RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | March 22, 2016

Inside the IOActive Silicon Lab: Interpreting Images

In the post “Reading CMOS layout,” we discussed understanding CMOS layout in order to reverse-engineer photographs of a circuit to a transistor-level schematic. This was all well and good, but I glossed over an important (and often overlooked) part of the process: using the photos to observe and understand the circuit’s actual geometry. Optical Microscopy Let’s start with brightfield optical microscope imagery. (Darkfield microscopy is rarely used for semiconductor work.) Although reading lower metal layers on modern deep-submicron processes does usually require electron microscopy, optical microscopes still have…

Andrew Zonenberg
Blogs | RESEARCH | February 24, 2016

Inside the IOActive Silicon Lab: Reading CMOS layout

Ever wondered what happens inside the IOActive silicon lab? For the next few weeks we’ll be posting a series of blogs that highlight some of the equipment, tools, attacks, and all around interesting stuff that we do there. We’ll start off with Andrew Zonenberg explaining the basics of CMOS layout. Basics of CMOS Layout   When describing layout, this series will use a simplified variant of Mead & Conway’s color scheme, which hides some of the complexity required for manufacturing.   Material Color P doping   N doping   Polysilicon…

Andrew Zonenberg
Blogs | INSIGHTS | November 1, 2007

Unmarked Die Revisions :: Part II

[NOTE- This article will describe a process known as “Wet-Etching“.  Wet-etching is a process that can be very dangerous and we do not recommend anyone reading this try it unless you know what you are doing and have the proper equipment. The chemicals required such as Hydrofluoric Acid (HF) attack bone marrow.  HF is painless until several hours later when it’s too late to take proper action so please be careful and be responsible. ] Previously we discussed noticing Microchip making changes…

IOActive

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)