The reverse design is actually the reverse design of the chip. It is through the extraction, analysis and finishing of the internal circuit of the chip to realize the deep understanding of the chip technology principle, design ideas, process manufacturing, structure mechanism, etc., which can be used to verify the design framework or Analyzing the technical aspects of information flow can also help with new chip designs or product design solutions.
The significance of reverse engineering of chips: The market competition of the modern IC industry is very fierce, and all products are changing with each passing day, making it necessary for IC design companies to continuously develop new products and maintain their own competitiveness. IC design companies often have to enter a completely unfamiliar application and technology field according to market demand, which is a high-risk investment behavior. And timely understanding of the cost and technical advantages of similar competitor chips becomes an inevitable task. Reverse engineering seems to be one of the solutions if it is the most difficult problem to design an engineer in the shortest possible time to design the circuit in the most efficient way. Reverse engineering can make the entire IC from the package to the layout of the circuit, using the internal structure, size, material, fabrication and steps to restore one by one, and can restore the circuit layout to circuit design through circuit extraction.
At present, foreign integrated circuit design is very mature, foreign technology has reached 10nm, and the country is in the development stage, the process has reached 28nm. Regarding the development of integrated circuits, there is no information on the network. For IC designers, it is very helpful to understand the entire process of IC design for IC design. However, there seems to be no more detailed introduction to the entire process of IC design on the Internet. It is only a summary of the four main sections of design, manufacturing, testing, and packaging. Some of the data are scattered. Just a single detail, some just talk about the use of a tool software but do not know which process the software is used in, and the tool software that each process may use is not too clear (this view is only The conclusions from personal experiences are not necessarily the same).
Chip forward design and reverse design. At present, several large design companies in the world are mainly positive design, and the reverse design is only used to check whether other companies plagiarize. Of course, the original purpose of chip reverse engineering was to prevent the chip from being copied, but it later evolved into a solution adopted by small companies to design chips faster and more cost-effectively. At present, more and more companies are gradually transforming into positive design in China, and they are gradually getting rid of their dependence on reverse design. Of course, there are quite a few companies in the early stages of development, and there are quite a few natural reverse designs. This article begins with a summary of the reverse design of the chip.
"If you want to do something good, you must first sharpen your tools." With the continuous development of integrated circuits, whether they are forward or reverse design, they are more and more dependent on tools. Therefore, before we start to talk about the design process, let’s take a look at what we will use. Which main tools and auxiliary software are available.
First, the main tool software.
When it comes to design tools, you can't help but mention the three major EDA vendors - cadence, synopsys, and mentor. The software of these three companies covers almost all the tools available for the chip design process. The first is cadence, the company's most important IC design tools are the candence IC series, including IC 5141 (currently new version of zui is IC617), NC_VERILOG (verilog simulation), SPECTRE (simulation), ENCOUNTER (automatic layout) Synopsys, the most famous is its comprehensive tool design complier, timing analysis tool prime time, simulation tool hspice, etc.; Mentor's most famous tools are calibre (layout DRC LVS check), modelsim (verilog simulation).
These are the most commonly used tools for IC design, whether they are forward or reverse. Of course, as the software version is updated and iterated, the name of the software may change, not the names mentioned above. In addition, these tools are mainly concentrated on the operating system with linux as the kernel, mainly representing Red Hat. So the knowledge about the Unix\linux operating system is still necessary. This kind of system is very different from the Windows system. To learn to use these softwares, you must first learn the relevant knowledge of these operating systems. . Some tools have windows versions, such as hspice, Modelsim.
Second, auxiliary tools software.
Of course, in addition to the IC design tools of the three major EDA vendors, the software Quartus ii, ISE, and KEIL development environments of Altera, Xilinx, and Keil Software are all indispensable tools for the IC design process. They are used for the development of FPGA and microcontroller ARM chips. This type of software will be useful in the development of CP test and chip application solutions for chips.
Layout extraction tools, NetEditorLite, ChipAnalyzer, these two tools are mainly for chip reverse design.
Algorithm design tool, MATLAB, this tool has a wide range of applications, but for chip design, it is more suitable for algorithm prototyping, for example, communication algorithms.
PCB layout tool, Altium Designer, Orcad, Allegro. Among them, Orcad, Allegro is the main software in the cadence circuit system design kit, and Altium Designer is the most commonly used software, its predecessor is Protel.
Labview and digital source meter, this pair of hardware and software is mainly used for semi-automated testing of chip electrical parameters, especially analog chips. The purpose is for chip design companies to analyze chip sample parameters.
How to use these tools will be explained in the following article. Ps: There is no specific description of the software usage environment, generally used in the windows environment.
Start with the reverse design. Below is a flow chart of the reverse design of the chip I have organized.
