I don’t have any direct experience to suggest, but for your funding model you seem to be mostly concerned that you wouldn’t make much money after releasing the work due to piracy. Perhaps you could consider the crowdfunding model instead, collect the money first! It also has the benefit of implicit voting for most-wanted projects.

This model would be similar to the notorious Denuvo DRM cracker Empress, who is essentially the only person who can break this gaming anticheat. https://en.m.wikipedia.org/wiki/Empress_(cracker) . I will warn they have quite some drama about them, but the financials seem to be working.

I would also consider what your work could be useful for / value proposition for others. The trimmed-down Wii consoles come to mind. Perhaps a small group of people would heavily value a netlist of their favorite circuit that they could recreate even smaller with more layers/modern techniques.

I strongly suspect a lot of people who could crack Denuvo simply do not want to.

We've grown up. We got solid, well paying developer jobs. I do not want to even risk violating some law. It's been a hoot 1987-2004 but I have not opened IDA in two decades. That book is closed. I doubt I am alone.

Once... so long ago... I could disassemble Z80 in my head. Today? C9 was RET. The rest I forgot.

The nature of life is as you age others are born. While your soul may have been crushed by the years, new smart but foolish ones have arisen to hack what you leave unhacked.

Sounds pretty much accurate.

Show me the young people that know how to work with IDA or Ghidra. The way to use tools like this without ever written assembly is way harder than the way we had 10 years ago. They found other things to hack, things where we don't know anything about.

It might seem that way but a few observations. The number of people in total hacking away is much much larger now. So the absolute numbers are probably similar or more, while in relative terms you’re probably right. But my observation with a young hacker in the house is there’s a lot of appreciation for how the machine really works amongst many kids. The high level glossy stuff doesn’t appeal as much as ripping the cover off and poking memory locations. I think this shows up in the amazing prevalence of electronics hacking these days, low power computing, etc. This is the best time to be a hacker, the tools at all levels are amazing. But real nerds like you and I are just as rare as ever, and can’t resist ripping the lids off.

There has never been a time in history of this planet with more people possessing those capabilities.

The team that won Disobey’s CTF this year was very young. I don’t have a perfect eye for age, but I’d say the average age for the large group was around 20-25

I used Ghidra while I was in school to crack a copy of a CAD program- took forever but was totally worth it

Unfortunately, too many of the young ones live in Apple's "What is a computer?" world. It's hard to become curious about the boot process when POST screens have been replaced by glossy progress bars and everything is locked down.

Those young ones in a prior generation would be kicking sand in the nerds face. Not every human will be a nerd, only a tiny fraction will have the true calling. But once called, they can’t help but rip back the veil and hack.

I think AI will make every complicated process much more accessible as you can interact with a, rounds to free, teacher that can explain each piece in the appropriate level of detail for your skill level.

Surely you cannot be this naïve? That "teacher" will not have your best interests at heart and all communication is closely monitored.

Even ignoring the legal stuff (which a lot of hackers don't care about), Denuvo is an unbelievably pain in the ass to crack. It's kinda unique per game, so you have to redo a lot of work every time, and your reward for like 6 months of your life is the newest Madden. Most games get Denuvo removed anyway in future patches since it costs money annually to license it, so why bother.

> which a lot of hackers don't care about

Well, yeah, there was a time for that.

But, I can guess I can openly say this twenty years later, I was helping out one of the admins of the one of the largest warez sites in Central Europe and when that was raided (Operation Fastlink) -- police only found the proxies and couldn't find the owner so no one ever got indicted over this site -- I had a little chat with myself and, as I said above, closed that chapter of my life.

That server was really something else: imagine a normal mid tower chassis PC of the era but stuffed with IDE cards and next to it several piles of hard drives separated by little pieces of wood so they didn't overheat from touching. By the end, if memory serves, it was multiple terabytes.

