Hardwear.io Security Trainings and Conference USA 2026

  • 26th – 30th May 2026
  • Santa Clara Marriott, USA
Share:
Advanced

Integrated Circuits Reverse Engineering: ROM is your primary target

Training Objectives

The primary goal of our trainings is to provide security professionals and team leaders the skills, mindset and background information necessary to successfully perform the reverse engineering of Integrated Circuits (ICs), circumvent their hardware countermeasures and extract the data from them (Hardware and Firmware).

This intermediate training is focused on ROM memories as they often are the primary target of a security analysis at the transistor level. Rather than focusing on a particular device, the training was designed so it can be used as a starting point to deal with any type of ROMs.

As ROM content is encoded physically, it is possible to take pictures of the bits and convert them to a proper binary. Of course, chip vendors are using different techniques such as data scrambling to make these optical dumps not practical.

This training aims at giving a complete understanding of how ROMs are constructed at the transistor level and will describe how analyzing the circuitry can be done to extract scrambling information necessary for the reconstruction of a proper binary. Therefore, it starts with a theoretical sections where ROMs and their building blocs will be explained. This includes the different types of ROMs, the different types of bit encoding, the ROM circuitry (logic, row and column decoders). With that knowledge in mind, the attendees will then be working on the hands-on section which will consists in the extraction of a ROM from pictures only. The attendees will have the oportunity to work from Scanning Electron Microscope pictures and to follow a step by step approach to extract a binary using python, Fiji (imageJ), photoshop and HDL (Hardware Description Language) tools.

At the end of the session, attendees will be familiar with ROM technologies and will be able to adapt the acquired knowledge to real life scenarios.

Key Learning Objectives

Without being fully exhaustive, the learning objectives of the training are:

  • identify ROMs on pictures of an Integrated Circuit
  • understand the building blocs of a ROM
  • identify the ROM type
  • extract a raw binary from pictures using simple scripts
  • reverse-engineer standard cells and semi-custom cells
  • reverse-engineer control logic, row and column decoders to find out about internal scrambling
  • convert the raw binary to binary candidates using most common scrambling schemes
  • get the binary of ROMs
  • understand how to strengthen ROM designs
  • etc

Detailed Description

ROMs embedded in ICs are attractive targets because they may store cryptographic material, boot code, and hidden modes such as programming or test features. Understanding ROM contents enables activities ranging from extracting Flash data from inaccessible boot modes to conducting non-, semi-, or fully invasive security evaluations. These techniques are relevant to digital forensics, security assessments, and adversarial contexts.

Because ROM data is physically encoded, its bits are directly observable. With tools such as a Scanning Electron Microscope, both memory contents and control circuitry can be imaged, allowing sensitive information to be extracted at relatively low cost.

This hands-on training provides a deep understanding of ROM architectures and dumping techniques. It combines theory with practice, covering the circuits involved in ROM reading and applying this knowledge to real cases. Participants will analyze images to extract ROM data and reverse-engineer control circuitry, including scrambling mechanisms.

The theoretical part covers ROM structures and types, bit encoding and scrambling, and reverse-engineering of standard and semi-custom cells.

The practical part focuses on locating ROMs in IC images, extracting bits from SEM images using Fiji and Python, identifying ROM types, reverse-engineering decoders and control logic, and building HDL models of the memory. A VHDL testbench is then used to simulate ROM behavior and dump its content regardless of scrambling.

The course is structured progressively to reflect a reverse-engineering mindset, enabling attendees to develop their own workflows for future projects. It also addresses the current state of IC security and countermeasures, benefiting both chip designers and system integrators when evaluating device security.

Who Should Attend?

  • Forensic investigators in law-enforcement agencies
  • Pen Testers who want to assess the security of the embedded code, allowing for a complete hardware + Software evaluation
  • Digital ICs designers & test engineers
  • Engineers involved in securing hardware platforms against attacks
  • Team leaders involved in IC security and exploration as well as device security
  • Hardware hackers who want to become familiar with methods on ICs
  • Parties involved in hardware reverse-engineering and Vulnerability analysis

Prerequisites

For this training, micro-electronics prior knowledge is not mandatory. The attendees should nevertheless be familiar with python scripting and have some knowledge or understanding of HDL language. The training is designed in VHDL as it is closer to the actual design than verilog but people with verilog skills will have no difficulty to adapt to VHDL. To accommodate attendees with no prior experience with HDL (Hardware Description Language), the assignments are provided with scripts and files with blanks to fill.

Software & Hardware Requirements

To follow the training efficiently, the attendees are asked to come with a laptop with the following softwares installed:

  • Fiji or imageJ
  • python dev environment
  • photoshop (evaluation versions are ok)
  • ModelSim and Quartus Lite

All of these tools can be downloaded as open-source tools or as demo / evaluation software.

What You Get

The participants will be given slides that will cover the theoretical and hands-on sections. The hands-on section will be explained step by step with partial answers for attendees not familiar with the different used languages. Pictures will be provided as photoshop files.

Training Details

  • Date: 26th - 28th May 2026
  • Time: 9:00am to 5:00pm PDT
  • Venue: Santa Clara Marriott
  • Level: Advanced
Register Now

About Trainer

Olivier Thomas

Olivier THOMAS studied Electrical Engineering (EE) and subsequently worked for a major semiconductor manufacturer designing analog circuits. Then, Olivier began to work in the field of Integrated Circuit (IC) security as the head of one of the world’s leading IC Analysis Labs. The lab primarily focused on securing future generation devices as well as developing countermeasures for current generation devices to combat piracy and counterfeiting. During this time Olivier helped develop many new and novel techniques for semi- and fully-invasive IC analysis. He has an extensive background in all the Failure Analysis techniques and equipment necessary for accessing vulnerable logic on a target device. Combined with his experience as an IC design engineer, Olivier continues to develop techniques for automating the analysis process. These techniques are not only applicable to lower-complexity devices such as smartcards, which are the traditional targets for IC analysis, but they are applicable to modern semiconductor devices with millions of gates, such as modern System-on-Chips (SoCs). Olivier is the creator of ChipJuice, a software toolchain that efficiently operates the recovery of hardware designs, independently from their technology node, architecture.