First, the reverse design master plan
In the early stage of development of a new chip, there must be a master plan for design. The most important question is whether the chip can bring benefits. After all, the company depends on products to eat. How to evaluate whether the chip can bring revenue? It takes years of experience to make an accurate assessment. It is generally to see which chips in the market are selling well, and sales in the next few years are bullish, and assess whether the company has the ability to design and sell channels. The chip cost to be considered has the following items:
1, chip filming costs;
2, the time cost of the chip from project to delivery, the time process causes the chip to be designed, and the market is no longer needed;
3, the cost of filming;
4, the authorized use cost of the tool software;
5, test costs, including CP test and finished product test and other costs required to build a test platform;
6, packaging costs.
After making these costs an appropriate estimate, look at the benefits. For the income component, this is related to the market demand and sales trend, and needs to be considered in many other aspects. After the revenue problem is solved, it is clear that the project can be profitable, then it can be officially started. The pile of things mentioned above is actually part of the project feasibility analysis. But in fact, some companies do not consider that much, because these feasibility analysis itself is very difficult. Which chip is reversed? Selecting a chip from a large company to reverse it generally has a higher success rate. After the chip is selected, the film is taken. The chip is usually anatomically filmed between 1 week and 1 month, depending on the size of the chip.
Second, the process selection
This depends on the chip layout returned from the film, through the identification of the chip layout, to determine the process of the chip layout to be reversed, and then according to the company's own process documents (these process files are from domestic or foreign chips) The manufacturer provides, provided that the company has to work with them to obtain the process documentation. The two are compared and a suitable process is selected for subsequent simulation, layout drawing and tapeout. The problem of process selection needs to be very familiar with the process owned by the company, and it should be solved by engineers who are familiar with the layout. He needs to be able to clearly identify the process used through the layout. Of course, the process is sometimes replaced repeatedly during the design process, because there are many parameters, such as the success rate of the film, and other complex factors. This step is actually called process feasibility analysis. In fact, it should be attributed to part of the project feasibility analysis. However, since it must be filmed, it can only be explained separately.
Third, the layout extraction
After the process feasibility analysis in the previous step is completed, it is confirmed that the process can be matched with the layout, and then the layout extraction work can be performed. The work in this part is mainly to identify the tubes in the layout and symbolize them. The tools used are:
NetEditorLite or ChipAnalyzer, which is a layout extraction tool, uses different layout extraction tools for chip production in different companies. The role of this type of software is a picture viewer, the picture is the data is the photo.
Virtuoso schematic software in cadence IC5141, this is the circuit diagram drawing software.
The whole process is to open the chip layout data of the film with NetEditorLite or ChipAnalyzer, manually identify the inside of the tube (diode, triode, MOS tube, etc.), and then use virtuoso schematic to symbolize the tube and put the tube between The connection is connected.
Issues to be aware of for schema extraction:
The first time you carry out the layout drawing, you may not know the pipe, you need someone with experience to help identify it, and it is easy to be familiar with it;
The shape of the tubes of different processes is different, so if you encounter a tube that you don't know, you can rely on others to help, or you can only reason by yourself;
To have good pipe naming habits, each company should have provisions, which will be of great help to the subsequent work;
Try to place the layout of the tube (the layout of the circuit diagram on the virtuoso schematic) according to the layout of the layout, which will speed up the process of looking for the tube when comparing the circuit diagram and layout;
When arranging the extracted circuit, it is necessary to create a new circuit diagram to place the finished circuit. Do not arrange it on the newly extracted circuit diagram to facilitate comparison with the layout data during finishing.
Fourth, the circuit finishing
After the layout is extracted, the next step is the circuit finishing. The extracted circuit diagram is confusing and has no hierarchical relationship. So how do you organize them into hierarchical relationships so that you can understand them at a glance?
1. This involves some common sense about the chip. The chip is divided into a digital chip and an analog chip, but the digital chip must contain analog circuits, while the analog chips may not contain digital circuits. They have the following general characteristics:
A, digital chip, must have clock oscillation circuit, reset circuit, these analog circuits. There must be registers, and the most area-consuming portion of the entire digital portion is often the register. The amount of registers used is very large, so what is presented on the layout is a circuit with a large number of images, which are often registers.
B. Analog chip with bandgap reference circuit.
2, finished the chip layout common sense, another important tool to help understand the extracted circuit is the data sheet of the chip to be reversed! This is the most important, all of our information about the chip is from the data sheet Come on. Therefore, we must make good use of DATASHEET! In the chip data sheet, the function of the chip is generally explained, and how the chip operates will be explained. These instructions will help us to organize the circuit.
