Inachis

Dumping a protected Altera EP900

2018-07-16

Summary

Code protection on the Altera EP900 EPLD (Erasable Programmable Logic Device) can be trivially bypassed with UV (Ultra-violet) light while preserving firmware with a nail polish UV mask, similarly to the Intel 8752.

It appears that the EP900 security bit is in an EPROM cell along side the cells used for storing its bitstream. This is unlike the Intel 8752 which has its security bit in a separate region. This requires extra care to avoid erasing parts of the bitstream while still erasing the security bit. Another difference from the Intel 8752 is that the EP900 requires an epoxy decapsulation.


Introduction

The Altera EP900 was manufactured in 1985 and is the successor to the EP300, manufactured in 1984, Altera’s first device.1 According to the datasheets, both offer a security bit to restrict reading out the bitstream.2 3

Altera EP900PC Package

Altera EP900PC Package

Also notable is that the EP900 was manufactured in an Intel fab.

Intel marker on EP900PC die

Intel marker on EP900PC die


Preparation

The first step is to generate a test pattern. A pattern of all 1’s might cause a latch-up of the PLD circuitry. Latch-up happens when a positive feedback transitor configuration is made, leading to shortening VCC and ground and potentially damaging the sample.

A test pattern with dispersed 1’s (four or more bits apart) throughout the programmable region is generated to reduce chance of latch-up. With the test pattern loaded in, the programmer reports a checksum of 0x2ED3 before applying code protection. After applying code protection, the programmer reads the bitstream as all 1’s and reports a checksum of 0x7684.

Even though the EP900 is erasable via UV, I only have epoxy samples, which do not have quartz windows. Decapping of the epoxy packaging is achieved with heated WFNA (White Fuming Nitric Acid, a highly concentrated HNO3 solution) in order to utilize UV erasure.


Live-decapping with HNO3

Live-decapping, as opposed to decapping, means etching the package to expose the die while keeping the sample in working condition for further analysis.

Using heated WFNA is sufficient for this sample. The EP900 has gold bond wires which won’t be eaten with HNO3. Lower concentrations of HNO3 will work for samples, like the EP900 that have gold bond wires, but will take longer to etch the epoxy. However, lower concentration HNO3 solutions will eat copper bond wires due to the water content of the solution. In such cases, samples with copper bond wires can be decapped with a mixture of HNO3 : H2SO4.

Before depositing WFNA on the sample, it is suggested to mill out an oval depression over the center of the package, where the die will likely be underneath. This reduces the amount of WFNA required to expose the die and reduces the chance of making a mess.

There are a few excellent guides on acid decapsulation, some of them referred to in the decapping references section. In addition, here is my process for this particular target:

  1. Mark the center of the package in preparation for milling. The suggested depression depth range for a PDIP40 is 0.035″ - 0.040″ (0.89 mm - 1.01 mm).

    Center mark for the EP900

    Center mark for the EP900

  2. Place the package snug on an adjustable parallel, and place it on a mount for milling. Mark the package with the endmill to make sure it’s centered with the center marking.

    Verifying that the endmill is centered

    Verifying that the endmill is centered

  3. Carefully mill the depression. Once you get the required depth, move the sample back and forth to get an oval depression.

    Partial milling of the epoxy packaging

    Partial milling of the epoxy packaging

  4. Measure the depression depth from its center with calipers. If the measurement falls within the depth target described above, the sample is likely ready to be placed on the hotplate. If there are indications of bond wires or the die (shiny features in the epoxy), you may have milled too far and a new sample should be milled with an adjusted depth.

    Target depth achieved

    Target depth achieved

  5. Set the hotplate to 200 F - 215 F (90 C - 100 C) and place the sample on it. Once heated, use a pipette to place 2 - 3 drops of WFNA in the depression. Wait until it starts bubbling (10 to 20 seconds), then remove the sample and spray it with dry acetone to remove the reaction products.

    Bubbling WFNA at 200 F

    Bubbling WFNA at 200 F

  6. After the acetone dries off, check the status of the decap. In this case, the bond wires are exposed after the first round.

