Reverse engineering

[T]

Hello,
I want to make the shematics of many PCB boards, its my first experience
(Component Sides:2, PCB Complexity: simple, medium and hard), i wanna
know if anny one published a guide about that, or if anny site web exist
to minimise the work time.
regards.

 

[Spehro Pefhany]

On Sat, 25 Sep 2004 14:36:54 GMT, the renowned "Tweetldee"
<masondg4499@comcast99.net> wrote:

Well, the process seems fairly simple for low to medium density boards, and
no more than 2 layers. Mark each component with a label of some sort
(adhesive label/magic marker). Make a photo of both sides and markup the
photo. Then start at one end of the board and draw each trace, making sure
that you draw it to every component that it connects to. As you progress,
mark off each trace that you have drawn out. Repeat until all traces have
been drawn and all components are accounted for on your drawing.

Kind of a PITA though around large parts with a lot of traces and vias
underneath them. With 0.1" DIP parts and fairly high density
placement, *most* of the routing is probably under the parts if
<=10mil design rules are used.

High density boards are just too tedious for a human to reverse engineer,
and more than 2 layers is impossible to reverse engineer without a
resistance measurement from each node to every other node on the board.
Think "bed of nails" and "computer control" for this exercise.

Four layer boards with no blind vias are probably not too difficult,
assuming more-or-less simple power planes internally. Especially if a
blank board can be used.

Best regards,
Spehro Pefhany
--
"it's the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com

 

[John Fields]

On Sat, 25 Sep 2004 13:18:53 +0200, T <bcbmasm@hotmail.com> wrote:

Hello,
I want to make the shematics of many PCB boards, its my first experience
(Component Sides:2, PCB Complexity: simple, medium and hard), i wanna
know if anny one published a guide about that, or if anny site web exist
to minimise the work time.

---
Why do you want to do this for _many_ PCBs?

--
John Fields

 

[T]

Why do you want to do this for _many_ PCBs?

I'm an electronic engineer (France, i think that i will leave this
damned coutry soon ...), I dont find annother job except this one!

Working on pictures to place component seems to be a good idea since i'm
using a shematic software.

I need methodology to do that, something like an algorithm. So if i've
the PCB :
1-Start placing components
2-Speparating the PCB to different blocs (Power, IC, ...) to make the
result meaningful.
3-Start testing connexions.
4-Drawing these connexions on the schematic.

Can anny one help me to develop more these 4 points ?

Regards.

 

[James Meyer]

On Sat, 25 Sep 2004 14:56:24 GMT, Spehro Pefhany

Four layer boards with no blind vias are probably not too difficult,
assuming more-or-less simple power planes internally. Especially if a
blank board can be used.

Best regards,
Spehro Pefhany

Or you could make friends with a local dentist and X-ray the board for
additional clues to circuit traces.

Jim

 

[CBarn24050]

Well, the process seems fairly simple for low to medium density boards, and
no more than 2 layers. Mark each component with a label of some sort
(adhesive label/magic marker). Make a photo of both sides and markup the
photo. Then start at one end of the board and draw each trace, making sure
that you draw it to every component that it connects to. As you progress,
mark off each trace that you have drawn out. Repeat until all traces have
been drawn and all components are accounted for on your drawing.

Tracing traces visualy is very error prone, and of course it doesn't work for
multi layer. Here's how I do it. Trasfer the mechanical layout to a pcb design
program, or take lots of photos if you havent got one. remove all the componets
from the board and clean it up. Trace out the netlist with a meter and trasfer
to the pcb program or other cad program or paper.You can now draw out the
circuit, at least in theory.

 

[T]

CBarn24050 a écrit :

Well, the process seems fairly simple for low to medium density boards, and
no more than 2 layers. Mark each component with a label of some sort
(adhesive label/magic marker). Make a photo of both sides and markup the
photo. Then start at one end of the board and draw each trace, making sure
that you draw it to every component that it connects to. As you progress,
mark off each trace that you have drawn out. Repeat until all traces have
been drawn and all components are accounted for on your drawing.


Tracing traces visualy is very error prone, and of course it doesn't work for
multi layer. Here's how I do it. Trasfer the mechanical layout to a pcb design
program, or take lots of photos if you havent got one. remove all the componets
from the board and clean it up. Trace out the netlist with a meter and trasfer
to the pcb program or other cad program or paper.You can now draw out the
circuit, at least in theory.
Hello,

I admit not understand what you wrote :
"Tracing traces visualy is very error prone"
tracing visualy is impossibe, i agree.

"Trasfer the mechanical layout to a pcb design program"
How can you make it possible ?

"remove all the componets from the board and clean it up"
From the pictures taken or from the pcb itself ? I cant remove
components from these pcbs!

"Trace out the netlist with a meter and trasfer to the pcb program or
other cad program or paper"
I still dont understand the usefulness of the photos in this case, can
you explain more pelase ?

Regards.

 

[legg]

On Sun, 26 Sep 2004 01:10:22 +0200, T <bcbmasm@hotmail.com> wrote:

"Tracing traces visualy is very error prone"
tracing visualy is impossibe, i agree.

He didn't say it was impossible.

"remove all the componets from the board and clean it up"
From the pictures taken or from the pcb itself ? I cant remove
components from these pcbs!

