REVERSE ENGINEERING (DECODE THE CIRCUIT FROM CIRCUIT BOARD)

Reverse engineering can be like looking at a piece of blank at first. The more you
do not know where to start understanding the circuit. In this section, I will briefly
go through the process of how a circuit board can be reverse engineered in a
sequential process.Circuits can looks like an art where almost every circuit
seems so different. The truth is that many circuits are very similar in nature. There
is a pattern that you can find in every circuit. Recognizing these patterns is
important. The more pattern you know, the faster you are about to decode the
circuit. First important concept that we can start with, is to know that there is a
standard circuits in many of the design. Whenever we trace out the component
connection, we will try to match these patterns that we are able to recognizing.
Why Reverse Engineering?
- to learn how things work.
- to do something new or unique.
- test hardware's specification, security and weaknesses.
- better control of the system.
- identify design failure, weak components due to current, voltage or heat.
- identify how product can be improved.
Method of hacking and doing reverse engineering
- information gathering
- trace hardware components and connection
- firmware reverse engineering
- external interface analysis
- silicon die analysis (reverse engineering at microscopic level)
- communication monitoring, protocol decoding, Serial, USB, Ethernet, I2C, SPI,
CAN using oscilloscope, logic analyzer, sniffers, software tools, etc.
RECOGNIZING COMPONENTS: The most basic thing you need to recognize is the

electronic components that you see on the circuit board. The resistor component
alone can come with many sizes, shapes, and color. It is important to recognize
them, and understand their differences in characteristic. First thing first, ensure you
can recognize each and every component on the circuit. Knowing their names and
how they are classified can helps you speed up the time needed to identify them.
Identify as much components as you can. Resistor, Capacitor, Inductor, IC chips,

fuse, diode, transistors, connectors, PCB board, etc...Nowadays, modern circuit

board uses more IC chips than passive components. All IC chip looks the same
black encapsulation with various shape and size. The important thing is to examine
the number that is printed on the chip itself. Without it, you will need more brain
power and experience to decode the board. With the lettering on the IC chip, you
can search for their datasheet on the internet. Recognizing the components is
only the first step. Identifying component itself already requires a lot of experience
and effort.
STEP 1: Take a photo of the circuit board (top and bottom), and start to assign a

reference designator (label numbering) for each of the components. Do the

component parts labeling on the photo of the circuit board (PCB).For example, all
resistor can have prefix R1, R2, R3, R... R46, capacitors C1, C2, C3, C... C56.
STEP 2: Copy another PCB bottom and extract only the trace or copper area. Flip

the PCB bottom, and size it to be the same size as the top. The PCB bottom trace
adjusts the Red & Blue by 50%, so that the trace color can be differentiated from
the top PCB trace. Overlay the PCB top over the PCB bottom. Adjust the
transparency of the PCB top to
60%. This overlay can help you trace the
connection without flipping
the circuit board physically.
STEP 3: Build a schematic, laying out the component parts base on those on the

board according to the list.

STEP 4: Trace out the connection on the circuit board onto the schematic that you

are building.
STEP 5: Matching component's connection forming the typical circuits layout that

was used. Arrange the connected components in their typical function

configuration layout.
For example the connection may represent a typical
- transistor switch configuration
- input switch and pull-up resistor
- voltage regulator
- amplifier
- output
- etc...

MAPPING OUT THE TRACES

It is to map out how the components that you have identified earlier are connected.
Component by component, we map out all the connection (known as traces).Before
starting the tracing process, it is important to recognize the PCB board type. I
classify them as single layer, double layer and multilayer board. The simplest
board is the single sided PCB where one side of the board is consists of only the
PCB trace routing, while the other side is the electronic components. Typically
consist of mostly through holes components. Fairly simple to trace out the
connection. The second type is a double layered PCB board where traces can be
found at both side of the board. Most of the time, through hole components are
found on one side of the board while the surface mount component is found on the
other side. Very often, traces are routed below through hole components and IC
chip. This makes it impossible to trace out the connection using only our vision.
Multi-meter's function "continuity" is required to aid us to identify a connection
(sometimes also known as the continuity tester). Basically is will buzz when the
probes touch two points which is connected by a trace Do keep this in mind during
the probing process. Using visual and the continuity features together should help
minimize mistake. Components that you typically need to take note is, sense
resistor (usually bigger in size than the rest of the resistor), inductors, transformer,
coil and any external connection or wiring to the board. Another common mistake
is to probe the circuit without switching off the power supply. Ensure that all
connection to the board are disconnected before tracing for
connection. Draw
out the components position, and how they are connected. Taking a picture of the
circuit helps you to trace easier. Sometimes I will superimpose the routed trace
with the components in order to see the connection better. Label all the
components, and name the trace once you are able to identify its function. Power
supply traces are the simplest to start with. This is because we usually know where
the power line is connected to the circuit. From there we can trace out where the
power line goes to. From the power line, we will be able to trace out the next stage
which is typically the voltage regulators. For an AC power line, usually a rectifier
can be located a before it reaches the voltageregulator. Studying the datasheet of
the IC chip on board can also help you to recognize connection. Arrange the
component symbol into the standard stamp circuit configuration that you can
recognize. Common standard circuit like input circuit, pull up, driver circuit using

transistor, relay circuits, voltage regulator, etc... Can easily be recognized. Draw
them out in a format that helps you to recognize the circuit module functionality.
The process is complex, and it is a never ending topic on reverse engineering. The
more you reverse engineer the more you will learn and improve your techniques,
finding new ways to decode and learn how other circuits are designed.