FPGA Bitstream Reverse Engineering

Presented at DEF CON 18 (2010), July 30, 2010, 3:30 p.m. (20 minutes)

FPGAs are a hot topic at the last few Defcons, but we have not seen much talk of hacking FPGAs. In this talk, we present two tools: one to decompile bitstreams into netlists, and one to decompile netlists into Verilog code. For those not familiar with FPGA internals, we will discuss how they work and their bitstream formats. It is highly recommended that attendees know at least some digital electronics/logic design basics.

Presenters:

• Lang Nguyen - Security Researcher
  Lang Nguyen wanted to design spacecraft as a kid in Ukraine, but got sidetracked growing up. His first real programming experience was writing demos for the NES emulator in 6502 assembly. He thus got hooked on low-level hacking, electronics, reverse engineering, and the intersection thereof. His projects have included reverse engineering the bytecode format used in obscure BASIC compilers, a homegrown method for drawing surface-mount PCBs, and a fast PDF reader for the iPhone. The last few months he spent playing with FPGAs. He is now attending UCLA as a CS&E major.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Nguyen

Similar Presentations:

• 32C3 (2015) / A Free and Open Source Verilog-to-Bitstream Flow for iCE40 FPGAs
• 30C3 (2013) / FPGA 101: Making awesome stuff with FPGAs
• ToorCon San Diego TwentyOne (2019) / 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans