Winner of Name that Ware September 2007!

November 3rd, 2007

Last month’s challenge was not necessarily to name a particular device, but rather to name the type of device that generates a class of audible interference. You can listen to the sound again if you need your memory jogged!

While many immediately recognized the sound as interference caused by a GSM or EDGE phone, Jered wins the prize for his very precise analysis of the root cause of the noise:

The reason for the buzz is the nature of time-division mulitple access (TDMA). In the US, we operate mobile phones at 850 Mhz and 1900 Mhz; in Europe, 900 Mhz and 1800 Mhz. Good so far; that’s not going to make noise that we can hear. TDMA fits more subscribers into the same bandwidth by assigning different terminals different timeslots (vs. CDMA, which uses black magic). These timeslots happen to be spaced 4.615 ms apart, yielding a signal envelope which looks a lot like a dirty 217 Hz square wave.

All sorts of things (like “wires”) are good at picking up a 217 Hz square wave at 0.5 W, and 217 Hz is conveniently smack dab in the middle of our auditory capabilities.

Congratulations Jered! Email me for your prize.

I thought this noise was noteworthy because a surprising number of people do not realize where it is coming from. I’ve often heard this noise on conference calls, and its fairly obvious that some participants don’t understand that their cell phone is causing this interference. The thing that befuddles most is the range at which this interference can occur: their phone could be well across the table, yet with the proper antenna orientation, the noise is loud and clear. Often times, the problem can be ameliorated simply by rotating the phone by about ninety degrees.

What disturbs me about this noise is that it’s a prominent reminder of exactly how powerful this RF transmitter is that I happily stick next to my cerebral cortex and my gonads on a daily basis. 0.5 watts is not a trivial amount of power! And of course, Bluetooth hands-free sets are not much better. Granted the power is lower, but Bluetooth operates at 2.5 GHz — and it’s no mistake that microwave ovens also run at that frequency, as it is absorbed particularly well by the water that makes up 60% of our mass.

While there is no conclusive evidence that cell phones cause any sort of biological harm, there is precedent for entire societies that have fallen victim to the myopic use of technology to better life. For example, even a child can tell you today that lead causes poisoning and brain damage…and so we remark at the Roman’s folly: “Gosh, what idiots! They sweetened their wine with lead and used lead pipe to deliver drinking water. Duh, of course the Roman empire collapsed.”

I often wonder if a millennium from now, people will read about us as we do about the Romans. “Gosh, what idiots. They stuck half a watt of radiation on their heads every day for decades at a time. No wonder they all died of debilitating brain disease.” Or, my other favorite is, “Gosh, what idiots! The made their clothes, cars, and even utensils out of plastics. Everyone knows that plastics outgas damaging free radicals. No wonder they all died of cancer”…and in the end, the meek did inherit the Earth.

Then again…there is no conclusive evidence that anything we do really causes that much damage. We’ve learned from the Romans and gotten more clever, and we use “model” organisms and sophisticated extrapolation mechanisms. But then again, those are just models, and there’s no such thing as accelerated lifetime testing on a real human being…and as any engineer knows who has done a lot of reliability testing, there’s always that one corner case that gets through (e.g., the Xbox360 Red Ring of Death). So with enough new technology entering our lives, the chance that we’ll encounter unforeseen consequences goes up and up. You and me — we’re the ultimate guinea pigs in this grand experiment with technology!

Posted in Hacking, Ponderings | 5 Comments »

New Chip Hacker Blog

November 1st, 2007

Flylogic Engineering now has an interesting blog up on chip hacking! If you liked the posts on my blog about chip hacking, you may very much enjoy the postings at Flylogic. They’ve actually got a very nice piece up on the PIC18F1320 which reveals new findings about a device that I have some prior familiarity with. I’m looking forward to reading part II of their series!

Posted in Hacking | 6 Comments »

(Well Executed) Counterfeit Chips

October 17th, 2007

Below are two chip specimen, purchased from an Asian source, that were recently called to my attention. I borrowed them to write this blog post.

The chips claim to be ST19CF68’s, a “CMOS MCU Based Safeguard Smartcard I/O with Modular Arithmetic Processor”. It seems these chips are normally sold in smart-card or diced wafer format, but curiously, these are SOIC-20 packaged devices.

The top chip in the pair has its epoxy top dissolved, and this is what it contains:

Kind of a small die for such a complex MCU, especially in smartcard technology, where process geometries generally trail the mainstream by about 3 or 4 generations…and why are there 20 bondable pads on what should be an 8-pad part?