For example, the chip manual says I2C is used, so there must be a large circuit in the circuit that belongs to I2C. In general, the layout of the layout is to put together the tubes that belong to one function. The characteristics of the I2C circuit can be known from the principle of the I2C protocol, which is two signal lines, one clock, and another data line. Data is generally convenient for parallel transmission inside the chip. Therefore, the I2C circuit must have a serial-to-parallel conversion circuit, and the serial-to-parallel conversion circuit is generally a register, and is generally 8 bits. According to this inference result, in the extracted circuit, eight registers are found together, one of which is a part of the I2C circuit, and then searched according to the I2C PAD bit of the chip layout, and the connection is connected to the set of registers. Then the entire I2C circuit is identified. therefore,
a, relying on the chip manual to explain the function of the chip,
b, plus some common sense knowledge of the chip,
c. Adding the individual's reasoning about the circuit principle, the circuit can be sorted out relatively quickly. Gradually understand the principle of the entire chip. Of course, due to the huge relationship of the chip circuit, sometimes the circuit does not need to be completely clarified, and the circuit that is not so important can be ignored. Just make sure that the connection is not connected wrong. At this stage, only the virtuoso schematic software of cadence ic5141 is used.
Fifth, circuit simulation and modification
The circuit is organized, and the next step is to simulate and modify the circuit, according to the process selected by the process selection step. First explain the tools used in this phase:
1, cadence spectre, generally integrated in the cadence ic5141, is the analog circuit simulation tool (ps: the most original version is integrated inside the IC5141, but the function is not complete, so you need to install a new version separately, the software name is MMSIM61, with the version Upgrade, its name is also modified), of course, digital circuits can also be simulated, the essence of digital circuits is analog circuits;
2. Synopsys' Hspice, the same simulation tool as Spectre, has some differences.
3, Mentor's Modelsim, mainly used on windows, used for verilog netlist simulation.
Analog circuit simulation workflow: Set up the simulation environment in cadence, set the simulation parameters, select spectre or hspice, and then you can simulate. Alternatively, you can export the circuit to a CDL netlist, copy it to Windows, and simulate it with the Windows version of Hspice. This has the advantage that Windows is easy to operate. Also explain a difference between spectre and hspice. When spectre simulation, the data of all circuit nodes will be saved. The advantage of this is that it is convenient to view the data of each node. The disadvantage is that the simulation takes too long and the saved data file is too large. This is very complicated when encountering large circuits. Time-consuming (I don't know if the new version is improved, I haven't used the new version of spectre). Before hspice simulation, you can select the node you want to view, which can reduce the simulation time and reduce the size of the data file.
Digital circuit simulation workflow: In the virtuoso schematic, the digital circuit part of the finished circuit path is exported into a netlist file, and then copied to the windows system for simulation. The simulation of the digital circuit netlist on the windows system uses Modelsim. (The reason for this is that the Linux system is not very convenient.) Using Modelsim simulation, the most important thing is to write testbench (it seems that this sentence is nonsense).
Regarding the modification of the circuit, this part is actually not easy to summarize, because each chip has different parameters, and the places to be modified are not the same. What I know is that the places that must be considered for modification are often related to analog circuits. For example, clock oscillation, reset circuit, open-drain output tube, bandgap, etc., the purpose of the modification is to adapt to the currently selected process to meet the parameter requirements of the chip datasheet. In addition, the digital part of the circuit is generally not required to be modified, but sometimes in order to save the layout area, it will reduce the size of the register tube, after all, shrinking one is equivalent to reducing dozens. This phase is actually a continuous iterative process, which is combined with layout drawing to ensure the integrity of the chip's functionality and performance.
Sixth, layout drawing
This part can be started after the circuit is finished, and with the circuit simulation and modification, the drawing of the night layout is gradually implemented. The main tools used in this phase are 1. cadence ic5141 layout drawing software; 2, cadence Dracula Diva or Calibre, which are used for layout DRC (design rule check), LVS (layout consistency check); in general, Calibre will be more common, after all, this is one of Mentor's signature software. After the layout is drawn and various checks are made, you can tapeout and prepare for the tape.
Seven, test specifications
The IC designer is ready to develop the CP test specification after the chip tapeout. This is the general outline of the next CP test process, which is very important. The test items of the test specification are mainly derived from the chip datasheet, and the important parameters are set as test items, and the reasonable distribution range of the parameters and the test method (flow) of each test item are specified. These test parameters and test methods will determine the test environment ATE (auto test environment) used in CP test development.
