does a reverse-engineering EDA tool exist?
Guy Dunphy
guykd at optusnet.com.au
Thu Oct 25 01:51:05 CDT 2018
At 10:06 PM 24/10/2018 -0500, you wrote:
>On 10/24/2018 04:25 PM, Al Kossow via cctalk wrote:
>> To draw out the schematics for the Displaywriter I have a bunch of boards to trace out,
>> and I don't want to do the usual "scribble on yellow pad"
>> to do it. Has someone written a graphical tool for doing this?
>>
>> What I would like to find is a tool that puts up a bunch of footprints with internal IC functions
>> shown, then a way to rapidly enter the buzzed out interconnections, generating a netlist.
>>
>> This is exactly backwards workflow from normal schematic entry and pcb layout.
>>
>> I suspect I'm just going to have to bite the bullet and write it..
>Hmmm, you COULD actually use a schematic tool to do this!
>Maybe create the components to look like DIPs. I know I
>could do this in Protel 99 without a great deal of trouble.
>Then, just draw in all the wires.
>I suspect a few other good schematic entry tools could also
>do this.
>
>Jon
The idea of creating a lot of 'IC puppet' graphics showing internal functions connected to
footprint pins to help in reverse engineering PCBs, may sound nice at first but probably
won't be worth the effort in practice.
It falls down in several cases:
- ICs containing multiple functional blocks (eg 6 x inverters.) These may be used all over
the place in a schematic. You don't want to be forced into drawing them together at any
stage of schematic derivation.
- Complex IC functions, in which physical pin arragements bear no resemblance to a sane
functional symbol. Again, you don't want to be drawing schematics forced into physical
pin arrangements. Pretty much every IC from simple counters and latches, on up are like this.
- Even simple elements like op-amps - you want to be able to draw the + and - inputs
whichever way up is appropriate for good schematic practice for the circuit form.
- Power pins should appear on the schematic as sensible for the specific case. Usually
not on actual circuit symbols.
Keep the objective in mind. What you want to end up with is a schematic, that is laid out
in a way that aids comprehension of how the circuit works. Typically this means overall
left to right functional or power flow, with separate functional blocks visually separate,
visual emphasis where appropriate, and so on. Something like the original designers drew,
if they were any good.
When you have only a PCB and want to reverse engineer the schematic, the tasks are:
1. Find data sheets for all the semiconductors/complex parts, so you have diagrams of pin
functions. Extract just the pin diagrams to one convenient location, for easy reference
while tracing tracks. Paper, or 2nd screen while using primary screen for PCB overlays.
2. Trace PCB copper connectivity, drawing schematic fragments as you go.
Every component drawn in the fragents must have a designator. Use the ones from the
PCB if there are any, or make them up if not.
During this process it can be helpful to know the functions, but usually not essential.
At this stage you're aiming to achieve something like a 'netlist with circuit fragments'
that doesn't have to make sense on more than a very low level.
The number one priority is to do this without errors. The only way to do that is to have
a visual copy of the PCB on which you can mark node paths and components as you identify
them (to 100% certainty) without fail.
3. Once you have a bunch of sheets of drawn circuit fragments, then integrate them into a
sensible circuit diagram. This can be a multi-stage process, and I don't think can be
automated. It requires comprehension of how the circuit functions, since that's what the
schematic should be trying to convey.
I like it when I achieve a schematic in which the component designators (from the original
PCB) run in an orderly fashion across the derived schematic, since that's how the designer
will have assigned them on their schematic.
For stage 2 I use photoshop, with overlaid layers for the front and back of the PCB, and more
layers for traced copper tracks, component designators (where there are none on the PCB and you
have to make them up), notes, 'component done' dots, color codes for power rails, etc.
Start with a hi-res photo of the board front, taken from some distance away to reduce component
parallax and barrel distortion.
In PS, add some guide lines for the board edges and use 'distort' to make the PCB image rectangular.
Overlay a layer with the board rear photo. Flip it, make semi transparent, align and distort it
to exactly align with the board front side image. If your photos were OK you should be able to
get all pads right across the PCB to line up very well.
You can adjust the colors of the PCB front and back layers to get a red/blue effect when viewing
them both as overlaid transparencies.
Btw older versions of photoshop tend to be more useful for this than recent versions. Load faster,
simpler menus, less bullshit overall, etc. I use PS 5.5 for this.
Turn autosave OFF! You want to make sensible staged version saves, when YOU want.
For stage 3, the intermediate iterations in which you're forming an understanding of how the
schematic fragments go together to a functional whole, are best done with paper and pencil since
schematic editors tend to be not very good for shuffling schematic blocks around.
Keep the first set of schematic fragments as the 'gold standard', with hopefully zero transcription
errors. DON'T make any changes or 'done' highlighting to these yet.
While you are 'integrating' use multiple pages, multiple quick sketches. These don't need to be
complete as they are just layout concepts, getting a feel for how to arrange and space things.
When ready to draw the final, neat and sensible schematic, then you have the choice of what tools
to use. Hand drawn again? Or photoshop? Or a real schematic editor? Depends on the intended use.
While creating this schematic, mark off elements from your original set of schematic fragments sheets.
Guy
More information about the cctalk
mailing list