If you're serious, then you will need a sample that you can
destroy/disassemble.

Otherwise, treat it as a black box and fill it with your own
circuitry.

No Regards

RL

 

[Guy Macon]

T <bcbmasm@hotmail.com> says...

I'm serious and i'm not joking when asked for the "methodology". I'm not
asking for electronics basics or how to make something working or asking
other to make the job in my place, i tried to find the answer on the net
but i didn't find anny thing constructive. I'm just asking pepople who
have experience with reverse engineering (Reading your post, I think you
need more then experience), and what can they do to economize their time.

If you can, get two boards to start with and unsolder all of the parts
from one of them (for BGAs and such you can heat the entire board
until all the solder melts and all the parts fall off).

Get a light table so that you can see through the board. A ground
plane makes this not work, but it usually helps.

Start by finding ground. Get a fine paint brush an make all of the
grounds (as found by your meter) black.

Repeat with red for VCC. and other colors for any other supplies
(+15,-15...). Also mark anything else that goes to many parts,
such a clock or a data bus.

Now get data sheets on every part, and draw the schematic of each
part on post-it-notes. Use the big ones in white, not yellow, and
cut them down so that they are 90% sticky on the back. Repeat for
resistors, capacitors, etc. Put them all on a whiteboard. Do *not*
do this with a CAD program. None of them are as suitable as a
whiteboard and post-it notes for this sort of work.

Start figuring out what connects to what. Use a combination of
following the traces by eye and using a meter. Make sure your
meter beeps on a short *with no delay* - get a better meter if
it doesn't.

Use your knowledge of electronics. If you see an opamp,
figure out where the negative resistance is. If you see an
LED, figure out where the resistor is and what drives it.

As you figure out more and more, feel free to move parts and
redraw lines, and don't be shy about double-checking a node for
errors.

BTW, If you want to make a board hard to reverse-engineer, put
the power and ground planes on the outside layers, and remove
all of the printing on the ICs.

--
Guy Macon <http://www.guymacon.com>

 

[John Woodgate]

I read in sci.electronics.design that Guy Macon <http@?.guymacon.com>
wrote (in <10lcvh7t3b7h193@news.supernews.com&gt about 'Reverse
engineering', on Sun, 26 Sep 2004:

If you see an opamp, figure out
where the negative resistance is.

Huh?
--
Regards, John Woodgate, OOO - Own Opinions Only.
The good news is that nothing is compulsory.
The bad news is that everything is prohibited.
http://www.jmwa.demon.co.uk Also see http://www.isce.org.uk

 

[legg]

On Sun, 26 Sep 2004 09:05:20 +0200, T <bcbmasm@hotmail.com> wrote:

He didn't say it was impossible.
"Tracing traces visualy is very error prone, and of course it doesn't
work for multi layer"
The purpose is not reproduce a perfect imitation of the original board,
but just a way to learn more about its functioning.

If you're serious,
I'm serious and i'm not joking when asked for the "methodology". I'm not
asking for electronics basics or how to make something working or asking
other to make the job in my place, i tried to find the answer on the net
but i didn't find anny thing constructive. I'm just asking pepople who
have experience with reverse engineering (Reading your post, I think you
need more then experience), and what can they do to economize their time.

then you will need a sample that you can destroy/disassemble.
With too many surface mounted components!

Otherwise, treat it as a black box and fill it with your own
circuitry.

:')

No Regards
I desire to say "RETARDED", hum, i will try to be nice ... have a nice day.

It seems to me that I've wasted too much of the last twenty years
dealing with the after-effects of misapplied technique, poorly tested
electronic design and bungled fabrication.

Only the last ten years has included designs that supposedly
benefitted from electronic net-listing in their documentation. You'd
be surprised how often this crutch is expected to offset plain
laziness and inattention.

My usual method is to research the original source application, to
find out where errors were introduced. This can mean generating
schematics, using pencil and paper, from a smoking pile of crud, but
most often it's a matter of studying the 'perfect' documentation and
hardware for errors, or examining malfunction to find the root cause
in a working sample.

Most of the constructive responses to your original enquiry point out
the need to work with a bare board, if continuity checks are to be
unambiguously obtained, and all tracking is to be viewed, particularly
in higher density work ie " many surface mount components". Like
cross-word puzzles, you'd get better at this with time, if you
persisted. I often do this with simpler pieces of scrap, but only to
assist in figuring out what they were originally supposed to do, or
what they can be made to do now.

None has pointed out that in most critical applications, a simple
visual or point-to-point reconstruction can not guarantee function. In
those applications, construction, part placement and material type are
not obvious. More recently, the firmware and embedded structures are,
perhaps intentionally, difficult to extract. The day of the discrete
is rapidly drawing to an end.

In some instances, you may be proliferating somebody elses errors,
without knowing what they are, even in an accurate representation. A
design doesn't have to be perfect to sell; nor does it have to be
faulty to be junked. A lot of designs are highly derivative, even
though their application may be unique.

You'd be better off studying specific circuits and systems, with an
eye open to the general construction techniques viable in hardware
specific to your field of interest, than using one-off board designs
as any kind of a reference. If your aim is simply self-education, then
complete accuracy is hardly important, and the term reverse
engineering may not apply.

Say what you want: it's just water on the back of THIS little black
duck.

RL