See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/237663829

Reverse engineering of real PCB level design using VERILOG HDL

Article  in  International Journal of Engineering Intelligent Systems for Electrical Engineering and Communications · June 2002

CITATIONS READS
9 893

3 authors, including:

Victor Gallardo
University of Houston
14 PUBLICATIONS   30 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Machine Leraning View project

All content following this page was uploaded by Victor Gallardo on 05 February 2015.

The user has requested enhancement of the downloaded file.

 Reverse Engineering of Real PCB Level Design
Using VERILOG HDL

Cris Koutsougeras+, Nikolaos Bourbakis++ and Victor J. Gallardo+ *

Tulane University+ Wright State University
Electrical Engineering & Computer Information Technology Research Institute
Science Department
1.- The piece parts, modules, IC’s, etc. Are out
of stock or have been superseded. Therefore it
Abstract is very hard to acquire them.

The repair or replacement of components nearing 2- Incomplete technical information or the

obsolescence and the lack of accuracy in technical technical information is not available.
information is a very common problem. Updating 3.- In particular cases the system technical
these systems is possible now with sophisticated information is not always updated after some
CAE tools and the Hardware Description modifications have been performed. The real
Languages. Here we consider the conversion system does not conform to the posted
process of a real board design from TTL technical information.
implementation to newer technology. This process is
performed through an Automatic Verilog HDL The legacy systems and the systems that are nearing
Model Generator, which includes an image analysis obsolescence should migrate toward the new
system, for component identification(integrated technologies for increase their life cycle. In areas
circuits) and their connections. On the basis of the such as medical, industrial, research and military
information obtained, the system is able to generate there exists a special interest in updating their
a circuit graph that corresponds to a primitive systems with present technology.
schematic circuit of the board. The circuit graph is The goal of this paper is to use image processing, to
translated to VERILOG HDL. The tests were obtain a description system functionality and convert
performed in Verilog XL simulator. Therefore the this description to Verilog XL as part of a migration
system is capable to reverse engineer a board level process toward new technology.
design performed with a nondestructive procedure.
The conversion of existing hardware to new
1. Introduction technologies has been targeted by the Motorola
The electronics systems technology is improving Computer Group [Crate 96]. They have performed
day by day. This natural development generates a the process based on the schematic circuit and using
big amount of systems that will become obsolete CAE tools to generate the equivalent system with
quickly. Those legacy systems are old but still new technology. Alta group of Cadence has
valuable. the main problems are: presented a methodology to move to system-on-chip
design from the system level[Usse 97]. These are
good examples of current approaches to system
conversion.

• The contact author is Dr. Koutsougeras at

Tulane Univ. Dept. EECS, New Orleans, LA 70118

1
 description requires tests and
adjustments. These tests will verify that
the original features have not been
modified and the new system actually
performs each of their original tasks. To
support this tendency for implementing
“system on chip”, the new technology
design is converted to a physical model.
The physical implementation can be
performed in FPGA technology.
Companies like Xilinx and Altera offer
powerful tools that easily map Verilog to
Table No. 1 shows the two general cases of FPGA. When the legacy system is large,
migration methodology. The standard some parts can not be mapped in a
conversion method is based on the FPGA, therefore they should be
references shown earlier. Table 1 also implemented in standard updated IC’s.
shows the differences of the two
approaches. The main difference between
the migration methodologies is the
inclusion of the new Reverse Engineering
(RE) process, which is performed with a
real board design avoiding the inaccuracy
in the new model. The traditional RE
method offers a complete technical data
package based on existing information
[DoD 87]. This process has well defined
steps, but requires a lot of time in
performing each one, and requires qualified
personnel [Trab 96]. The new RE idea
[Bour-91, Mog-93, Gat-97, Gall 98, Bour-
2yk], included in this work, reduces time Figure 1. Conversion methodology
and increases the accuracy through an
automatic and non-destructive method. An essential part of the legacy systems
conversion is the generation of technical
2. Conversion Methodology information. Converting the new design
The conversion methodology is based on an in EDIF format we can generate a
Automatic Verilog HDL Model Generator complete set of technical information
(AVMG), shown in Fig. 1. The AVMG (schematic, netlist, etc).
includes RE tasks to extract information We are assuming only single or double
from a real PCB with a better and practical sided boards but no waffer boards. To
methodology and minimum operator handle wafer type of boards, we would
intervention. need to additionally obtain X-ray images
The AVMG system generates the structural and process them in coordination with
description of the legacy system in optical images. To figure out spatial
Verilog HDL code. This structural relationships of wire paths we would have

