Programmable Devices
CPLDs, FPGAs, SoC FPGAs, Configuration, and Transceivers
21607 Discussions

Reverse engineering a Cyclone III system?

Altera_Forum
Honored Contributor II
‎03-17-2010 03:53 AM
2,018 Views

I have a design that runs on a Cyclone III Starter Board. This board uses active parallel configuration and an Intel 128P30-type parallel flash memory. In my design the flash also contains Nios II code. The Cyclone III is not an LS type. 

 

My question is this: How likely is it that someone could reverse-engineer my FPGA design by reading the contents of the flash memory? I realize that the Nios code is not protected at all, but how hard would it be to understand the FPGA configuration? The configuration is moderately complex as it includes the Nios II, an SOPC system with many memories, and quite a bit of custom DSP logic. 

 

Thanks in advance for any comments.
0 Kudos

Link Copied

3 Replies
Altera_Forum
Honored Contributor II
‎03-17-2010 07:07 AM
1,007 Views

I've seen scientific papers, that showed the principle feasibility of extracting netlist information from FPGA configuration bitstreams.

0 Kudos
Copy link
Altera_Forum
Honored Contributor II
‎03-17-2010 08:23 PM
1,007 Views

i once did a test setting a single M4K/M9K to all 0s and then all 1s and did a diff on the resulting SOFs . the results were different enough that it looked too tedious to reverse engineer. i suppose its possible, but you'd think it would be faster to actually develop the IP yourself.

0 Kudos
Copy link
Altera_Forum
Honored Contributor II
‎03-17-2010 08:36 PM
1,007 Views

Reverse engineering is always possible. The question in these cases is always how much resources, mostly time and money, are available to those that want to do the re. 

 

It is not easy. AFAIK there is no automated tool to convert from configuration bitstream to netlist for Altera devices. At least not widely available, but it is possible that specialized reverse engineering companies do have the technology. 

 

But even after getting a netlist, still a lot of work is required to make a high level reverse engineering. And this brings thepancake's point, that in many cases it is easier and faster to implement the same IP from scratch.
0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.