This is the correct answer. Denuvo isn't hard to crack in any exciting engineering sense, it's just incredibly tedious. With the amount of time required, anyone with those skills would be better off just getting a white hat security gig for a stable paycheck, and buying the game.

What prevents that tedium from being automated?

The reasons a set of heuristics and static code analysis can't do it is because the team developing it is constantly hard at work making Denuvo more difficult and annoying and significantly different every release. You may be able to automate version X of Denuvo after having cracked 5 games using that version, but version X+1 will be significantly different (but in a way that didn't require much work on Denuvo's end to change). The only way to fully automate it would be to have access to their source code, or be a literal super genius.

I'm not an expert on it but my understand is that one part is basically have a VM with custom opcodes, and every opcode is randomized and the set of opcodes used is a subset of a larger pool. Then the code running in the VM is autogenerated from normal code using these confusing and randomly selected made up opcodes. And that is only 1 piece.

Denuvo is designed to be an extreme pain to work with in a debugger or disassembler. Every game is its own unique maze full of dead ends, fake exits, and an ever-shifting array of clever tricks to detect when the binary is being debugged or disassembled, which quietly rearrange the maze to have no solution at all.

It's extremely tedious for a human, and the pay-off is relatively low, as hinted by the parent (what recent DRMed games are even any good?). I do wonder whether anyone has tried setting a well trained AI on the problem though.

> I do wonder whether anyone has tried setting a well trained AI on the problem though.

That was exactly my thought, if it is just brute force understanding debugging/assembly code a LLM could help.

Only one way to find out!

You’re not alone.

A couple weeks ago I played around with a piece of software for my personal usage, and I certainly won’t release anything at all.

Not worth the trouble with the law, I’m not underage anymore and a day job gets in the way of keeping the required mental state/context for RE.

Ah, the simpler times at the University when I had the time and energy.

These are the words of someone who has not tried to crack Denuvo.

CD was CALL, 3E was LD A,imm but yes, I've forgotten most of them too.

The people who source pirated material (ie not the distribution groups, but the ones doing the actual cracking) are state-sponsored, not individuals doing it for fun. It's economic warfare; the purpose is to hurt profits while also giving economic benefit to the country doing the hacking, since its citizens won't have to pay for the software.

Or did you think that it was some sort of wild coincidence that the vast majority of software piracy groups are Russian?

Funniest conspiracy theory I've heard in a while.

Well yes Diablo 2 was $50 when released http://web.archive.org/web/20000815052708/http://www.gamesto... which would be like $90 today adjusted for inflation. Diablo IV is $70 and people were raging how expensive that is. And Last Epoch is $35 and it seems like more fun than D IV. And of course Path Of Exile is free to play but you need to consider the price of a math degree totes required for that thing :D https://www.reddit.com/r/pathofexile/comments/wydq91/my_frie... And before someone posts the obligatory "Still sane, Exile?" I would like point out two things: a) I do have a math degree b) my Last Epoch Falconer is called TrappedInWraeclast. Sanity left the building, long ago :D

A bounty hunter-like crowdfunding system would probably be ideal. I could probably hack together some forum software with each thread being a different crowdfunding campaign. Thanks for the suggestion.

I second the "crowdfund a particular circuit" process.

There are plenty of projects where a new PCB for an old device would be desirable:

* The vintage computers prone to capacitor/battery damage. There are a few Mac replacements, for example, but these are obviously hand-done labours of love.

* Classic Hi-Fi involves a lot of 40 year old boards with failing materials (for example, early two-sided PCBs where the second layer was literally painted on) An accurate netlist might also help improve quality of schematic info that's sometimes ancient service manual scans that are nearly illegible.

great project! i ran into it the other day and was impressed with the number of wires.

i've been reverse engineering PCBs (mostly 2-4 layers) for a few years now and this is a part of the problem that i've been thinking about how to solve. best i can think of is a flying probe station cobbled together from 3d printers. basically you'd 1) scan the top and bottom of the board 2) generate a list of test points and pads 3) feed the coordinates into the flying probe system to generate the netlist

the other way to handle multilayer boards (and the most accurate, imo, because it captures exact ground plane designs, guard traces, and structures like that) is the scan-sand-scan approach. you'll get exact artwork--unfortunately the dust it generates is pretty nasty stuff.

