A reverse engineering attack on a chip includes the following main stages:
First, the chip is prepared by removing one or more layers of the chip, in order to expose the layout(s) of the circuit(s) in the chip. The circuit(s) may include components that are laid out in the active layer(s) of the chip and connections between the components that are laid out in the interconnect layer(s) of the chip.
For example, one or more protection layers of the chip may be removed. Protection layer(s) provide protection against scratching, moisture, and/or contamination, etc. Typically although not necessarily, the protection layer(s) are above the active layer(s), e.g. directly above the interconnect layer(s) of the chip. The protection layer(s), e.g. passivation layer(s), are composed of material(s) such as silicon, silicon nitride, silicon dioxide, aluminum oxide, etc., which provide protection against scratching, moisture, contamination, etc.
Second, schematic(s) and/or netlist(s) are prepared based on the geometry/ies of layout(s) of the circuit(s) in the chip. Third, the schematic(s) and/or netlist(s) are used to determine the function of each of the circuits.