數位電路的反向工程一直以來都是用於重建電路功能性相當有力的工具。而重建電路功能性可以有以下幾種應用:其一是可以幫助我們找出惡意電路(亦稱硬體木馬) ,其二是針對某些規格書已經佚失的舊有設計,我們可以利用反向工程的工具以便釐清其功能。據我們所知,反向工程大概是這些問題唯一的解決方案。在本研究中我們提出一個可以讓使用者從平坦化的閘級網路連線表擷取出功能模組的硬體反向工程演算法,而且不需要人工介入。提出方法使用了切割枚舉方法以及布林匹配技術以辨識我們感興趣的功能塊。更明確的說,我們推廣了現有的切割枚舉方法,讓它變成一個子電路枚舉方法,然後確認該子電路是否正好是預先定義好的巨集庫的一員。實驗結果顯示我們的方法無法擴展至含有數千個邏輯單元的電路,肇因於過大的計算複雜度。
Digital circuit reverse engineering has been a powerful tool for circuit functionality reconstruction, which can have several applications. On the one hand, understanding the circuit’s functionality helps us to find out malicious circuitry (a.k.a. hardware Torjan) inside the device under test (DUT). On the other hand, for some legacy designs whose specification is lost, we can use reverse engineering tool to clarify its functionality. To the best of our knowledge, reverse engineering (RE) is arguably the only solution to these problems. In this work we propose a hardware reverse engineering algorithm which enables a user to extract functional modules from a flattened gate-level netlist with no manual intervention. The proposed method utilizes a cut enumeration method together with Boolean matching technique to recognize functional blocks in which we are interested. More specifically, we extend the existing cut enumeration method to a subcircuit enumeration method, and then check whether the subcircuit happen to be a functional macro block of the predefined macro library. The experimental result shows that our method cannot scale up to circuits containing thousands of logic cells because the computational complexity is just quite high.