Sorry, it's not quite on topic, and im dubious if my facts are correct, but isn't the CIC chip just a random number generator (with a fixed seed) that compares itself to another identical chip to check output values?

Can the ROM be in use when you're looking at it? Wouldn't electrons flow to a specific bit if you tried reading that bit? Wish I could help you more, some time ago I found a very technical site with a schematic diagram of EPROM but I'm having a very hard time finding it.

No, it doesn't really work like that. For a rough idea, you can consider the SEM like a microscope that uses a focussed electron beam shining on a surface, instead of focussing light coming off a sample like an optical microscope.

The schematics would have to be quite low level for them to be helpful, and even then I'd have to guess how they turned that into layers on the chip. The best would be something that explains the layer by layer processing creating a standard ROM cell (ie one bit in the ROM array). This is probably in decent "IC design" textbooks, but I don't own any.

EDIT: Wow, thanks for the info barawn. I'll check that out...

Nope, I was wrong.

There's a pretty classic paper on extracting data from supposedly "secure" systems from USENIX a while back - http://www.usenix.org/publications/library/proceedings/smartcard99/full_papers/kommerling/kommerling_html/ is the paper. ROM's quite possible.

The main problem, of course, is that most of the methods for extracting the data are chemical, rather than optical tricks, as the data is usually sublayered.

Don't suppose you can convince the lab to experiment with random chemical etching?

Plastic melts a quite a different temperature than silicon/gold correct?

Would not a really hot oven melt away the offending plastic casing?

(althought that may still leave a layer of muck on top of the chip.)

I was curious so I gave it a try and totally murdered a dsp-1 chip. The CPU is glued to a metal square about 1cm in width and is embedded into the cap of the chip. It's more or less just a thin layer of glass which breaks easily.

I remember seeing an episode of Ripley's believe or not a couple of weeks ago about a guy who has a hobby finding graffiti on Computer chips. Maybe he might be able to give us some insight into how he does it. I found his site on the internet and it seems he also does custom shots as well.

http://microscope.fsu.edu/micro/custom.html
http://microscope.fsu.edu/micro/contact.html

Well, here's some update info:

I used a file to go through some cheap logic chips to familiarize myself with the inside of a chip. One thing I never noticed before: look closely at the end of IC dip packages. There are two small copper dots on both ends. These are actually ends of leads that conenct to a copper backing on the silicon chip. I'm not sure what this is for, but one of my friends guessed it was just for cooling purposes. Sounds plausible.

The top of the silicon seems to have glass or something over it. No matter how careful I was (which isn't much considering I was using a file), I never succeeded in removing the silicon piece intact.

It turns out that one of my friends works in a lab that uses nitric acid (for cleaing samples) quite reqularly. It is 70% (by weight I assume?) so not the 98% all those articles you guys found. Also, the one article mentioned that it was very important that everything be done in a dry environment or the water would corrode metal contacts and the nitric acid would desolve it. I don't even understand what they are suggesting ... the acid is in water so what do they want people to do?

I took a D411 security chip and put it in a vial of the acid and set it outside. The pins started reacting a bit and the fluid turned a bit greenish. Hours later, I checked and not much changed (I could still read the label on the DIP chip even). I was hoping the heating here was only to speed up the reaction, but wasn't necessary. Apparently this isn't so. We put the vial in a pot of boiling water and it immediately turned red and started dissolving everything. I'm glad we did this outside, as it looked quite nasty and even from a distance the smell was noticable.

The pins and alluminum leads (I assume that's what that metal is) looked quite dissolved and destroyed. The actual chip and gold wires looked fine, but were covered in some junk still. Under a simple optical microscope, I could see the 'traces' on the chip and tons of "salt/junk" everywhere. I cleaned with acetone and water. Now I can see the chip surface decently.

I'm not sure what I'm looking at. I think it is the metal interconnect layer. There are some large arrays (like interlocking combs) but very very little of anything that looks "randomish" like a CPU core or anything. Basically the chip looks much much simpler than I expected. I'm not sure what to do now.

I'll try to find a place with an optical microscope with a camera so someone more knowledgeable can comment and hopefully teach me what the heck to look for. BTW, the features of the chip are much larger than I expected. With x100 magnification I can already see pretty much everything. At x400 I can see the traces much better and they have a regular rectangular pattern/impression in them. Not sure what that is for.

Even without a picture, can anyone comment/confirm what I am looking at?
If it is the metal interconnect layer, can I really remove the supporting structure with HF? If so, I'll try that next (I definitely want to take a picture of this layer before removing more though).

