Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

GAL chip reader

272 views
Skip to first unread message

Gang Li

unread,
Feb 16, 1994, 10:09:26 PM2/16/94
to
I wonder if anyone would be interested in a GAL chip reader. This device
can read the contents of a GAL chip even if the security cell is activated.
It can read most (if not all) GAL chips of LATTICE and National Semiconductor.
The device can read the contents in a few seconds and may even be able to
derive the logical expression. I would also like to know the legal aspect
of marketing such devices.

Cheers. --gang


--
The opinions expressed are not necessarily those of the University of
North Carolina at Chapel Hill, the Campus Office for Information
Technology, or the Experimental Bulletin Board Service.
internet: laUNChpad.unc.edu or 152.2.22.80

Dan Lanciani

unread,
Feb 18, 1994, 5:55:52 PM2/18/94
to
In article <2jun56$7...@samba.oit.unc.edu>, Gan...@launchpad.unc.edu (Gang Li) writes:
| I wonder if anyone would be interested in a GAL chip reader. This device
| can read the contents of a GAL chip even if the security cell is activated.
| It can read most (if not all) GAL chips of LATTICE and National Semiconductor.

Did you solve the logical problem in general, or exploit some interesting
electrical property of the specific manufacturers' devices? It's obvious
how to extract the information in combinatorial cases and you can model
fully-registered devices (e.g., 16R8) as simple state machines, giving
you the layout after some reduction. I was never able to convince myself
one way or the other whether you could extend the latter case to arbitrary
combinations of registered and feed-back logic, though.

| I would also like to know the legal aspect
| of marketing such devices.

I'm sure *someone* will object.

Dan Lanciani
ddl@harvard.*

LE...@qucdn.queensu.ca

unread,
Feb 18, 1994, 11:45:56 PM2/18/94
to
In article <2...@ddlgw.UUCP>, d...@harvard.edu (Dan Lanciani) says:
(in responding to Gan...@launchpad.unc.edu)

>
>how to extract the information in combinatorial cases and you can model
>fully-registered devices (e.g., 16R8) as simple state machines, giving
>you the layout after some reduction. I was never able to convince myself
>one way or the other whether you could extend the latter case to arbitrary
>combinations of registered and feed-back logic, though.

One of the interesting thing is the configuration of the GAL chip is
visible even if the sercuity fuses are 'blown'. In NS databook, they
outlined the Register Preload specs that allow one to load up all the
macro-cell to any desired data pattern. Using that allow one to
test out all the states in the GAL chip. With that and brute force
testing, one can easily crack a GAL code.

>| I would also like to know the legal aspect
>| of marketing such devices.
>
>I'm sure *someone* will object.

In my personal view, it is almost a 'clean room' approach that some
'clone' chips manufacturer makes a living.

You simply make a chip that have the same behaviour of the other chip
without using the actual code burn in. I do not have a knowledge of the
copyright laws nor am I trained in the profession.

> Dan Lanciani

K. C. Lee

Gang Li

unread,
Feb 19, 1994, 3:39:22 PM2/19/94
to
In article <2...@ddlgw.UUCP> d...@harvard.edu (Dan Lanciani) writes:
>In article <2jun56$7...@samba.oit.unc.edu>, Gan...@launchpad.unc.edu (Gang Li) writes:
>| I wonder if anyone would be interested in a GAL chip reader. This device
>| can read the contents of a GAL chip even if the security cell is activated.
>| It can read most (if not all) GAL chips of LATTICE and National Semiconductor.
>
>Did you solve the logical problem in general, or exploit some interesting
>electrical property of the specific manufacturers' devices? It's obvious

No, the device does not solve the logical problem in general. That
actually is the beauty of this reader. It reads the original contents of
the chips instead of deriving it. So it does not matter how complicated the
logical expression can be. I am not the designer of this reader, so I do
not know the details of the design. As far as I know, it has been worked on
all the LATTICE and NS chips the designer could get hold to.

By the way, besides these two companies, are there other companies that
are still making GAL chips. I know SGS-Thomson used to make GAL's, but
they discontinued the production.

Thanks a lot for your thoughts.

Dan Lanciani

unread,
Feb 21, 1994, 12:31:28 AM2/21/94
to
In article <2k5tdq$1...@samba.oit.unc.edu>, Gan...@launchpad.unc.edu (Gang Li) writes:
| In article <2...@ddlgw.UUCP> d...@harvard.edu (Dan Lanciani) writes:
| >In article <2jun56$7...@samba.oit.unc.edu>, Gan...@launchpad.unc.edu (Gang Li) writes:
| >| I wonder if anyone would be interested in a GAL chip reader. This device
| >| can read the contents of a GAL chip even if the security cell is activated.
| >| It can read most (if not all) GAL chips of LATTICE and National Semiconductor.
| >
| >Did you solve the logical problem in general, or exploit some interesting
| >electrical property of the specific manufacturers' devices? It's obvious
|
| No, the device does not solve the logical problem in general. That
| actually is the beauty of this reader. It reads the original contents of
| the chips instead of deriving it. So it does not matter how complicated the
| logical expression can be.

It will be interesting to see if the release of such a device induces
the manufacturers to change their GAL design. Assuming your reader works
as you describe, I'd certainly call this a bug in the GAL. After all,
what's the point of a security bit if you can still directly read the
contents?

| I am not the designer of this reader, so I do
| not know the details of the design.

Perhaps you can get him/her to post a description. Don't worry about
keeping the design a secret--as soon as you ship one, the same (or
greater) level of reverse engineering pressure that you used against
the GALs will be applied to your magic box. :)

Dan Lanciani
ddl@harvard.*

Gang Li

unread,
Feb 21, 1994, 8:58:32 PM2/21/94
to
In article <2...@ddlgw.UUCP> d...@harvard.edu (Dan Lanciani) writes:
<In article <2k5tdq$1...@samba.oit.unc.edu>, Gan...@launchpad.unc.edu (Gang Li) writes:
<| In article <2...@ddlgw.UUCP> d...@harvard.edu (Dan Lanciani) writes:
<| >In article <2jun56$7...@samba.oit.unc.edu>, Gan...@launchpad.unc.edu (Gang Li) writes:
<| >| I wonder if anyone would be interested in a GAL chip reader. This device
<| >| can read the contents of a GAL chip even if the security cell is activated.
<| >Did you solve the logical problem in general, or exploit some interesting
<|
<| No, the device does not solve the logical problem in general. That
<| actually is the beauty of this reader. It reads the original contents of
<| the chips instead of deriving it. So it does not matter how complicated the
<
<It will be interesting to see if the release of such a device induces
<the manufacturers to change their GAL design. Assuming your reader works
<as you describe, I'd certainly call this a bug in the GAL. After all,
<what's the point of a security bit if you can still directly read the
<contents?
<

Agreed, I would like to see the manufacturers response as well.

<Perhaps you can get him/her to post a description. Don't worry about
<keeping the design a secret--as soon as you ship one, the same (or
<greater) level of reverse engineering pressure that you used against
<the GALs will be applied to your magic box. :)

Agreed again. I guess the minute I ship the first one out, there will be
no secret. Especially if the buyer is really interested in cracking it. But
neither I nor the designer has the intention to let the secret out before
that time, sorry.

gang
--
The opinions expressed are not necessarily those of the University of
North Carolina at Chapel Hill, the Campus Office for Information

tui hello ZZZZ

0 new messages