bitstream secrecy

Sébastien Bourdeauducq sebastien.bourdeauducq at lekernel.net
Tue Sep 7 18:54:04 EDT 2010


Forgot to say that:
* the Xilinx toolchain accepts EDIF: so it can be interfaced with an open 
source synthesis front-end
* the Xilinx toolchain can convert between the proprietary/binary NCD format 
and the human readable XDL format.
* The NCD format (used by most of the Xilinx tools) is basically a bitstream 
in a different format and with additional information (net names, unrouted 
nets, etc.) that is stripped down before downloading to a FPGA chip. It can be 
edited at chip level using a tool called "FPGA Editor", and can be converted 
into bitstream format. So a 3rd party P&R tool can be made to put out XDL for 
debugging both with the real chip and by examining the result in FPGA Editor - 
without any reverse engineering of the bitstream format proper, just by using 
the XDL format and appropriate XDL->NCD and NCD->BIT conversion programs.

By the way: NCD stands for "NeoCAD Circuit Description". At one point, one 
startup company, NeoCAD, was developing alternative P&R and timing tools for 
Xilinx devices (via reverse engineering it seems). After somewhat conflicting 
relations with Xilinx, they eventually got bought out by Xilinx 
(http://findarticles.com/p/articles/mi_m0EKF/is_n2059_v41/ai_16836512/) who 
"blessed" the NeoCAD suite as their default toolchain. Interestingly enough, 
the Lattice tools are also "rebranded" NeoCAD tools, but I do not know the 
story behind this.

If you used the Xilinx tools in command line (even in 2010), you can clearly 
see the NeoCAD legacy in the very program output:
http://www.slac.stanford.edu/BFROOT/www/Detector/Trigger/ift/Interface/FC/FC_LBL/fc_code/orca/neocad.dir.v.1.1/5_1.par

So you see, reverse engineering is possible ;)

Another interesting paper on the bitstream format:
http://www.cl.cam.ac.uk/~sd410/papers/fpga_security.pdf

S.




More information about the discussion mailing list


interactive