Forum Discussion

Altera_Forum's avatar
Altera_Forum
Icon for Honored Contributor rankHonored Contributor
16 years ago

Reverse engineering a Cyclone III system?

I have a design that runs on a Cyclone III Starter Board. This board uses active parallel configuration and an Intel 128P30-type parallel flash memory. In my design the flash also contains Nios II code. The Cyclone III is not an LS type.

My question is this: How likely is it that someone could reverse-engineer my FPGA design by reading the contents of the flash memory? I realize that the Nios code is not protected at all, but how hard would it be to understand the FPGA configuration? The configuration is moderately complex as it includes the Nios II, an SOPC system with many memories, and quite a bit of custom DSP logic.

Thanks in advance for any comments.

3 Replies

  • Altera_Forum's avatar
    Altera_Forum
    Icon for Honored Contributor rankHonored Contributor
    16 years ago

    I've seen scientific papers, that showed the principle feasibility of extracting netlist information from FPGA configuration bitstreams.

  • Altera_Forum's avatar
    Altera_Forum
    Icon for Honored Contributor rankHonored Contributor
    16 years ago

    i once did a test setting a single M4K/M9K to all 0s and then all 1s and did a diff on the resulting SOFs . the results were different enough that it looked too tedious to reverse engineer. i suppose its possible, but you'd think it would be faster to actually develop the IP yourself.

  • Altera_Forum's avatar
    Altera_Forum
    Icon for Honored Contributor rankHonored Contributor
    16 years ago

    Reverse engineering is always possible. The question in these cases is always how much resources, mostly time and money, are available to those that want to do the re.

    It is not easy. AFAIK there is no automated tool to convert from configuration bitstream to netlist for Altera devices. At least not widely available, but it is possible that specialized reverse engineering companies do have the technology.

    But even after getting a netlist, still a lot of work is required to make a high level reverse engineering. And this brings thepancake's point, that in many cases it is easier and faster to implement the same IP from scratch.