I think with the Image->CAD data you could hack together something resembling a die-bond machine to automate the process. A flying probe would need two heads on both sides for full coverage of continuity, and some algorithms to probe multiple times with micro-offsets to deal with near-hits and bad connection hits. You could also monitor the probe heads for changes in capacitance to infer the quality of the probe hit.

I was also surprised not to see a flying probe system - I would expect this to be viable with modern 3D printer motion & control systems, but obviously this is highly non-trivial and has lots of mean details in the mechanical, electronics and software domains to solve.

I did not think of a die-bond machine (I suppose it bonds a wire to each pad instead of you doing it by hand?), but of course that also makes sense. And at least the motion system is much simpler.

A first step/experiment could be to automate creation of the gnd net. For that you only need a single tool head, meaning you can repurpose mostly any 3D printer motion system; for small increments, this could (later) happen during the die-bond process or become a precursor to a flying probe tool head. Of course I can not judge if that's a worthy investment of your time, or if you would enjoy building something like this ;)

Anyway, the effort, skill and dexterity are amazing! Spending 3 weeks soldering 1917 tiny leads seems to be just the icing on the cake :)

What can be done with the reverse-engineered data about the PCB? You have a working one, you reverse-engineer it, and then ultimately you can make your own?

PCB information is useful for, among other things, doing board-level diagnostics and repairs of broken electronics to avoid turning it into e-waste.

It can be used to find connection points to signals that would otherwise be inaccessible or at least hard to get to. This has come in pretty handy for the latest wave of Nintendo Switch hacks like Picofly. The scan-sand-scan approach [0] has the advantage over this hack where you can do something like the "kamikaze mod" [1] on the OLED Switch since you know where stuff is, not just what is connected to what.

[0] https://balika011.hu/switch/lite/

[1] https://www.youtube.com/watch?v=LMnS7yfu3Qk (not for the faint of heart)

Wow, grinding through 2 layers of PCB to get to the third. That takes dedication!

Why do you reverse-engineer PCBs? What resources did you use to get started?

Is there an automated tool for generating netlists from scanned PCB layers?

Looks like the answer is yes, for money. Nothing I can quickly find that is FOSS.

It doesn't seem like this problem requires anything crazy, just traditional computer vision, but of course the devil is in the details.

The issue I was concerned about was dealing with high-density interconnect microvias. This PCB is 10-layers with a core of 4 layers of normal vias, and 3 layers of lasered microvias on each side. Someone has actually done the sand and scan method on this board you can view here: https://balika011.hu/switch/lite/

PCBs can warp to various amounts post reflow, which can cause all sorts of problems with parallelism between your PCB and sanding surface. You would also be able to mitigate this type of attack by filling vias with conductive epoxy and plating over them, which is a well established process option in PCB fabrication.

I expected scan-and-sand to be somewhat automated, but they're doing it by hand? Incredible!

Might another way to resolve issues with the PCB dishing be to photograph the layers at a fraction of a layer height? So that in that way you have a lot more slices to work with, and you can digitally "flatten" the PCB?

Making a machine to automagically remove a tiny bit of material and image the result over and over would be easy for me. The image processing to take the stack of 3D sequential images and automagically process them into a netlist is well beyond my programming capabilities. If anyone thinks they could do this, contact me.

Not gonna pretend I have the solution, but it sounds like most of the groundwork for that has been laid out in medical imagery already. CT scans, combined into volumes, identifying structures..

That's what I was thinking, but now I'm pretty sure it doesn't even need crazy algorithms like that.

1. align the image stack. not trivial, but a common task.

2. take several cross-sections, in both dimensions, and have a human draw a line along a specific layer line

3. linearly interpolate these lines into a surface.

