return to table of content

Show HN: Reverse-Engineering a Switch Lite with 1,917 wires

TheJoeMan
21 replies
1d2h

I don’t have any direct experience to suggest, but for your funding model you seem to be mostly concerned that you wouldn’t make much money after releasing the work due to piracy. Perhaps you could consider the crowdfunding model instead, collect the money first! It also has the benefit of implicit voting for most-wanted projects.

This model would be similar to the notorious Denuvo DRM cracker Empress, who is essentially the only person who can break this gaming anticheat. https://en.m.wikipedia.org/wiki/Empress_(cracker) . I will warn they have quite some drama about them, but the financials seem to be working.

I would also consider what your work could be useful for / value proposition for others. The trimmed-down Wii consoles come to mind. Perhaps a small group of people would heavily value a netlist of their favorite circuit that they could recreate even smaller with more layers/modern techniques.

chx
18 replies
1d1h

I strongly suspect a lot of people who could crack Denuvo simply do not want to.

We've grown up. We got solid, well paying developer jobs. I do not want to even risk violating some law. It's been a hoot 1987-2004 but I have not opened IDA in two decades. That book is closed. I doubt I am alone.

Once... so long ago... I could disassemble Z80 in my head. Today? C9 was RET. The rest I forgot.

fnordpiglet
7 replies
1d1h

The nature of life is as you age others are born. While your soul may have been crushed by the years, new smart but foolish ones have arisen to hack what you leave unhacked.

krater23
5 replies
19h27m

Show me the young people that know how to work with IDA or Ghidra. The way to use tools like this without ever written assembly is way harder than the way we had 10 years ago. They found other things to hack, things where we don't know anything about.

rasz
0 replies
19h1m

There has never been a time in history of this planet with more people possessing those capabilities.

nikanj
0 replies
11h6m

The team that won Disobey’s CTF this year was very young. I don’t have a perfect eye for age, but I’d say the average age for the large group was around 20-25

fnordpiglet
0 replies
19h10m

It might seem that way but a few observations. The number of people in total hacking away is much much larger now. So the absolute numbers are probably similar or more, while in relative terms you’re probably right. But my observation with a young hacker in the house is there’s a lot of appreciation for how the machine really works amongst many kids. The high level glossy stuff doesn’t appeal as much as ripping the cover off and poking memory locations. I think this shows up in the amazing prevalence of electronics hacking these days, low power computing, etc. This is the best time to be a hacker, the tools at all levels are amazing. But real nerds like you and I are just as rare as ever, and can’t resist ripping the lids off.

HeWhoLurksLate
0 replies
14h51m

I used Ghidra while I was in school to crack a copy of a CAD program- took forever but was totally worth it

tamimio
0 replies
23h53m

Sounds pretty much accurate.

metalcrow
2 replies
17h35m

Even ignoring the legal stuff (which a lot of hackers don't care about), Denuvo is an unbelievably pain in the ass to crack. It's kinda unique per game, so you have to redo a lot of work every time, and your reward for like 6 months of your life is the newest Madden. Most games get Denuvo removed anyway in future patches since it costs money annually to license it, so why bother.

troad
0 replies
14h40m

This is the correct answer. Denuvo isn't hard to crack in any exciting engineering sense, it's just incredibly tedious. With the amount of time required, anyone with those skills would be better off just getting a white hat security gig for a stable paycheck, and buying the game.

chx
0 replies
17h6m

which a lot of hackers don't care about

Well, yeah, there was a time for that.

But, I can guess I can openly say this twenty years later, I was helping out one of the admins of the one of the largest warez sites in Central Europe and when that was raided (Operation Fastlink) -- police only found the proxies and couldn't find the owner so no one ever got indicted over this site -- I had a little chat with myself and, as I said above, closed that chapter of my life.

