Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
46685.pdf (6.54 MB)
ETD Abstract Container
Abstract Header
Methods for Reverse Engineering of RTL Controllers from Look-Up Table Netlists
Author Info
Muthukumaran, Sundarakumar
ORCID® Identifier
http://orcid.org/0009-0001-2017-3406
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=ucin1692291113586542
Abstract Details
Year and Degree
2023, MS, University of Cincinnati, Engineering and Applied Science: Computer Engineering.
Abstract
The significant growth in the usage of modern Field Programmable Gate Arrays (FPGAs) can be ascribed to several significant attributes. First, FPGA designs have become simpler and the time-to-market has decreased, thanks to the accessibility of complete development tools, libraries, and IP cores. The expanding FPGA ecosystem and the ability to reprogram FPGAs have made them more accessible and adaptable to the changing industry needs. Second, compared to earlier generations, current FPGAs provide better performance, energy efficiency, and higher degrees of integration. Finally, fresh developments in the fields of Artificial Intelligence, Machine Learning, and IoT (Internet of Things) have boosted the need for adaptable and customized digital circuitry. Thus, it is necessary to enhance the security mechanisms on FPGA designs to combat the compromised FPGA bitstreams/malicious third-party IP blocks or to retrieve the golden designs. To counteract these threats, and to retrieve the lost legacy designs, Reverse engineering (RE) becomes a useful tool. FPGA reverse engineering is a complex process that takes bitstream from the memory of a device as input and outputs a human-readable description of that device. The steps involved in between these endpoints are Bitstream extraction, netlist recovery, and high-level netlist representation. The first step, Bitstream extraction involves retrieving the configuration data from an FPGA. The obtained configured bitstream file is then decoded to re-construct FPGA primitives like Look-Up-Tables (LUTs), Flip-Flops, etc. along with the logical routing connections between them. And this extraction describes the second step, netlist recovery and will be called LUT-level netlist in the rest of the thesis. Finally, high-level netlist representation is the process of understanding the overall functionality of the netlist representing it using Hardware Description Language at a higher abstraction level than the LUT-level netlist. This thesis presents a tool flow to extract Finite State Controllers (high-level netlist representation) by identifying control registers and progressively improving the accuracy of register classification in flattened LUT-level FPGA designs. The name of the tool is coined as CRET (Controller Reverse Engineering Tool) A controller consists of one or more Finite State Machines (FSMs) which manage the execution of datapath units. The proposed tool (CRET) flow has two phases. Phase 1 extracts the potential state registers. Phase 2 identifies the state registers and groups FSMs if there is more than one. The main goal of the proposed work is to improve the accuracy of control register identification. Three types of controllers used for experimental evaluation are standalone FSM designs with no datapath units, datapaths with a single FSM, and datapaths with multiple FSMs. Accuracy is observed to be in the range of 96% to 100% in controllers with multiple FSMs, 100% in controllers with a single FSM, and in standalone FSM controller designs. The average accuracy of control register detection over all the real-world designs considered is 98%. To verify the correctness a Verilog writer is used, and a high-level representation of FSM is obtained for the resultant registers after Phase-2. Equivalence Checking is performed on the extracted Verilog with the original design.
Committee
Ranganadha Vemuri, Ph.D. (Committee Chair)
Wen-Ben Jone, Ph.D. (Committee Member)
John Emmert, Ph.D. (Committee Member)
Pages
119 p.
Subject Headings
Computer Engineering
Keywords
FPGA
;
Reverse Engineering
;
Controllers
;
State Registers
;
Finite State Machine
;
Register Classification
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Muthukumaran, S. (2023).
Methods for Reverse Engineering of RTL Controllers from Look-Up Table Netlists
[Master's thesis, University of Cincinnati]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1692291113586542
APA Style (7th edition)
Muthukumaran, Sundarakumar.
Methods for Reverse Engineering of RTL Controllers from Look-Up Table Netlists.
2023. University of Cincinnati, Master's thesis.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=ucin1692291113586542.
MLA Style (8th edition)
Muthukumaran, Sundarakumar. "Methods for Reverse Engineering of RTL Controllers from Look-Up Table Netlists." Master's thesis, University of Cincinnati, 2023. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1692291113586542
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
ucin1692291113586542
Download Count:
83
Copyright Info
© 2023, some rights reserved.
Methods for Reverse Engineering of RTL Controllers from Look-Up Table Netlists by Sundarakumar Muthukumaran is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Based on a work at etd.ohiolink.edu.
This open access ETD is published by University of Cincinnati and OhioLINK.