4. for each pixel in each output layer, set the value to layers[l + offset][x][y], where the offset was calculated in step 3.

Steps 3 and 4 seem like a largely solved problem using blob detection in computer vision libraries. The last step is in plated via detection. If no microvias are present this seems pretty easy: just look for circles. If microvias are present then you need to check for plating at each layer for each hole below a certain size. That seems difficult if the sanding process does not result in very clean features.

There are automated tools for generating a netlist from scanned IC layers (nm thick). They're proprietary trade secrets of course, but it's done all the time.

Quick creation of a Openseadragon viewer of the PCB from the article: https://ha-norge.no/images/pcb_highres/highres_pcb.html

Full resolution on mobile phone without the need for downloadning 124MB JPG. The image consist of layer with different resolution, and a lot of tiny pictures (+ 45.000). Enjoy.

Thank you so much for the bandwidth. I would like to do this for boardscans going forward, but I don't have the hosting infrastructure. I know OSD can do overlays, it would be awesome to have the functionality of OpenBoardView as a webapp.

Only the part that you zoom into is loaded in gradually higher resolution, that save bandwidth and less data to download. Send me an email (on my profile) and I can describe how to run the Python processing etc yourself.

That way I believe you can host it.

Had to make some adjustments because of the size of the original image.

You can easily create zoomable embeds using ZoomHub, a place to host high-resolution images like yours. It’s using OpenSeadragon and making it super easy:

Top: https://zoomhub.net/NV9XO

Bottom: https://zoomhub.net/ZxkyW

Share more images here https://zoomhub.net/ and let me know what you think :)

Throw the file on Cloudflare R2, no egress cost then.

You’re right, but I don’t want to solder 2k wires to things. Last time I “professionally” reverse engineered a board we sent it out to get a CT scan of it, and got delivered a self executing program which contained a point cloud of data and an interface to extract surfaces, adjust the histogram (to make features visible) etc.

I’d take a handful of automated probes in a 3D printer chassis, and some vision/registration/classical computer vision algorithms.

This type of thing already exists but I’d rather have an open source one.

> This type of thing already exists but I’d rather have an open source one

Is it possible to make an open-source X-ray machine to do this kind of CT scan?

It really seems like it ought to be, but I don't know enough about the source and the CCD detectors to think about how to assemble it.

Well, step one would be to reverse-engineer an existing CT scanner. But to do that, you'd need a CT scan of the boards in the CT scanner...

Not really.

The big question is how to get an X-ray source with enough energy to penetrate metals and a detector with enough resolution.

Everything else can be cheap.

Can't find it at the moment, but someone did in fact create a passable homebrew CT scanner based on a small Faxitron medical-specimen X-ray machine of the sort that can be commonly found on eBay.

Edit: found it ( http://www.rtftechnologies.org/physics/faxitron-DX50-CT-scan... )

These machines are good for up to 8-10 layers of 1-oz copper.

I mean, we buy them and start learning?

Famous last words: how hard could it be?

The Programmers’ Credo: we do these things not because they are easy, but because we thought they were going to be easy. :)

Soldering required here is _INSANE_. There are industrial flying probe machines that can perform same task in fully automated manner with no soldering, but typical Chinese RE involves sanding the board down one layer at a time https://www.chinapcbcopy.com/pcb-reverse-engineering/

There are Chinese outfits offering this service at really low prices, we are talking hundreds of dollars per pcb.

https://www.pcb-hero.com/blogs/lilycolumn/pcb-reverse-engine...

https://www.chinapcbcopy.com/pcb-clone-service/

https://www.pcbtok.com/pcb-reverse-engineering/

>PCB reverse engineering is a reverse research technology that uses a series of reverse research techniques

Oh boy

Wow I would've loved to have something like this. In the last few months I tried reverse engineering a Dell server motherboard (just the power supply interface) and a Lenovo ThinkCentre motherboard (PCI-E riser) and its such a pain to do by hand I mostly gave up after figuring out some basic connectivity.