Zooming in a bit on the die, we find some interesting details:

Well, this chip isn’t made by ST…it’s made by Fairchild Semiconductor (FSC). No bueno.

And in fact, the die within is a Fairchild 74LCX244 “Low Voltage Buffer/Line Driver with 5V Tolerant Inputs and Outputs”, a much cheaper piece of silicon than the reputed ST19CF68 that the package was marked to contain.

Perhaps the most interesting thing about these specimen is the quality of the package and the markings:

Normally, remarked chips are pretty cheesy: they are sanded, painted over, or ground down before being marked, typically with just a silkscreen; rarely do you see a laser used to do the remarking.

These chips show no evidence of any kind of remarking per se. These are original markings — someone acquired blanks of the 74LCX244 chip, and programmed a production laser engraver to put a high-quality fake marking on an otherwise virgin package. I, too, would have been fooled by this up until the chip was decapsulated and examined under a microscope.

This leaves a lot of questions unanswered. How was someone able to acquire unmarked Fairchild silicon? Was it an insider, or was Fairchild sloppy and throwing away unmarked rejects without grinding them up or clipping off leads so they can’t be dumpster-dived and resold? The laser marking machine used isn’t one of the cheap desktop engravers either — the marks are done with a high-power raster engraver, and the engraving artwork is spot-on.

Then again, I shouldn’t be so surprised…I’ve seen brazen remarking of DIMMs in Saige market (Kingston seems to be a popular target for fakes), and many of the counterfeiters openly display their arsenal of professional-quality thermal transfer label printers and hologram stickers at their disposal.

If fakes of this quality become more common, this could present a problem for the supply chain. Clearly, whoever did this, can fake just about any chip they want, and they are gradually finding their way into the US market. Resellers, especially distributors that specialize in buying excess manufacturer inventory, implicitly trust the markings on a chip. I don’t think chip makers will go so far as to put anti-counterfeiting measures on chip markings, but this is definitely something that makes me wary.

Posted in Hacking, Made in China, Ponderings | 32 Comments »

Name that Ware September 2007

October 8th, 2007

The ware for this month is actually not a picture. It is a sound clip.

Click on this link to download and listen to the clip.

Many may recognize this sound, but I think few actually know what makes this sound. I’ve heard it in many contexts, but I was convinced to make this a contest candidate when I heard it in a radio recording of General Petraeus’ progress report to congress on NPR (you can hear it just barely in one of the sound clips on this page, under Audio Highlights, “Crocker warns against…”). I’m sure the recording engineer wasn’t too pleased when choice soundbites had this playing in the background.

The challenge this month is to name the type of ware and the phenomenon that generates this sound.

Posted in Hacking | 19 Comments »

Winner of Name that Ware August 2007!

October 8th, 2007

The Ware for August 2007 is a die shot of the EEPROM memory area from an MF RC530 ISO 14443A Reader IC by NXP. The MF RC530 is one of the RFID readers IC that can be used in the MIFARE system, and it employs the CRYPTO-1 protocol. This EEPROM memory is part of a secure memory region that contains the keys used by the CRYPTO-1 protocol. One question I am still puzzling over is the location of the CRYPTO-1 implementation on this die. CRYPTO-1 is a proprietary cipher, and some friends of mine were curious as to the algorithm–so I contacted Flylogic and we popped the top of the MF RC530 to have a look around. My original opinion was that the array of gates immediately below the EEPROM was the CRYPTO-1 cipher. However, tracing the wires in and out of the block seem to disagree with this functionality, and instead it looks more appropriate as the programming and sequencing logic for the EEPROM. There is a microcode ROM on this chip as well, so quite possibly the cipher is implemented using part of the microcode ROM, or it is implemented using random, compiled logic.

Several readers correctly guessed the capacity of the memory array at 4kbits, although many were unclear as to what kind of array it was–some guessed DRAM, others SRAM, others a PLA. Actually, all of these are pretty good guesses. The clue that makes me think this is an EEPROM (or FLASH) array is the charge pumps on the right hand side. The large capacitors are used in a set of voltage doublers to create the high voltage necessary to erase and program the floating gates of the EEPROM memory devices. The high voltages are unique, at least in today’s modern processes, to FLASH and EEPROM devices. Christian Vogel basically nailed this analysis, so he is the winner. Congratulations, email me for your prize!

Posted in Hacking | 1 Comment »

« Older Entries
Newer Entries »