That server was really something else: imagine a normal mid tower chassis PC of the era but stuffed with IDE cards and next to it several piles of hard drives separated by little pieces of wood so they didn't overheat from touching. By the end, if memory serves, it was multiple terabytes.

ckocagil
1 replies
1d

Also games became very affordable compared to the time period you mentioned. The number of games worth playing were much, much fewer. Not to mention the F2P or even open source games we have now.

chx
0 replies
23h53m

Well yes Diablo 2 was $50 when released http://web.archive.org/web/20000815052708/http://www.gamesto... which would be like $90 today adjusted for inflation. Diablo IV is $70 and people were raging how expensive that is. And Last Epoch is $35 and it seems like more fun than D IV. And of course Path Of Exile is free to play but you need to consider the price of a math degree totes required for that thing :D https://www.reddit.com/r/pathofexile/comments/wydq91/my_frie... And before someone posts the obligatory "Still sane, Exile?" I would like point out two things: a) I do have a math degree b) my Last Epoch Falconer is called TrappedInWraeclast. Sanity left the building, long ago :D

KennyBlanken
1 replies
9h1m

The people who source pirated material (ie not the distribution groups, but the ones doing the actual cracking) are state-sponsored, not individuals doing it for fun. It's economic warfare; the purpose is to hurt profits while also giving economic benefit to the country doing the hacking, since its citizens won't have to pay for the software.

Or did you think that it was some sort of wild coincidence that the vast majority of software piracy groups are Russian?

apetresc
0 replies
4h11m

Funniest conspiracy theory I've heard in a while.

rescbr
0 replies
1d

You’re not alone.

A couple weeks ago I played around with a piece of software for my personal usage, and I certainly won’t release anything at all.

Not worth the trouble with the law, I’m not underage anymore and a day job gets in the way of keeping the required mental state/context for RE.

Ah, the simpler times at the University when I had the time and energy.

billforsternz
0 replies
21h23m

CD was CALL, 3E was LD A,imm but yes, I've forgotten most of them too.

Retr0id
0 replies
21h45m

These are the words of someone who has not tried to crack Denuvo.

uSoldering
0 replies
1d

A bounty hunter-like crowdfunding system would probably be ideal. I could probably hack together some forum software with each thread being a different crowdfunding campaign. Thanks for the suggestion.

hakfoo
0 replies
14h16m

I second the "crowdfund a particular circuit" process.

There are plenty of projects where a new PCB for an old device would be desirable:

* The vintage computers prone to capacitor/battery damage. There are a few Mac replacements, for example, but these are obviously hand-done labours of love.

* Classic Hi-Fi involves a lot of 40 year old boards with failing materials (for example, early two-sided PCBs where the second layer was literally painted on) An accurate netlist might also help improve quality of schematic info that's sometimes ancient service manual scans that are nearly illegible.

tubetime
15 replies
1d3h

great project! i ran into it the other day and was impressed with the number of wires.

i've been reverse engineering PCBs (mostly 2-4 layers) for a few years now and this is a part of the problem that i've been thinking about how to solve. best i can think of is a flying probe station cobbled together from 3d printers. basically you'd 1) scan the top and bottom of the board 2) generate a list of test points and pads 3) feed the coordinates into the flying probe system to generate the netlist

the other way to handle multilayer boards (and the most accurate, imo, because it captures exact ground plane designs, guard traces, and structures like that) is the scan-sand-scan approach. you'll get exact artwork--unfortunately the dust it generates is pretty nasty stuff.

willis936
7 replies
1d2h

Is there an automated tool for generating netlists from scanned PCB layers?

alright2565
5 replies
1d2h

Looks like the answer is yes, for money. Nothing I can quickly find that is FOSS.

It doesn't seem like this problem requires anything crazy, just traditional computer vision, but of course the devil is in the details.

uSoldering
4 replies
1d2h

The issue I was concerned about was dealing with high-density interconnect microvias. This PCB is 10-layers with a core of 4 layers of normal vias, and 3 layers of lasered microvias on each side. Someone has actually done the sand and scan method on this board you can view here: https://balika011.hu/switch/lite/

PCBs can warp to various amounts post reflow, which can cause all sorts of problems with parallelism between your PCB and sanding surface. You would also be able to mitigate this type of attack by filling vias with conductive epoxy and plating over them, which is a well established process option in PCB fabrication.

alright2565
3 replies
1d2h

I expected scan-and-sand to be somewhat automated, but they're doing it by hand? Incredible!