It's not really clear to me what your goal is here. It seems like this would make for a great open source project. Even if you want to make money from it, I think you can generate a lot of value from the process rather than the tools (which only you can really use anyway).

You mentioned in a comment below automating the process further like a bonding machine. There's been a ton of work in this general space in a mechanical sense for 3D printers. I bet you could fairly easily adapt it for probing.

The original goal was to just turn an idea I thought was possible and figure out exactly how to execute it. The current goal is something like improve and iterate, while seeing what the market interest for something like this actually is.

I think most of the value is in the imaging technology, and could easily be offered as a mail-in service. I can also bulk manufacture the extractor PCBs and sell them at a small markup, while open sourcing the rest.

People like Ken Shirriff (who routinely posts here on HN, and collaborates with @CuriousMarc on YouTube) and Eric Schlaepfer (aka @TubeTime, published Open Circuits: The Inner Beauty of Electronic Components) would probably have some unique insights for this endeavor.

I'm wondering if a 'bed of nails' approach could be used to eliminate the mechanical difficulty of the flying probes? Basically a grid of (many thousands) probes at some resolution, connecting to essentially the same switch matrix backend you already have.

In particular something like [1] might just have enough resolution. The 'probes' now are just pads on the sensing PCB. This converts it from a mechanical problem to a crazy high density PCB layout problem, which sounds like it'd be up your alley!

Heat cure for the anisotropic layer is annoying, and might make it a single-use solution (but that's not bad if you're selling the boards!)

Another 'just dumb enough to work' concept would be to take the board scans, and print a custom PCB of the same pad layout mirrored, and you can directly mount the two boards face-to-face. Basically a board level breakout, either to make the wire soldering easier, or better, again directly incorporate the netlisting hardware.

[1] https://www.3m.com/3M/en_US/p/d/b5005076018/

This approach doesn't scale.

Modern portable devices often have BGA packages with 0.5mm spacing. At this resolution, a relatively small 5x5 cm board would require at least 100x100 = 10k probes per side. Count increases quadratically with board size.

Far easier is a "flying probe" machine [1] with a handful of probes that can be moved quickly. This option is mentioned in the article, but dismissed due to up-front cost.

[1] https://en.wikipedia.org/wiki/Flying_probe

You could multiplex the probe grid along rows and columns like pixels on an LCD screen. Would make the probing take a bit longer but you'd still save time since you don't need to manually hook stuff up.

I like the last one, but how do you connect the boards to each other? Solder balls? Just pressure?

I'd just solder paste and reflow, like a large surface mount device. Challenging to get consistent no doubt, and the alignment would have to be very accurate (or have a few separate boards), but I think doable.

Seems like you could largely automate a workflow for identifying pads in the scan and generating the mirror layout, with simple routing to some kind of standardized interface for the probe lines.

Might be able to find pogo pins that small. That would be my best idea (if they're available).

Had this same idea as I was reading the article. You could really automate a lot of the probing.

Your brute-force approach to finding hidden connections is simple but brilliant. I know a lot of current hobbyist reverse-engineering efforts have to go a lot further, are destructive and involve sanding things off layer-by-layer (resulting in 1:1 reconstructions, rather than just board views), but I'm sure that gets harder and harder the more PCB layers are involved, especially with cutting-edge consumer tech.

This is amazing (particular the hand soldering - I love the genre of "this is impossible, you'd need to do this thing thousands of times" "so I did the thing thousands of times" persistence) but I wonder, now that homebrew pick-and-place is starting to become a thing, is there any practical way to take advantage of that? I pick-and-place tip that was vaguely like a wire-wrap tool seems almost plausible. Or is this more like bond-wires on chips and needs an order of magnitude more precision?

For this PCB, the smallest targets are about 0.2mm in diameter. In terms of precision robotics, this is very manageable. A robotic soldering iron, or even a laser soldering system, with a wire feeder and cutter could be used to make something like a rudimentary die-bonder, that simply solders the wires to the correct pads.