2
 to have images from at least two different carried out. Then the shapes and their
positions (so as to get spatial perspective) connections are recognized.
and additionally solve image registration
• Graph generator
problems in order to automate the process.
In this work we have not extended to such This subsystem classifies the information
possibilities which could be the focus for and generates a primitive graph that
further work. represents the circuit elements and their
connections.
3. AVMG System Architecture • Links Generator

The general AVMG system is shown in The subsystem interprets and converts the
figure No. 2. primitive graph in a link list.
• HDL code generator
Image Lighting Generate code for Veriolog XL,
Acquisition System
converting from a real PCB to HDL
model.
Low Level
Image processing After the code is generated, it is necessary
to perform some tests in order to do
High Level Optical
Image Processing Character adjustments. The purpose of these
Recognition adjustments is to integrate the circuit
information and verify the system
Information Classifier functionality. Likewise, we can simulate
and generate its equivalent circuit,
Graph Generator
substituting the original and offering an
Logo and Number
equivalent with additional features in a
Translator to Links identification new technology format. The simulations
information code
are carried out in VERILOG XL. Many
Integrated
leading-edge electronic designers use
Verilog HDL
Code Circuit Verilog because it has great capabilities for
Generator Database gate level simulation and modeling at
higher levels of abstraction [Cade 94]. It is
already used by a lot of IC designers and
supported by most EDA, FPGA, and ASIC
Figure 2. Overall AVMG system vendors. It has over 20000 users and more
configuration than 90 products from 50 EDA vendors.
[David 93]. Considering these facts, our
work has been performed on Verilog. The
The system includes basically four systems: figure 3 shows the outputs files in each
• Image analysis model generator stage.
In this subsystem the PCB (Printed Circuit
Board) image is digitized through a
basic computer vision equipment. The
enhancement and segmentation are

3
 Part of this process is stated in figures
4a, 4b and 5a

Figure 3. Output representation of each

AVMG steps
3.1 Image Analysis System

The image is processed with traditional Figure 4a. Enhancing IC’s for identification
image processing techniques. The
image acquisition is carried out with a
basic vision system that includes a
video source and frame grabber card.
The images are stored in files with GIF
and PCX format. The resolution is 640
X 480 pixels. The Fig 4 shows an
image sample.

Fig 4b. IC’s identification and board

location
The connectivity interpretation is
performed with a modified non-referencial
method used on PCB inspection Fig 5.b.

Figure 4. Real PCB image

The preprocessing for image
improvement, the edge detection,
thresholding, image segmentation and
recognition are performed with
traditional image processing
Figure 5a. Image with IC’s identified
techniques. The image processing is
implemented on the C language,
Cantata and Khoros software. The
Structural methods (Matching Shape
number) [Gonz 92], are used in order
to identify and recognize IC’s shape.

4
 3.3 Graph translator to links (report
generation)
With the primitive graph completely defined, a
system report is generated. It is a list that
describes the overall connectivity of the system.
This is shown in figure 7.

Fig 5b. Link identified between B and C

IC’s
The number, type, family of each IC is provided by
an OCR system. In extreme identification problems Figure 7. Primitive Graph to Links
the OCR system is assisted by external
identification resources. The identification of each This report includes the links between each
IC with manufacturer codes permits to have a circuit element, specifying the starting pin and
preliminary idea of the general system functions. the ending pin. For example, in figure 7 there
is a link between pin number 1 of the
integrated circuit A and pin number 3 of the
integrated circuit B.

3.2 Circuit graph Link (A1, B3) means A1 → B3

The circuit graph represents a graphical Pin No. 1 of device A, goes to Pin No 3 of B
synthesis of the information extracted from the
PCB in the previous steps. It includes the basic The next link is between pin number 3 of the
information of the circuit, which is a IC ¨A¨ and pin 6 of the element ¨B¨ and so on.
representation of a real image. The internal
format upon which the graph is elaborated can 3.4 Translation to Verilog HDL
be transformed in GERBER format. Fig 6
shows an example of the graph obtained after model
the image processing.
The final part of AVMG is the translation of the
links report to Verilog HDL code. The
representation of legacy systems in the new
technology basically is done in this part.