Might another way to resolve issues with the PCB dishing be to photograph the layers at a fraction of a layer height? So that in that way you have a lot more slices to work with, and you can digitally "flatten" the PCB?

uSoldering
2 replies
1d1h

Making a machine to automagically remove a tiny bit of material and image the result over and over would be easy for me. The image processing to take the stack of 3D sequential images and automagically process them into a netlist is well beyond my programming capabilities. If anyone thinks they could do this, contact me.

Keyframe
1 replies
1d1h

Not gonna pretend I have the solution, but it sounds like most of the groundwork for that has been laid out in medical imagery already. CT scans, combined into volumes, identifying structures..

alright2565
0 replies
20h34m

That's what I was thinking, but now I'm pretty sure it doesn't even need crazy algorithms like that.

1. align the image stack. not trivial, but a common task.

2. take several cross-sections, in both dimensions, and have a human draw a line along a specific layer line

3. linearly interpolate these lines into a surface.

4. for each pixel in each output layer, set the value to layers[l + offset][x][y], where the offset was calculated in step 3.

kayson
0 replies
1d2h

There are automated tools for generating a netlist from scanned IC layers (nm thick). They're proprietary trade secrets of course, but it's done all the time.

MuffinFlavored
3 replies
23h19m

What can be done with the reverse-engineered data about the PCB? You have a working one, you reverse-engineer it, and then ultimately you can make your own?

MegaDeKay
1 replies
14h12m

It can be used to find connection points to signals that would otherwise be inaccessible or at least hard to get to. This has come in pretty handy for the latest wave of Nintendo Switch hacks like Picofly. The scan-sand-scan approach [0] has the advantage over this hack where you can do something like the "kamikaze mod" [1] on the OLED Switch since you know where stuff is, not just what is connected to what.

[0] https://balika011.hu/switch/lite/

[1] https://www.youtube.com/watch?v=LMnS7yfu3Qk (not for the faint of heart)

abricot
0 replies
7h45m

Wow, grinding through 2 layers of PCB to get to the third. That takes dedication!

nyanpasu64
0 replies
22h18m

PCB information is useful for, among other things, doing board-level diagnostics and repairs of broken electronics to avoid turning it into e-waste.

uSoldering
1 replies
1d2h

I think with the Image->CAD data you could hack together something resembling a die-bond machine to automate the process. A flying probe would need two heads on both sides for full coverage of continuity, and some algorithms to probe multiple times with micro-offsets to deal with near-hits and bad connection hits. You could also monitor the probe heads for changes in capacitance to infer the quality of the probe hit.

archi42
0 replies
1d1h

I was also surprised not to see a flying probe system - I would expect this to be viable with modern 3D printer motion & control systems, but obviously this is highly non-trivial and has lots of mean details in the mechanical, electronics and software domains to solve.

I did not think of a die-bond machine (I suppose it bonds a wire to each pad instead of you doing it by hand?), but of course that also makes sense. And at least the motion system is much simpler.

A first step/experiment could be to automate creation of the gnd net. For that you only need a single tool head, meaning you can repurpose mostly any 3D printer motion system; for small increments, this could (later) happen during the die-bond process or become a precursor to a flying probe tool head. Of course I can not judge if that's a worthy investment of your time, or if you would enjoy building something like this ;)

Anyway, the effort, skill and dexterity are amazing! Spending 3 weeks soldering 1917 tiny leads seems to be just the icing on the cake :)

cinntaile
0 replies
13h1m

Why do you reverse-engineer PCBs? What resources did you use to get started?

newsclues
11 replies
1d

I feel like contacting Louis rossman from YouTube for an interview on right to repair etc would be great!

indrora
10 replies
23h14m

Not OP, but the less I encounter of Lous "I should be allowed to beat my kids" Rossmann, the better I've become.

Rossmann is the RMS of the right to repair movement. A lot of ideas that align with the overall goal but a terrible figurehead because he has a fairly myopic view of right-to-repair scene at this point, coupled with some Yikes opinions outside of it. He has actively held back some RtR folks simply because of his crass comments about women & minorities, but also because he doesn't think the issue extends to some things (like dishwashers, which he's said a few times on stream are "simple shit nobody needs boardview for").