My background in process engineering made me lean towards a figuring out very manual process that could be automated, instead of figuring out a highly automated process.

I feel like contacting Louis rossman from YouTube for an interview on right to repair etc would be great!

Not OP, but the less I encounter of Lous "I should be allowed to beat my kids" Rossmann, the better I've become.

Rossmann is the RMS of the right to repair movement. A lot of ideas that align with the overall goal but a terrible figurehead because he has a fairly myopic view of right-to-repair scene at this point, coupled with some Yikes opinions outside of it. He has actively held back some RtR folks simply because of his crass comments about women & minorities, but also because he doesn't think the issue extends to some things (like dishwashers, which he's said a few times on stream are "simple shit nobody needs boardview for").

Similarly like RMS, he's made comments (like the one I alluded to before) where he has explained (while very drunk on a live stream) that he has some beliefs that don't... always align well with the status quo in terms of basic human decency.

You’re the first comment I’ve seen that has the same view as me. I don’t know why so many people worship that guy. Same with RMS. Both of those dudes give me the creeps even though I often hold the same or similar views on their areas of specialization.

Someone, long ago, once told me: “There’s always going to be someone on your side that you wish was on the other side.”

I didn’t realize how true that would become until years later.

You know what gives me the "creeps"? People looking for character flaws and projecting them onto the entire person.

There is a guy on "my side" who acts as if people like me are extreme radicals from the "other side" and you sound like you want to ride this slope downhill as hard as possible. At some point you will only focus on the bad things these people have done, after all you're not watching his videos, just hearing it from biased third parties and you no longer care if it has any semblance of truth to it or not.

I do not worship this guy. I don't even watch his videos. I probably don't even remember what he looks like.

A) don’t worship him

B) just know about his right to repair work

C) don’t know anything negative about him, nor has anyone provided any evidence he is a bad person and just attacked his character.

Now you have to defend yourself, from a lower position.

See how those people work? now they are assigned themselves the moral high ground, and you have to justify yourself.

Dont do it. You did nothing wrong, those guys are bullys.

>don’t know why so many people worship that guy. Same with RMS. Both of those dudes give me the creeps

Maybe because we listen those guys for the useful information and we don't think with our reptile brain that "give us the creeps"

Dunno about that but I do know that RMS made a huge contribution to open source and Rossman seems to be doing the same for right to repair.

I’m happy that people are doing good work even if they have shitty opinions or are even shitty humans. I will appreciate what they have done for humanity.

This sounds like Dave Chappelle’s view about Cosby: “he rapes, but he saves”

Nobody is perfect.

If you want to live in a world built by perfect people, you won’t have a house or music or new or movies or companies.

I’m not defending shitty behaviour, I’m not throwing out the baby with the bath water.

Do you really think this is an honest characterization? If Louis Rossman commits a crime you can just send him to prison. The fact that he isn't in prison indicates that you are trying to push this in a specific direction by thinking of the worst possible crime and pretending the situations are remotely similar.

I think it’s very telling that people have not substantiated their claims.

Perhaps there are people/bots who are paid to assassinate his character because of his right to repair work?

You know that falsely accusing somebody of a crime is also a crime right?

On a side note, I've briefly searched for the "I should be allowed to beat my kids" thing and I can see zero evidence he ever said this or defended it.

It's a pretty big smear, so you should substantiate it.

> he has explained (while very drunk on a live stream) that he has some beliefs that don't... always align well with the status quo

This is exactly the kind of people that I want to listen on a live stream. And not boring moralizing status-quo defenders.

>He's made comments where he has explained (while very drunk on a live stream) that he has some beliefs that don't... always align well with the status quo in terms of basic human decency.

Others will definitely have views on topics which aren't always going to agree with your own.

The more you know somebody, the more likely you'll find a difference of opinions that annoys you somewhat. This is highly likely to happen with views on politics or religion.