Figure 6. Circuit Primitive Graph

Figure 8. Code Generation
The information related with the IC´s should
have a standard format for its interpretation. It

5
consists of ordering links information, TTL A complete links set is extracted from
libraries as well as the IC's data information. the circuit graph. It shows information
The information that corresponds to each one of
the IC's is provided by an external source.
of the internal connection between the
chips as well as the I/O connections.
The translation is divided in two parts:
These connections come from external
Structural representation which
circuits. They could be input, data
prepares the information required by
activation or output data.
the translator, and the Code generation
which is in itself the result of the
conversion process. The output code,
can be used as an input file and will be
understood by the VERILOG XL
interpreter. Having the final output,
Verilog can perform any simulation and
test. The AVMG is able to map from a
real system to an HDL system.
Nevertheless, special considerations
should be made about delay time. In the
code generation process the internal
delay of the IC’s is assigned. The delay Figure 9. Decoder 2/4 decoder
is assigned based on the standard of the The system graph is converted in a set of 14
logic family used. In the last part an links that represent the particular connections
internal time adjustment should be between the IC’s for this system.
performed. This is possible thanks to link!(0002,B012)
global variable controls of time link!(0001,B013)
simulation included in Verilog. link!(0002,B010)
link%(B011,0004)
link%(B008,0003)
4. Model example link%(B006,0005)
link%(B003,0006)
A simple two-four decoder unit built link!(0001,A001)
with TTL circuits is used to link!(0002,A003)
link*(A004,B001)
demonstrate this methodology. The link*(A002,B002)
image processing part has been carried link*(A002,B005)
link!(0002,B004)
out with the procedure stated earlier. link*(A004,B009
Image improvement, image description,
and image identification are the steps
which give the complete IC’s The symbols (*, !, %) included in the link
representation, indicate where the links come
information, their location and links.
from. Table 2 shows the link types and their
After the image processing part, two symbols.
IC’s and their connections have been
identified. The system decoder has a
couple of integrated circuits (74LS00
and 74LS04) which have been
Table No.2
identified by an OCR system. The
Link between Symbol
circuit’s equivalent graph is shown in IC - IC *
Fig 9. Input - IC !
IC - Output #

6
 alternate tools is necessary to convert it
The first section shows the information in EDIF format. The implementation
generated by the translator to HDL. It includes
the connection each IC pin and IC’s type there
trend is toward FPGA but it is not
are in the system. likely that all new model designs can be
implemented in FPGA.
******************************
// * CODE GENERATOR
// * FOR /****************************************
// * VERILOG XL // * Decoder 2/4
// * // * Test of external libraries
// ****************************** // * Library : LIB_LS00
// // * Chip's : 74LS00, 74LS04
// // *
// //***************************************/
// //
module decdos; module decdos(m0,m1,m2,m3);

reg O/I1,O/I2, reg [1:0] ent;

sal O/I6,O/I5,O/I3,O/I4,W1,W2, output m0, m1, m2, m3;
wire W1,W2, wire w0,w1,w2,w3;
`define
`define stim #100 ent = 2'b
LIB_LS7404 chip1 (O/I1,O/I2,,,,,W1,W2,,,,,) event final;
LIB_LS7400 chip2 (W2,W1,O/I2,W1,W2,O/IO/I6,O/I5,
O/I3,O/I4,O/I6,O/I5,O/I3,O/I4,) LIB_LS00 chip2 (w1,w0,ent[0],w0,w1,ent[1],ent[0],ent[1],m0,m1,m2,m3);
LIB_LS04 chip1 (ent[1],ent[0], , , , ,w0,w1, , , ,);
// START TEST
// START TEST
always #100
endmodule begin
$strobe ("time%d, ent[0]=%b, ent[0]=%b, %b, %b, %b,%b",
$time, ent[1], ent[0],m0, m1, m2, m3);
end

begin
After having obtained this information, repeat(2)
begin
a system test is performed based on a ent = 2'b00;
`stim 01;
standardized benchmark test criterion. `stim 10;
`stim 11;
In this case a test vector is applied to #200 ->final ;
end
input elements and the final results are end
$finish;