Similarly like RMS, he's made comments (like the one I alluded to before) where he has explained (while very drunk on a live stream) that he has some beliefs that don't... always align well with the status quo in terms of basic human decency.

newsclues
4 replies
22h16m

Dunno about that but I do know that RMS made a huge contribution to open source and Rossman seems to be doing the same for right to repair.

I’m happy that people are doing good work even if they have shitty opinions or are even shitty humans. I will appreciate what they have done for humanity.

atlas_hugged
3 replies
22h9m

This sounds like Dave Chappelle’s view about Cosby: “he rapes, but he saves”

imtringued
1 replies
9h23m

Do you really think this is an honest characterization? If Louis Rossman commits a crime you can just send him to prison. The fact that he isn't in prison indicates that you are trying to push this in a specific direction by thinking of the worst possible crime and pretending the situations are remotely similar.

newsclues
0 replies
6h7m

I think it’s very telling that people have not substantiated their claims.

Perhaps there are people/bots who are paid to assassinate his character because of his right to repair work?

newsclues
0 replies
21h23m

Nobody is perfect.

If you want to live in a world built by perfect people, you won’t have a house or music or new or movies or companies.

I’m not defending shitty behaviour, I’m not throwing out the baby with the bath water.

atlas_hugged
2 replies
22h11m

You’re the first comment I’ve seen that has the same view as me. I don’t know why so many people worship that guy. Same with RMS. Both of those dudes give me the creeps even though I often hold the same or similar views on their areas of specialization.

Someone, long ago, once told me: “There’s always going to be someone on your side that you wish was on the other side.”

I didn’t realize how true that would become until years later.

newsclues
0 replies
21h21m

A) don’t worship him

B) just know about his right to repair work

C) don’t know anything negative about him, nor has anyone provided any evidence he is a bad person and just attacked his character.

imtringued
0 replies
9h26m

You know what gives me the "creeps"? People looking for character flaws and projecting them onto the entire person.

There is a guy on "my side" who acts as if people like me are extreme radicals from the "other side" and you sound like you want to ride this slope downhill as hard as possible. At some point you will only focus on the bad things these people have done, after all you're not watching his videos, just hearing it from biased third parties and you no longer care if it has any semblance of truth to it or not.

I do not worship this guy. I don't even watch his videos. I probably don't even remember what he looks like.

snvzz
0 replies
17h0m

He's made comments where he has explained (while very drunk on a live stream) that he has some beliefs that don't... always align well with the status quo in terms of basic human decency.

Others will definitely have views on topics which aren't always going to agree with your own.

The more you know somebody, the more likely you'll find a difference of opinions that annoys you somewhat. This is highly likely to happen with views on politics or religion.

The average person, however, can live with having differences just fine. Only those with severe mental issues such as narcissism will make it an actual problem, for themselves and others.

quenix
0 replies
5h31m

On a side note, I've briefly searched for the "I should be allowed to beat my kids" thing and I can see zero evidence he ever said this or defended it.

It's a pretty big smear, so you should substantiate it.

mNovak
6 replies
1d

I'm wondering if a 'bed of nails' approach could be used to eliminate the mechanical difficulty of the flying probes? Basically a grid of (many thousands) probes at some resolution, connecting to essentially the same switch matrix backend you already have.

In particular something like [1] might just have enough resolution. The 'probes' now are just pads on the sensing PCB. This converts it from a mechanical problem to a crazy high density PCB layout problem, which sounds like it'd be up your alley!

Heat cure for the anisotropic layer is annoying, and might make it a single-use solution (but that's not bad if you're selling the boards!)

Another 'just dumb enough to work' concept would be to take the board scans, and print a custom PCB of the same pad layout mirrored, and you can directly mount the two boards face-to-face. Basically a board level breakout, either to make the wire soldering easier, or better, again directly incorporate the netlisting hardware.