    Partial decap (first round)

    Partial decap (first round)

  7. Repeat steps 5, 6 and 7 until the die is fully and cleanly exposed. In this case, a fourth round is required to remove the epoxy residue from the die.

    Partial decap (third round)

    Partial decap (third round)

  8. Once satisfied with the initial results, inspect the die and bond wires under an inspection microscope for any potential damage and attempt to read an ID code from the sample with a programmer.

Handling white fuming nitric acid requires considerable precaution. Fuming HNO3 reacts exothermically with water and especially acetone, requiring special care when neutralizing it and storing it in waste containers. WFNA, in particular, will react exothermically with latex and nitrile gloves. Breathing the fumes in can be particularly unhealthy, and skin contact will result in burns.

I use a fumehood to isolate the fumes, a respirator for extra precaution, a long-sleeve labcoat, latex gloves (I will have about five seconds to remove them if they come into contact with a drop of WFNA, and I usually notice it since it will get really hot), and baking soda to neutralize any spills.

Concentrated nitric acid is no joke. Do your research before using it, starting with this database of hazardous materials and the references below.

Decapping references

  1. Siliconpr0n [chemical:hno3]

  2. Siliconpr0n [equipment:chemistry:safety]

  3. Siliconpr0n [tutorial:tutorial_on_epoxy_decapsulation]

  4. Siliconpr0n [decap:epoxy_acid]

  5. Integrated Circuit Failure Analysis: A Guide to Preparation Techniques, Friedrick Beck, Chapter 2.3


Identifying EPROM on the EP900

With the target decapped, verify that the sample is still operational and is erasable via UV. Also verify that the security bit is erasable under UV applied perpendicular to the die. In many cases, with EEPROM in particular, the security bit cells are covered with a metal shield, which might require placing the target at an angle with the UV light source. The EP900 does not have such a shield.

There are four large memory structures, as viewed under an inspection microscope. The datasheet does not indicate the presence of SRAM on the die, so it’s likely that all four of the memory structures are EPROM.

EP900 die with EPROM regions marked

EP900 die with EPROM regions marked


Masking EPROM and identifying the security bit cell

The masking process is the same as described for masking EPROM on an 8752. This time I use a strand of my own hair for the brush with satisfactory results.

Applying nail polish to the EPROM regions of the EP900 die

Applying nail polish to the EPROM regions of the EP900 die

After a couple attempts of covering the EPROM structures and applying UV, the security bit is still set. It appears that the security bit is stored in one of the EPROM structures. The EPROM structures are covered one at a time until it is no longer possible to clear the security bit under UV.

Leaving the bottom-left EPROM structure uncovered under UV clears the security bit. To verify the location of the security bit, the entire die except for one of the corners is masked, based on the assumption that the security bit would be stored in the first or last row and column of the memory structure.

The assumption is correct. After reprogramming the test pattern, setting the security bit, leaving the bottom-right of the EPROM structure unexposed, and clearing the security bit with UV, a readout of the EP900 yields a matching checksum (0x2ED3) to the test pattern. Success!

Nail polish surrounding the security bit region

Nail polish surrounding the security bit region


Results

We get a fairly precise idea where the security bit is for the EP900, but leaving the security bit unmasked while protecting the bitstream is rather tricky. Had it been possible to use a test pattern filled with 1s, it would have been clear if the mask achieved full coverage. Had any bits been lost, it could have been possible to brute-force the remaining bits of the bitstream.

For this case, there might be better or more controllable masking materials that could be used, other than nail polish. A fine cut of tape might have made this task a bit easier.


Acknowledgements

Thank you John McMaster for letting me visit his homelab again, where you lent me your equipment and expertise while working on this project!


  1. Altera Parts History (John Lazzaro) [return]
  2. EP300 Datasheet [return]
  3. EP900 Datasheet [return]


Return to blog home

Please send all feedback and errata to blog@inach.is

Twitter RSS