View Full Version : Reading a ROM Off of a Circuit Board
I guess I don't really know all that much about circuitry. I was curious to know if it is possible to take a piece of electronics that has a ROM on its circuit board (say an old LCD game or a digital camera) and read it out as binary data. If that's not possible, why is that?
10-27-2011, 09:56 PM
In general, no.
1) Most LCD games probably don't have a CPU but instead implement the game logic in hardware, so the only ROM will be lookup tables which are only relevant to the hardware implementation. Ones that do probably use 4-bit microcontrollers typically found in old industrial/watch/calculator applications, most of which are custom and unemulated.
2) Either way, the ROM will be packaged with the game hardware on the same silicon die, then likely encased/bonded to the board with epoxy. The only way to emulate such a thing would be to:
-remove the epoxy exposing the die
-clean and dope and remove the layers and repeat in order to take pictures of the circuit under an electron microscope
-stitch together the pictures and try to discover all of the (thousands to hundreds of thousands of) transistors
-determine their wiring to determine logic gates, and put the logic gates together to understand various symbolic components and their operation
-develop an emulator for the hardware...
-painstakingly manually read out the ROM visually so you have something to run in the emulator
As for a digital camera, it may have some ROM (most likely serial flash) which can be read by 1) physically desoldering the IC and reading it with a device programmer or 2) snooping the IC's bus to log the data being read and reconstruct it, though that may not get you a complete dump. It is unlikely much could be determined from doing such a thing because digital cameras will likely have a CPU core integrated on their main ASIC (custom chip) along with ROM containing part or all of the program. At the very least the ASIC will have the initial program load code in ROM to facilitate firmware upgrades, meaning you may have to resort to the same steps as a LCD game in order to fully understand the hardware. Or maybe code can be found in the flash, the CPU can be determined and a clever hacker can figure out the hardware by disassembling the program. The chances of someone completely understanding a system without decapsulating chips is slim to none however.
The only sure way you can read a ROM off a circuit board is for it to be a discrete integrated circuit which you can identify, desolder it and read it out with a programmer (may require custom hardware and custom reading algorithm). Dumping ROMs in-system is possible through two ways: the first is again to snoop the bus, the second is to overpower the bus which may risk damage to surrounding circuits or the ROM itself and almost always requires custom hardware and software to carry out the operation.
Cool, thanks for the information :)
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.