[1] https://www.3m.com/3M/en_US/p/d/b5005076018/

eternauta3k
2 replies
23h32m

I like the last one, but how do you connect the boards to each other? Solder balls? Just pressure?

mNovak
0 replies
19h3m

I'd just solder paste and reflow, like a large surface mount device. Challenging to get consistent no doubt, and the alignment would have to be very accurate (or have a few separate boards), but I think doable.

Seems like you could largely automate a workflow for identifying pads in the scan and generating the mirror layout, with simple routing to some kind of standardized interface for the probe lines.

flutas
0 replies
21h51m

Might be able to find pogo pins that small. That would be my best idea (if they're available).

ooterness
1 replies
21h24m

This approach doesn't scale.

Modern portable devices often have BGA packages with 0.5mm spacing. At this resolution, a relatively small 5x5 cm board would require at least 100x100 = 10k probes per side. Count increases quadratically with board size.

Far easier is a "flying probe" machine [1] with a handful of probes that can be moved quickly. This option is mentioned in the article, but dismissed due to up-front cost.

[1] https://en.wikipedia.org/wiki/Flying_probe

ginko
0 replies
8h45m

You could multiplex the probe grid along rows and columns like pixels on an LCD screen. Would make the probing take a bit longer but you'd still save time since you don't need to manually hook stuff up.

dclowd9901
0 replies
21h46m

Had this same idea as I was reading the article. You could really automate a lot of the probing.

analognoise
6 replies
1d2h

You’re right, but I don’t want to solder 2k wires to things. Last time I “professionally” reverse engineered a board we sent it out to get a CT scan of it, and got delivered a self executing program which contained a point cloud of data and an interface to extract surfaces, adjust the histogram (to make features visible) etc.

I’d take a handful of automated probes in a 3D printer chassis, and some vision/registration/classical computer vision algorithms.

This type of thing already exists but I’d rather have an open source one.

bsder
5 replies
1d1h

This type of thing already exists but I’d rather have an open source one

Is it possible to make an open-source X-ray machine to do this kind of CT scan?

It really seems like it ought to be, but I don't know enough about the source and the CCD detectors to think about how to assemble it.

ooterness
2 replies
21h21m

Well, step one would be to reverse-engineer an existing CT scanner. But to do that, you'd need a CT scan of the boards in the CT scanner...

bsder
1 replies
20h48m

Not really.

The big question is how to get an X-ray source with enough energy to penetrate metals and a detector with enough resolution.

Everything else can be cheap.

CamperBob2
0 replies
18h28m

Can't find it at the moment, but someone did in fact create a passable homebrew CT scanner based on a small Faxitron medical-specimen X-ray machine of the sort that can be commonly found on eBay.

Edit: found it ( http://www.rtftechnologies.org/physics/faxitron-DX50-CT-scan... )

These machines are good for up to 8-10 layers of 1-oz copper.

analognoise
1 replies
20h37m

I mean, we buy them and start learning?

Famous last words: how hard could it be?

bsder
0 replies
35m

The Programmers’ Credo: we do these things not because they are easy, but because we thought they were going to be easy. :)

punnerud
4 replies
22h16m

Quick creation of a Openseadragon viewer of the PCB from the article: https://ha-norge.no/images/pcb_highres/highres_pcb.html

Full resolution on mobile phone without the need for downloadning 124MB JPG. The image consist of layer with different resolution, and a lot of tiny pictures (+ 45.000). Enjoy.

uSoldering
3 replies
21h14m

Thank you so much for the bandwidth. I would like to do this for boardscans going forward, but I don't have the hosting infrastructure. I know OSD can do overlays, it would be awesome to have the functionality of OpenBoardView as a webapp.

punnerud
0 replies
20h52m

Only the part that you zoom into is loaded in gradually higher resolution, that save bandwidth and less data to download. Send me an email (on my profile) and I can describe how to run the Python processing etc yourself.

That way I believe you can host it.

