"Dave Wilson" <davol(a)globalnet.co.uk> wrote:
  The forward engineering is quite difficult enough.
It's my own belief
 that reverse engineering is - practically speaking - intractable. 
Actually not.  Certainly beyond the means of a hobbyist, but there
are companies that offer this service commercially.  The most well-known
is Chipworks, but there are several others.  They'll take a packaged part,
decap it, and peel it layer by layer.  They can provide you results in
various forms including physical design formats such GDS, schemtics,
netlists, or even HDL code.
It's not inexpensive.
This is what AMD did to get the Intel 386 logic design.  I don't know
if they did all the work in-house, or contracted some of it out to
specialists.  They were entitled under a cross-license agreement to
obtain the actual 386 design files from Intel, but Intel was trying to
renege on the agreement.  The court eventually ruled for AMD, but in the
mean time they completely reverse-engineered the 386 back to a register
transfer level design, then reimplemented the exact same logic, though
they improved it by making it static rather than dynamic.  Altogether,
this is the most amazing reverse-engineering feat I've ever heard of.
  If this really is so appealing to sinister governments
etc. why not
 just reverse engineer the chip they bought legitimately, by mail order. 
Yes, that's how it's normally done.  AFAIK, there's little additional
knowledge to be gained from studying a complete wafer vs. an individual
die.