The average person, however, can live with having differences just fine. Only those with severe mental issues such as narcissism will make it an actual problem, for themselves and others.

If you / somebody is doing the sand and scan or xray/CT method (which you could pay somebody to do rather than buying a CT machine), then you can create a gerber -- then manually clean it up. Then you have a dangling set of nets that are only separated by layers. You can then infer connectivity from the gerbers on layer to layer manually again to create a reduced set of nets by the shape / visual cues of what the vias look like. That would be far easier than soldering wires to every ball on both sides of a board -- and a netlist doesn't automatically generate a schematic for you, you need to still do a chunk of work to actually create the schematic. To be honest, a netlist is not actually all that useful unless your goal is to attempt to create a full schematic out of the board. For reverse engineering efforts, you would likely focus on one chip and just manually follow each trace for the thing you care about and draw up a schematic manually for that. In most cases you would likely spend like 1 day after you got the scans back building up a schematic for the key chips of interest. For anything that is a bit questionable about if a via actually connects or not, then you would just manually ohm that out. Anyway, I guess if you like soldering and are just doing something for fun, then sure do this method. Otherwise, there are way better approaches than this.

This is completely brilliant!

If the painful part is the soldering, and the novel part is the imaging, there is definitely opportunity here. Seems like an opportunity to create a dirt cheap flying probe based off an ender3 3D printer. This is possibly a perfect situation where smart software can make up for the shortcomings of cheap hardware.

Do you have a full time job? Do you have young kids?

I am guessing one of these is a "no", probably the later.

If I am wrong, please tell me the secret

No kids and my job is running/programming SMT production lines, so when the process is stable I get to supervise the machines and read technical documents as training.

Did you take a panorama of the board after desoldering all the components? I'm curious (although not likely to want to dedicate more than minimal time to) if it would be possible minimize/eliminate your innovation #2 by using computer vision.

Or are you maybe aware of other images of depopulated boards?

I didn't take a depopulated panorama because I did all the photography without an automated stage, which is what I'm currently working on. There are some boardscans that are depopulated, with the various layers you can go through here: https://balika011.hu/switch/

I am okay at programming, but slow. I think it's definitely possible, but processing of computer vision is still magic to me.

This seems like a lot of effort to get a net list given other techniques to deduce what pads are connected (e.g. knowing the most connected net is the ground plane, looking up the pinouts for the ICs, looking at the voltages and signals when the board is powered).

That approach will get you 80% of the way there - which for a lot of applications is next to useless.

The problem is that for a lot of chips there aren't any datasheets available. Sure, something like a memory bus is trivial to trace, but how are you going to reason about Unknown Pin #464 coming from Unlabeled IC #4 which seems to randomly have a 500ms pulse on bootup and every few minutes afterwards?

Such a great project, really enjoyed it. I’m a hardware engineer. I really appreciate this

PCB RE services are pretty cheap in China and the far East, and they use a lot of automation to do the work of creating the netlist from the pad locations --- the recognition and probing is automated.

Isn’t crosstalk an issue ? Just wondering

At 20kHz it only takes 3 minutes to run the extraction program. I run it multiple times and at slower frequencies, but the output is stable.

Regarding industrial espionage on PCBs, would you say most are out of China?

I know very little other than it appears the two most popular sources are Zillion x Work, and XinZhiZao, both of which appear to be based out of China.

An intuition that bore fruit, thanks.

I think I got most of the jargon, but what is a “binned location”?

It's just unique spot to hold each part. There are 8 trays with 100 pockets each, so if you wanted to know a specific component's electrical properties, I could look up which tray and pocket it's in and measure it. Or if I get around to measuring all of them, I can push that data into the boardview itself.

So, it means “put it somewhere in a way that you still know which is which”?

Yep!

> If the goal is to just make money, I could sell 6,000 PPI panoramas of women's feet as NFT's. Note: Do not contact me about this.

Lmao.