Had to make some adjustments because of the size of the original image.

andersa
0 replies
18h7m

Throw the file on Cloudflare R2, no egress cost then.

layer8
3 replies
23h11m

I think I got most of the jargon, but what is a “binned location”?

uSoldering
2 replies
22h56m

It's just unique spot to hold each part. There are 8 trays with 100 pockets each, so if you wanted to know a specific component's electrical properties, I could look up which tray and pocket it's in and measure it. Or if I get around to measuring all of them, I can push that data into the boardview itself.

layer8
1 replies
22h54m

So, it means “put it somewhere in a way that you still know which is which”?

uSoldering
0 replies
22h53m

Yep!

kayson
2 replies
1d2h

Wow I would've loved to have something like this. In the last few months I tried reverse engineering a Dell server motherboard (just the power supply interface) and a Lenovo ThinkCentre motherboard (PCI-E riser) and its such a pain to do by hand I mostly gave up after figuring out some basic connectivity.

It's not really clear to me what your goal is here. It seems like this would make for a great open source project. Even if you want to make money from it, I think you can generate a lot of value from the process rather than the tools (which only you can really use anyway).

You mentioned in a comment below automating the process further like a bonding machine. There's been a ton of work in this general space in a mechanical sense for 3D printers. I bet you could fairly easily adapt it for probing.

uSoldering
1 replies
1d1h

The original goal was to just turn an idea I thought was possible and figure out exactly how to execute it. The current goal is something like improve and iterate, while seeing what the market interest for something like this actually is.

I think most of the value is in the imaging technology, and could easily be offered as a mail-in service. I can also bulk manufacture the extractor PCBs and sell them at a small markup, while open sourcing the rest.

nativeit
0 replies
21h26m

People like Ken Shirriff (who routinely posts here on HN, and collaborates with @CuriousMarc on YouTube) and Eric Schlaepfer (aka @TubeTime, published Open Circuits: The Inner Beauty of Electronic Components) would probably have some unique insights for this endeavor.

boringuser2
2 replies
19h46m

Regarding industrial espionage on PCBs, would you say most are out of China?

uSoldering
1 replies
19h19m

I know very little other than it appears the two most popular sources are Zillion x Work, and XinZhiZao, both of which appear to be based out of China.

boringuser2
0 replies
19h10m

An intuition that bore fruit, thanks.

rasz
1 replies
19h3m

Soldering required here is _INSANE_. There are industrial flying probe machines that can perform same task in fully automated manner with no soldering, but typical Chinese RE involves sanding the board down one layer at a time https://www.chinapcbcopy.com/pcb-reverse-engineering/

There are Chinese outfits offering this service at really low prices, we are talking hundreds of dollars per pcb.

https://www.pcb-hero.com/blogs/lilycolumn/pcb-reverse-engine...

https://www.chinapcbcopy.com/pcb-clone-service/

https://www.pcbtok.com/pcb-reverse-engineering/

imtringued
0 replies
7h39m

PCB reverse engineering is a reverse research technology that uses a series of reverse research techniques

Oh boy

mkoryak
1 replies
1d1h

Do you have a full time job? Do you have young kids?

I am guessing one of these is a "no", probably the later.

If I am wrong, please tell me the secret

uSoldering
0 replies
1d

No kids and my job is running/programming SMT production lines, so when the process is stable I get to supervise the machines and read technical documents as training.

eichin
1 replies
19h42m

This is amazing (particular the hand soldering - I love the genre of "this is impossible, you'd need to do this thing thousands of times" "so I did the thing thousands of times" persistence) but I wonder, now that homebrew pick-and-place is starting to become a thing, is there any practical way to take advantage of that? I pick-and-place tip that was vaguely like a wire-wrap tool seems almost plausible. Or is this more like bond-wires on chips and needs an order of magnitude more precision?

uSoldering
0 replies
19h7m

For this PCB, the smallest targets are about 0.2mm in diameter. In terms of precision robotics, this is very manageable. A robotic soldering iron, or even a laser soldering system, with a wire feeder and cutter could be used to make something like a rudimentary die-bonder, that simply solders the wires to the correct pads.

My background in process engineering made me lean towards a figuring out very manual process that could be automated, instead of figuring out a highly automated process.

barbegal
1 replies
1d2h

This seems like a lot of effort to get a net list given other techniques to deduce what pads are connected (e.g. knowing the most connected net is the ground plane, looking up the pinouts for the ICs, looking at the voltages and signals when the board is powered).

crote
0 replies
1d

That approach will get you 80% of the way there - which for a lot of applications is next to useless.