Eight, CP test development
According to the test specification, the required test tools can be selected to build the entire test environment. I know that the testers used for chip testing are JUNO DTS-1000, ASL1000, V777, STS8200 and so on. Each tester is suitable for different types of chip test. The tester is mainly divided into three categories: digital test, analog test and digital-analog hybrid test. The work required for CP test development is: 1. The choice of tester (ps: An important factor to consider at this stage is how many bare cores are tested at a time, that is, how many sites are often said by CP test, which is related to The preparation of the subsequent test program and the production of the DUT board are very important); 2. Develop the test program according to the tester; 3. Make the DUT board for the test bare chip, and the needle of the PAD position is made by the test factory and soldered on the DUT ( Ps: DUT board is sometimes called needle card); 4, homemade tester (optional), when the tester can not complete the requirements of some special test items, you have to make your own tester. For example, the frequency sweeper used in the infrared receiver chip test, if using a non-self-made frequency sweeper, the test time will be very long, you must make it yourself. 5. Analysis of test data. Analysis of test data facilitates improvements in test methods and improvements to chip design. The CP test occupies an important position in the reverse design of the whole chip. The manpower and material resources are very much, and it is necessary to communicate frequently with the test factory, so the CP test is very complicated. After the CP test is developed, the COB test is performed, and then the debug phase of the CP test and the formal batch test phase are performed.
Nine, COB test
The so-called COB test is actually the Chip On Board (which solders the bare core on the PCB or solders the packaged chip to the PCB and pulls out the leads), which is a test performed before the CP test ( Also after the finished product test, it is used to initially judge the function and performance of the chip. If the functions and performance of several chips randomly sampled in this batch are bad, it is not necessary to perform CP test for the time being. In addition, COB testing has more flexibility than CP testing, allowing you to test more test items and get more comprehensive information about the chip. Of course, the COB test also needs to develop a corresponding test environment. The development work varies greatly depending on the chip. For example, if there is a chip with an I2C communication pin, a USB to I2C chip, such as FT232, is required. By programming on the computer, the chip to be tested is controlled by controlling the USB to I2C chip. In this case, building the entire test environment will be more complicated. In the case of analog chips, such as power management chips, LabView programming is required to control the digital source meter for automated parameter measurements. In short, COB testing is also a relatively important process in chip design. The work content of this part is more difficult to describe. Simple, just use the source source meter to test several parameters. The complex ones will be semi-automatic based on the form of software control. test. Specifically, 1, develop a program developed on the PC side, such as LabView; 2, design the test chip chip board, and leave the interface with the PC communication, usually using a single-chip as the main control chip; 3, build test needs The environment, such as the shading requirements. The process is simple to describe, but the actual development is not easy, and the difficulty varies depending on the chip to be tested.
Ten, test development
After the CP test is completed, the die can be sent to the test factory for dicing and packaging. During this period, the IC designer's work is based on the specification of the finished product test and the development of the finished product test. This part of the work is actually similar to the work of the CP test, except that compared to the CP test, the test items of the finished product test will be much less. Many of the test items used in the CP test, such as burn-in, the finished product test will not be carried out, and the rest of the steps are consistent with the CP test.
XI, reliability test
When the chip is packaged and passed the finished product test, it does not mean that the chip test is over, and there is chip reliability test. After the end of the test and returning the sample to the designer, the designer will also need to perform a COB test, and at this time reserve a few chips and not participate in the next reliability test. These chips will be after the reliability test. Used as a comparison.
Chip reliability testing is a test that measures the quality and longevity of a chip. It specifically includes three major items: environmental testing, EMC testing, and other testing. Subdivided items include high temperature and low temperature test, high temperature and high humidity test, antistatic test, etc. All test items can refer to IC reliability test items. Each chip has a reliability test item corresponding to it, not all test items must be tested. We only need to pay attention to the test items that are compatible with the chip. How to determine the test item specifically depends on the use of the chip. For each use, its test requirements are different. The reliability test experiment is relatively simple, but the reliability of the chip is measured by this. The test tools required for reliability testing are expensive, and of course the reusability of the tools is better. Each test item corresponds to this set of test equipment.
Twelve, finished product development
The designed chip must be configured with the corresponding usage plan in order to promote the chip, and the customer can use the chip better. Different kinds of chips, its use scheme is different, the difference is also very huge. Like microcontrollers, ARM, FPGA-based chips, the configuration is not a simple use solution, but a set of systems that use it. The power management chip needs to be configured with a set of application solutions of the power management chip, and needs to be competitive, so that the chip can be sold. Therefore, product development is the key to whether the chip can be sold. The development of finished products that I have come into contact with is basically based on the development plan of the microcontroller as the main control chip. The specific development process will be described in more detail later.
Nissan Cylinder Head Gasket Kit
Head Gasket,Engine Head Gasket,Nissan Gasket Kit,Nissan Cylinder Head Gasket Kit
Foshan Evictory Diesel Spare Parts Co., Ltd. , https://www.evictoryparts.com