Senior Security Consultant at IOActive
Reverse Engineering of Programmable Logic Bitstreams
Despite their growing popularity, programmable logic devices do not have well-developed reverse engineering tools (at the same class as IDA or Radare). Although several projects have successfully reverse engineered undocumented bitstream formats, these efforts have largely focused on the development of open-source compilers. This talk provides an introduction to reverse engineering of circuit netlists from both LUT and PLA based devices, strategies for recovering higher level semantics from cell-level netlists, and methods of extracting bitstreams from locked devices. Full source code (3-clause BSD license) for all tools is provided.
Dr. Andrew Zonenberg is a senior security consultant at IOActive and works in the company's hardware lab researching Integrated Circuit (IC) security, IC reverse engineering, and embedded/hardware security. Andrew has a PhD in computer science from Rensselaer Polytechnic Institute, focusing on System on Chip (SoC) and Operating System security. During his time at RPI he designed and taught a new one-semester course on semiconductor reverse engineering.