Reverse Engineering Tool with Xilinx FPGAs
Previous blog has information about different techniques with FPGA reverse engineering , continuing with the different tools ,BIL was explained continuing the tools next tools are Debit, Bit2nd
2.Debit
Debit was the first tool design for reverse engineering attempt targeting the Xilinx FPGA chip .it has since served as a good example of various reverse engineering tools, since its algorithm reveals the correlation between the XDL and the bitstream. Figure shows a conceptual diagram of the Debit flow, with importance on the XDL extraction from the bitstream. The Debit is an open source tool available from Github, and is only supported by the Linux.
When the power is supplied to FPGA board, the next step is downloading bitstream from the external memory to the FPGA, and the data is placed inside the FPGA according to the sequence of FPGA architecture. The first step towards the FPGA configuration memory start by the indication of frame of the FAR. Then Each frame of the configuration data, except the first frame in the actual bitstream, does not include the FAR data, while the corresponding FAR data is calculated through the auto-generated function. Therefore FAR data valued need to be reduced, it is done so that the FAR data is displayed in front of each frame of the bitstream, and the auto-generate function can be extracted separately using the -frame dump option in the Debit tool. FAR data has been extracted, so the configuration data is separated from the bitstream, and its taken to the target site which can then be estimated. Also there is possibility to dump the site configuration data of each individual FPGA product group through the -site dump function of the Debit tool.
3.Bit2nd
The previous blogs and the tool explain in this blog i.e Debit and BIL tools was not able to information of pip map of the primitive sites and other tiles, which finally result in incomplete recovery of PIP information . It has been experimentally seen that PIP and PLP has the common control bit, and because of this neither the Debit nor BIL can be used to reverse the PLP part of the information , because they do not consider such not useful data. Figure has shown a conceptual diagram of the Bit2ncd flow. The circuit that is design is created by the primitives in the FPGA devices such as LUTs, Muxes, and FFs, and they are made to be fixed at some specific locations which is done using UCF file which helps to specify I/O pins which helps to find the pattern when creation of the bitstream is done. After the this XDL file has been generated, with CLB information which can be found in XDLRC, and XDLRC file is modified only once for PLP. After that the XDL is modified which include all possibility of PLPs of the FFY, which is a set of modified XDL which is then ready. The generated XDL set, which is also called as analysis script group (ASG), is converted into an NCD file by using -xdl2ncd function provided by the ISE design suite, and then the NCD file is converted into the bitstream using bitgen. This process can be related to construction of a mapping table of PLP and PIP. In Electronics 2018, one example in which PEER REVIEW 9 of 15 LUTs, Muxes, and FFs, and they must be in a fixed at locations using a UCF file which specify I/O pins to find the pattern when creating the bitstream. To have more efficiency in generation of a mapping table, a distributed processing system is used.
