@EUCommission if you got an issue with my VPN, you got an issue with me!

@stux What's that about?

Removing the RDL gives us a better view of the die. There seems to be 1 aluminium plating layer plus at least 3 metal layers going down. It's hard to say for sure at this time.

2/n

Greetings. This is #nakeddiefriday and today I got one on a reader's request.

I was kindly provided with the ASIC chip from the new #Lego Smart Brick. It is the one marked DA000001-04, which nobody really knows what it is and who made it. There were suggestions it was made by Dialog but no solid evidence AFAIK.

The first image is with the die intact. You can see a ball pad array on the redistribution layer. RDL is made from polyimide with copper traces, not unlike flex PCBs. It is bonded to the silicon die pads on the perimeter. Unfortunately, RDL considerably obscures the die.

Full-res map: http://infosecdj.net/map/csem/da000001-04/infosecdj_mz_nikpa40x/ (layered)

1/n

#electronics #reverseengineering #icre

@da_667 Welcome to the club!

Yes, the "responsible" disclosure was designed to push as much responsibility to whoever finds The Bug and absolve everyone else. It is an emotionally-charged term, and I think purposefully so. You are supposed to feel bad about *not* doing it or doing it in a way The Company disagrees with. I mean, think of the children^W^W^Wusers! And then when you, in your silliness, try to do the supposedly right thing, and get a legal threat back -- well, folks, that ain't kind of the responsibility I remember ever taking upon myself. If I get threats and violence for doing supposedly good, I ain't doing good no more, sorry. Not interested. Maybe someone else will, I don't care. So I say we treat vulnerability disclosure as proper journalism, according to Orwell: "Journalism is printing what someone else does not want published; everything else is public relations."

Yes, the select few have made a fortune on bug bounties or whatever, but the vast majority gets breadcrumbs and the feeling of Doing The Right Thing. That feeling is where they got us. Taking responsibility for someone else's fuck-ups and feeling guilty for not being responsible enough, that's so weird, man. I didn't put the bugs in there, you did, dear company, by hiring the cheapest contractors to do the job and firing the one person who actually cared. We all know how it goes. After all, nothing a company does is in the interest of the end user or anybody else but the company itself and/or the shareholders.

So yeah, got a 0-day? To full disclosure, or sell it off if that's your thing. At least remember you got a choice here.

Sorry for a bunch of words, the topic hits rather close here too.

@FritzAdalis I am making some shorts from scratch, and indeed, installing the zipper is the most difficult sequence of steps in the whole ordeal.

I managed to sew a fly zipper and it is not horribly wrong! yay

...a task that's supposed to be not too complicated took almost a day.

@gloriouscow I understood what the flaw was right when he picked up the battery leads... We learned nothing as an industry. Or at least the knowledge does not seem to propagate.

Hellooooo, I see it is #nakeddiefriday today, so here goes.

This one is the MC33592FTA by Motorola/Freescale, a RF receiver chip built on a 2-met polysilicon gate CMOS process. The die is rather on the small side, consider the size of bonding pads in relation to the overall area.

Full-res map: http://infosecdj.net/map/motorola/mc33592fta-l97p/infosecdj_mz_nikpa60x/

#electronics #reverseengineering #microscopy

The standard cell library used elsewhere on the die looks rather unusual; both poly and diffusion features make large excursions outside power distribution rails.

At the top of the snippet is what looks like an autorouter bug.

At the bottom of the die are several pieces of special CMOS circuitry, I suspect this is where the VCO lives. Several prominent capacitor structures can be seen, formed between the poly layer and the substrate.

In the bottom left corner we have what looks like a die ID (D930 0001A) along with e-test features. These are two transistors with a common gate wire, which apparently has an ESD protection diode as well.

Hi! A little bit late in the day, but #nakeddiefriday is still happening today.

And today's exhibit is TC8568AM by Toshiba. This is a VFO to be used in floppy disk controllers. This is made very prominent on the die itself. Interesting how such a discrete part was still made in early 90s, where I kind of expected them to be replaced by fully integrated parts. A really short thread will follow.

Full-res map: http://infosecdj.net/map/toshiba/tc8568am/infosecdj_mz_nikpa40x_66p/

Many thanks to @RueNahcMohr for supplying this sample!

#electronics #reverseengineering #microscopy