Wow this is fun!

Go there:
http://micro.magnet.fsu.edu/primer/index.html

It has gobs of microscopy info, and photo galleries as well.

Also, good job neviksti!

The human eye is amazing. That being said, digital cameras suck compared to it and here are some pictures:

MAD-1 (11.1 MB) - SNES memory address decoder from a cartridge

SN74AHCT08N (26.6 MB) - Quad AND gate

--------
Comments:

74AHCT08 - This was to help me see what some "standard" input/output stages for pins are. Also, to see if I have any hope of being able to understand the logic from the picture (turns out, probably not ... or at least not without much more info about the 'hidden' layers).
It is easy to see the four repeated sections that must correspond to the AND. But for completeness of this 'test case', the whole chip is shown with a series of zoomed in pictures. So feel free to check that out and see if you can understand the logic.

MAD-1 - sorry about the junk still on the chip. Not everything dissolved away. I'll have to try cleaning it again.
That being said, the MAD-1 is fairly bare.
Any idea what the large 'array' is? There are a couple of zoomed in pictures of it for you.

There is only one part that seems full of logic. I zoomed on this and referred to it as the 'complex'. Also, 4 lines coming from the top of the complex continue around the array ... but don't seem to connect to it (from what I can see).

--------
Besides vague questions above, I could use help with the following from someone knowledgeable:
Did I preserve the top layer of the circuit (metal interconnect + oxide?), or did that get taken away?
I am worried because the nitric acid completely destroyed the DIP leads.

Also, for anyone with the capability of reading these, I can take closer pictures (or much much easier, look with my eye for something specific). I wish everyone could see it in the microscope; it is so much clearer.

I was originally going to use the chips as a fun way to train myself on the SEM. But I haven't been able to get time on it yet. So, I've been just looking at stuff with optical microscopes (which is all you really need for this kind of stuff).

So the answer is: yes ... well sort of. The first microscope I looked at it with was just an ordinary cheap microscope. The difficult part was correctly illuminating the surface, and also moving the chip around when looking at higher magnification.

The microscope I used to take those pictures had a nice translating stage and illuminated the sample through the collumn/lense itself (as well as having a polarizer for the light ... but I still don't fully understand, or know, if that really helps much). The nice illumination makes all the difference. I couldn't see nearly as much detail with the first microscope.

Is there a place where people can buy small quantities of nitric and HF acid? If so, then maybe several of us can look into this "manual ROM reading" stuff.

Update:

Well, I got impatient and decided to go straight to the DSP1(b).

Here's an overview picture of what the whole chip looks like: overview

I believe the two dark bars in the upper left are the data ROM, and the two larger dark bars in the upper middle are the program ROM.

I'm not sure what the large two dark bars in the lower left are. The individual cells look way too simple for SRAM. Maybe it's the multiplier (just a huge array of shift+add?). Here's a picture: ??Multiplier??

The large array in the bottom center looks to me like it might be SRAM. But maybe this is actually the multiplier. Picture: ??SRAM?? You can see 4 of the "cells" that are repeated constantly in this array (the other stuff right through the center is just part of a bus and connections to it I think). The "cell" here looks complicated enough that I might believe there are the 6 or so transistors needed for a flipflop in there.

Anyway...

Here's a zoom in on some of the ROM:
ROM before etch

I had trouble etching the layers nicely away with HF. I let it soak for about 15min and there was still a lot of metal lines left. So I had it sonicating in the acid for 45 more minutes and there is still a lot of stuff. Maybe it just takes a really long time?

Here's some of the ROM with the upper layers still hanging around:
ROM not fully etched

Here's a region where the upper layers went away quite nicely.
ROM with top layers gone

You can view all other miscellaneous pictures if you want: picture directory

As you can see, I can not read the data out from this. Maybe it is one of those "ion selective" type ROMs that was mentioned earlier in those papers you guys found. They refer to "ion selective 'staining'" so that the ROM data may be seen visually. How in the world do I do that?

If I ever get time on the SEM, it is possible that the differently doped material will scatter electrons differently enough that I could see the ROM data there ... but I don't really know what to expect from the SEM.

Any ideas of where to go now?

I checked and it's not at any of the libraries around here ... and the book is too expensive to get just for one passage. There has to be something on the internet, but I must be searching for the wrong keywords because I haven't found much of anything yet.