checked in the output elements. The endmodule

designation of I/O elements is based on

a heuristic criterion.
The Level simulation test involves good Other designs could use the TTL
experience on digital design and standard families with updated IC’s.
requires significant effort in order to Nevertheless, a hybrid combination of
find the adequate test vector for each both implementations is good
particular system. The effort will be alternative for some specific design
proportional with the circuit complexity sections.
and components number. Obviously if
the circuit complexity increases the
5. Future work
process time will be increased too. The
timing and structural differences are We are continuing these efforts to
factors affecting the complete increase the system’s conversion
conversion toward the new technology. power, in order to migrate any legacy
system with PLD and ASIC gate arrays
After the verification, the new model is
toward the new technology. Future
ready to be converted to a physical
work will extend to incorporate a better
design, in any implementation media.
image processing system, applying
For the new model documentation,
different techniques for image
verification and simulation with

7
description and connectivity
identification. We will improve the [Bour-91] N.Bourbakis and CV.Ramamoorthy,
Specs for the development of an expert tool for
system capabilities for two faced and the automatic visual understanding of electronic
wafers PCB’s. circuits: VLSI reverse engineering, IEEE Int.
Symp. on VLSI Test, NJ, April 1991, 98-103
6. Summary and Conclusion [Mog-93] A.Mogzadeh and N.Bourbakis,
Specs for the development of a 3-D visual
In this paper, we have shown that it is inspection /diagnosis system for damaged VLSI
possible to reverse engineer old boards: VLSI reverse engineering, SPIE Int.
systems, and convert them from legacy Conf. on Electronic Imaging, Feb. 1993, CA,
1907, 154-162
systems to new technology.
[Mogz-93] A.mogzadeh and N.Bourbakis, A
The systems with SSI, MSI, LSI and visual diagnosis expert system for PCBs :
VLSI components can be implemented Reverse Engineering, IEEE Int. Conf. on TAI,
completely or in parts on ASIC and MA, Nov.1993, 396-403
FPGA, due to the new design are [Bour-2YK] N.Bourbakis, C.Koutsougeras and
independent of any implementation S. Mertoguno, A knowledge based system for
visual reverse engr.: VLSI layout version,
media. IEEE T-SMC, Vol.32,2002
The migration process presented in this [Cade 94] Cadence Inc., Verilog XL
paper includes basically the following Reference Manual, March 1994
steps: [Gall 98] Victor J. Gallardo, Automatic HDL
Model Generator for PCB based on an image
• To get legacy system information analysis system Ph. D. Thesis, EECS Tulane
through a real image(AVMG). University, 1999
[Davi 93] Davidmann, Simon, Design
• To convert legacy system in a new verification problems and solution?
verilog structural Electronics Enginnering, pp s36,
representation(AVMG). October 1993
[Trab 96] M. T. Traband, F.W. Tillostson, J.D.
• To test and verification of the new Martin Reverse and Re-Engineering in DoD
design functionality . Organic Maintenance Community:Current
Status and Future
• Implementation in standard and Direction U.S. Navy LINC Repair
updated IC’s or in ASIC(FPGA). Technology Program
Technical Memorandum, File No. 96-
Timing is an inherent conversion 060, February 19, 1996
problem, which increase with the [DoD 87] Department of Defense U.S. Army
legacy system complexity. Reverse Engineering Handbook:MIL -
HDBK -115(ME) Washington, DC,
The conversion methodology stated can 1987
be used for: [Usse 97] Cary Ussery, Kathy McKinley,
Kathy Lang, Ed Komp, Woody
• Systems characterization. Larue HDL and Integrating System-
• Equivalent models' comparison. Level Simulation
Technologies Proceedings 1997 IEEE
• Rapid prototype International Verilog Conference
• Obtaining of equivalent circuits. March 31-April 3, 1997, pp 91 -- 97
• Design architecture Identification. [Crate 96] David Crate On the use of Verilog
• Replacement of aged (obsolete) digital IC’s HDL in the Conversion of existing
• New alternatives for hard-to-get IC’s Hardware Designs to Newer
Technology
IEEE Transactions on computer Aided
References

8
 Design of Proceedings 1996 IEEE
Int.
Verilog Conference February 26-29,
1996, pp 39 – 44
[Gat-97] J.Gattiker, S.Mertoguno and N.
Bourbakis, A multimedia based SPN
approach for reverse engineering of
digital circuits, Int.Journal KDIES,
vol.2,1997

View publication stats