2026-06-20 –, Grand Salon Opera Language: English
From quite manual to semi-automated, these are targeting the conversion of pictures into a proper binary that can then be analyzed using the usual tools.
One issue that is reportedly described is the presence of scrambling within the memory array making converting the pictures to something sensical a task involving trial and errors that can lead in the worst case scenario to a project halt if the scrambling scheme is not trivial.
Furthermore, when encryption is used, there is no obvious option to try solving it. This is generally where fully invasive techniques become the method of choice, involving a much more equipped lab with an FIB and micro-probing station but also the need to analyze digital circuit and to potentially bypass counter-measures such as security shields for example.
This lecture aims at showing that ROM dumps including descrambling and decryption can be done using a fully analytical methods where pictures of all of the layers of the memory including control circuitry, row and column decoders can be converted into a HDL langage which make it possible to simulate the memory to retrieve its content independent of internal scrambling schemes. By extension, the description will be pushed to decryption circuitry which is another bloc of logic that can be modeled and simulated accurately.
The lecture will include demonstrations of the method using simple to professional setups so as to clearly outline their benefits and limitations.
The talk will start with the context introduction and a classification of the ROM dump feasibility and difficulty from non-encrypted, non-scrambled to fully encrypted and scrambled.
Then, the usual dump techniques will be reviewed quickly to introduce the proposed method which is generic to the various cases discussed previously.
The talk will include demos that are showing how the method can be accomplished using simple and affordable tools. A second demo will show how professional tools do the job in a blink of an eye. These two demos will be used to outline potential limitations and use cases.
As the method does not require expensive FIB, micro-probing station and other custom lab equipment, it will benefit to a wide range of Reverse-Engineer from “hobbyist” to “professional” of the sector.
Olivier’s 21 years of expertise in the silicon domain began at the helm of one of the world’s most elite Integrated Circuit (IC) Analysis Labs. Under his leadership, the facility focused on the dual mission of securing next-generation silicon and engineering robust countermeasures for current devices to neutralize piracy and counterfeiting threats.
During this tenure, Olivier pioneered numerous innovative techniques for semi- and fully-invasive IC analysis. His deep mastery of Failure Analysis (FA) methodologies and specialized laboratory equipment allows him to pinpoint and access vulnerable logic on even the most hardened target devices.
A pioneer in offensive hardware security, Olivier is redefining the limits of automated IC analysis. His methodologies transcend traditional low-complexity targets like smartcards, scaling effectively to modern System-on-Chips (SoCs) featuring millions of gates and advanced technology nodes.
Olivier is also the architect of ChipJuice, a cutting-edge software toolchain designed to efficiently recover hardware designs regardless of their architecture, technology node, or Standard Cell Library.
He is the co-founder and CTO at Texplained.