I think you're right about the two ROM locations. The size difference is about what I would expect between the two. The program ROM looks to be twice as high (1024 vs 2048) and 50% wider (16 bits vs 24 bits). I think the lower left array might be the RAM though, it's too regular, too much like a memory array to be anything else. I'm guessing it takes up more area because the RAM cells use many more transistors than the ROM cells.

It could be tricky to extract the program ROM data if the ROM uses implants which can't be visually detected. Mod the PC to ignore loads so it increments sequentially and read each of the 24 data bits out one by one with a well placed probe? I'm not seeing much of an option. I thought about attempting to hijack the execution with code inserted into RAM (or somewhere else) but that won't work because it looks like the PC only pulls from the program ROM, and how would you insert it into RAM anyway?

It was once suggested to me that it was very likely that NEC had a backdoor mechanism to test chips with that could be used to recover the rom data. This would make sense because otherwise how could they verify the chips were good? Even if there were such a mechanism, what would the effort involved in deciphering it be? I don't know.

It's cool to see pics of the chip.

I might be able to help with getting a chip decapped that's still usable. Without a probing station our options are more limited.

I have similar trouble. I do know a couple of people who are in a position to know this. I could ask a few specific questions but it's unlikely I'll be able to get them to devote a large amount of time to study it.

If you look at the ROMs (and RAM) you should see at the ends of the blocks a much smaller block of circuitry. This is the decoding logic for the ROMs and probably also the bus interface. If you look on the other side of it I think you'll find the data and address busses.

You're better off than me. If I want a FIB it's likely I'll have to hire it out. A FIB (Focused Ion Beam) deposits a conductive material across the die from one point to another which has the effect of adding a wire to the chip, making a connection where there wasn't one before which sometimes can be quite helpful. When chip companies make new chips they typically put some spare gates on the chip (if they have room) so that if there is a small problem they can connect up some of the spare gates, usually first with a FIB, then with a metal change, to see if they can correct the problem. A FIB is similar to routing a new trace across a PCB. If you can find a path that doesn't cross existing traces you can do it.

Unfortunately no. We do have a lot of the equipment but I don't have access to it and I don't know the people who work there. I might be able to get a couple of chips decapped, or maybe not.

Selective staining? Is that to see the implants? The people that probably know, I don't know. I do know one guy who might know. I'll check with him.

Here's a nice doc that explains NAND and NOR ROM.
http://www.csse.monash.edu.au/courseware/cse3142/Lnts/C08.pdf

---------
Well, I got time on the SEM today. It took me awhile just to get some decent images to show up. Then I played with some settings (mainly just the beam voltage) trying to enhance the distinction of the rom bits. The distinction looks much better than in the optical microscope, but to be honest, I'm still not sure if I'm really measuring what we're hoping for.

The image is the # of secondary electrons measured when the beam is focused on that point (the beam is rastered across the sample). The brighter a region, the more electrons that were measured at that point. To be fair, there are still some backscattered electrons being picked up as well (from my understanding, secondary electrons are ones that are ejected from the sample where as backscattered electrons refers to beam electrons that scattered off the surface... thus the secondary electrons have much less energy). My hope was that at low enough beam voltage, there would be an appreciable difference in the number of ejected electrons from an N doped region as opposed to a P doped region. Which would effectively allow us to read the bits directly from the image.

Pictures:
Overview

Close up of me working my way through the entire left DataROM array -
img1
img2
img3
img4
img5
img6
img7
img8

Here's what's left of the circuitry at the bottom of the array -
img1
img2
img3
img4

You can check out some other pics here:
(In particular, what the contrast/image quality is at different voltages.)
picture directory

My current impressions:
The two DataROM arrays are the upper and lower 8 bits (not sure which is which yet).
The large 'transistors' at the top of the array are the pull up transistors.
The address decoder is the circuitry at the bottom of the array.
So the data is "vertical" is the pictures.

I haven't taken time to actually try to match up the data with the pictures yet. I'll probably give it a try after dinner.

Let me know if anyone figures out how the data is alligned in there. (In case you don't know, the DataROM is already know and can be seen here.)

EDIT: Please note that unlike a top illuminated optical miscroscope, the junk on the surface will actually cast shadows in a particular direction in SEM images. So the bits "behind" junk may appear artificially dark.

EDIT(2):
The array -
collumns: 64 (8, 8,8 8,8 8,8
rows: 128+8 (16,16,16,16,16,16,16,16,

The extra 8 rows must be additional parts of the address decoder.
I don't see any pattern here ... so we probably failed in retrieving the data we wanted.