ABSTRACT
This poster presents an in-depth analysis of the Xilinx bitstream file format. This theoretical analysis is backed by a simple and efficient implementation of a reverse-engineering tool for Xilinx bitstreams. The development process followed these lines. First, publicly available documentation from Xilinx has been analyzed; then some custom assumptions about the bitstream format have been made. This information allowed a suitable algorithm to be run on well-chosen bitstreams. The output from this automated analysis step is a database which relates raw bitstream data to low-level netlist elements. This database is subsequently used as input to an efficient bitstream compiler which can either generate a bitstream from a low-level (XDL) description of the netlist, or conversely decompile any given bitstream to its low-level netlist elements. This work has been validated for the spartan3, virtex2, virtex4 and virtex5 FPGA lines from Xilinx. Decompiling a bitstream is very fast; it is two orders of magnitude faster than the reverse operation of compilation with Xilinx' bitgen. This work aims to raise awareness about security issues for users of FPGAs. It also makes custom compilation and low-level tinkering with bitstreams - à la JBits - possible
Index Terms
- From the bitstream to the netlist
Recommendations
A Bitstream Reverse Engineering Tool for FPGA Hardware Trojan Detection
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecuritySince FPGAs are field-programmable and reconfigurable integrated circuits, there are many security concerns that malicious functions like hardware Trojans can be infiltrated into circuits not only in development stages but also in deployment stages -- ...
Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering
FPGA '13: Proceedings of the ACM/SIGDA international symposium on Field programmable gate arraysIn order to protect FPGA designs against IP theft and related issues such as product cloning, all major FPGA manufacturers offer a mechanism to encrypt the bitstream used to configure the FPGA. From a mathematical point of view, the employed encryption ...
On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityOver the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, ...
Comments