hundreds of hours can be reduced to a few minutes.