The problem is that for a lot of chips there aren't any datasheets available. Sure, something like a memory bus is trivial to trace, but how are you going to reason about Unknown Pin #464 coming from Unlabeled IC #4 which seems to randomly have a 500ms pulse on bootup and every few minutes afterwards?

alright2565
1 replies
1d2h

Did you take a panorama of the board after desoldering all the components? I'm curious (although not likely to want to dedicate more than minimal time to) if it would be possible minimize/eliminate your innovation #2 by using computer vision.

Or are you maybe aware of other images of depopulated boards?

uSoldering
0 replies
22h35m

I didn't take a depopulated panorama because I did all the photography without an automated stage, which is what I'm currently working on. There are some boardscans that are depopulated, with the various layers you can go through here: https://balika011.hu/switch/

I am okay at programming, but slow. I think it's definitely possible, but processing of computer vision is still magic to me.

486sx33
1 replies
1d

Isn’t crosstalk an issue ? Just wondering

uSoldering
0 replies
1d

At 20kHz it only takes 3 minutes to run the extraction program. I run it multiple times and at slower frequencies, but the output is stable.

xt00
0 replies
20h3m

If you / somebody is doing the sand and scan or xray/CT method (which you could pay somebody to do rather than buying a CT machine), then you can create a gerber -- then manually clean it up. Then you have a dangling set of nets that are only separated by layers. You can then infer connectivity from the gerbers on layer to layer manually again to create a reduced set of nets by the shape / visual cues of what the vias look like. That would be far easier than soldering wires to every ball on both sides of a board -- and a netlist doesn't automatically generate a schematic for you, you need to still do a chunk of work to actually create the schematic. To be honest, a netlist is not actually all that useful unless your goal is to attempt to create a full schematic out of the board. For reverse engineering efforts, you would likely focus on one chip and just manually follow each trace for the thing you care about and draw up a schematic manually for that. In most cases you would likely spend like 1 day after you got the scans back building up a schematic for the key chips of interest. For anything that is a bit questionable about if a via actually connects or not, then you would just manually ohm that out. Anyway, I guess if you like soldering and are just doing something for fun, then sure do this method. Otherwise, there are way better approaches than this.

wiseowise
0 replies
1d2h

If the goal is to just make money, I could sell 6,000 PPI panoramas of women's feet as NFT's. Note: Do not contact me about this.

Lmao.

userbinator
0 replies
17h55m

PCB RE services are pretty cheap in China and the far East, and they use a lot of automation to do the work of creating the netlist from the pad locations --- the recognition and probing is automated.

nxobject
0 replies
19h54m

Your brute-force approach to finding hidden connections is simple but brilliant. I know a lot of current hobbyist reverse-engineering efforts have to go a lot further, are destructive and involve sanding things off layer-by-layer (resulting in 1:1 reconstructions, rather than just board views), but I'm sure that gets harder and harder the more PCB layers are involved, especially with cutting-edge consumer tech.

gargablegar
0 replies
1d2h

Such a great project, really enjoyed it. I’m a hardware engineer. I really appreciate this

crote
0 replies
1d1h

It's definitely a really cool project, but this doesn't really look like something that would scale. While a boardview is nice to have, investing what looks like hundreds of hours per board simply isn't viable for the vast majority of projects - especially the hobbyist market you seem to be targeting.

You can get something similar-ish done quite cheaply in China: a digital copy of a 2-layer board is only $150[0], and turning that into a netlist shouldn't be too difficult. I expect multi-layer boards to be quite a bit more expensive, but still nothing like this process.

Heck, even for a plain netlist it'd probably be orders of magnitude easier to DIY your own flying-probe machine. All the hardware for 3D printers is widely available, after all.

[0]: https://dirtypcbs.com/store/pcbclone

blubbity
0 replies
1d1h

This is completely brilliant!

If the painful part is the soldering, and the novel part is the imaging, there is definitely opportunity here. Seems like an opportunity to create a dirt cheap flying probe based off an ender3 3D printer. This is possibly a perfect situation where smart software can make up for the shortcomings of cheap hardware.