Introduction to 74ls 138
The 74ls 138 is a 3 to 8 line decoder IC that converts a 3-bit binary number into an associated output. It has 8 output pins that are activated based on the binary input. The 74ls 138 is commonly used in digital logic circuits to decode addresses and enable chip or memory selection. Some key features of 74ls 138:
- 3 to 8 line decoding
- Active low enable input
- High current totem pole outputs
- Wide operating voltage range of 2V to 6V
- High speed CMOS technology
To crack or hack the 74ls 138, we need to understand how it works internally and exploit any weaknesses in the logic or output stages. Some common methods of cracking 74ls 138 are brute force pin guessing, voltage manipulation, clock glitching, optical fault injection etc. This article provides a detailed step-by-step guide on how to crack 74ls 138 using such techniques.
Brute Force Pin Guessing Attack
One straightforward way to hack 74ls 138 is to guess the function of each pin by applying different input combinations and observing the output.
Required Equipment
- 74ls 138 IC
- Breadboard
- Power supply (5V)
- Oscilloscope
- Jumper wires
Pinout
First, let’s look at the pinout diagram of 74ls 138:
Pin Number | Pin Name | Description |
---|---|---|
1 | G2A | Input B bit |
2 | G2B | Input C bit |
3 | G1 | Input A bit |
4 | G1 | Enable input (active low) |
5 | A0 | Output 0 |
6 | A1 | Output 1 |
7 | A2 | Output 2 |
8 | A3 | Output 3 |
9 | A4 | Output 4 |
10 | A5 | Output 5 |
11 | A6 | Output 6 |
12 | A7 | Output 7 |
13 | GND | Ground |
14 | Vcc | Positive supply |
Brute Force Procedure
Follow these steps to brute force the pinout:
- Connect Vcc (pin 14) and GND (pin 13) to power supply. This powers up the IC.
- Connect all outputs A0-A7 (pins 5-12) to oscilloscope channels to monitor.
- Start applying all combinations of inputs to pins 1-4:
- Try 0 and 1 for each input pin one by one
- Vary combinations of dual input pins
- Finally try all combinations of pins 1-3 for binary counting from 000 to 111
- Observe the output on oscilloscope for each input change.
- Map the input combinations to activated outputs to determine pin functions.
- The pinout should become clear after trying all possible input permutations.
Through brute force, we can thus reverse engineer the complete pin functions. This attack helps to crack circuits using 74ls 138 where pinouts are unknown.
Voltage Manipulation
The 74ls 138 consists of input buffers and 3 to 8 line decoder logic. By manipulating the supply voltage, we can disrupt the internal logic states and create faulty outputs.
Required Equipment
- 74ls 138 IC
- Breadboard
- Variable DC power supply
- Jumper wires
- Multimeter
Procedure
- Connect 74ls 138 on breadboard and power it up with 5V supply.
- Connect digital input pins 1-3 to a known valid combination e.g. 110.
- Monitor the corresponding output pin (pin 10) with multimeter. It should read close to 5V.
- Now slowly reduce the supply voltage from 5V to 3V and note the output voltage.
- At around 3.5V, the output may start showing anomalous behavior like reduced voltage.
- Further reducing the voltage causes more instability. Eventually the output gets stuck at certain logic level.
- The supply voltage at which the decoder malfunctions can provide clues about its internal circuit margins.
- Testing with different input combinations can map the full range of supply voltages for flawless operation.
Through voltage manipulation, we can thus fingerprint the IC’s voltage margins and internal logic to aid in hacking efforts. This attack helps to crack circuits using 74ls 138 by inducing faults through voltage tampering.
Optical Fault Injection
Optical fault injection uses light to induce errors in ICs by disrupting the internal silicon. This can be used to attack 74ls 138 as well.
Required Equipment
- 74ls 138 IC
- Breadboard
- Power supply (5V)
- Laser pointer
- Oscilloscope
- Jumper wires
Procedure
- Connect 74ls 138 on breadboard and power it up with 5V supply.
- Connect digital inputs 1-3 to valid combination 000 and monitor output A0 (pin 5) on oscilloscope.
- Shine laser pointer on top of the 74ls 138 chip, slowly moving it across the surface.
- When laser illuminates sensitive internal areas, the output A0 will show glitches and unexpected switching.
- Note the laser spot positions that cause the most disruption.
- Repeat for other input combinations and outputs to map sensitive areas.
- The sensitive spots correspond to critical logic paths that can be targeted for fault attacks.
Through optical injection, we can thus identify fragile internal logic paths within 74ls 138 that can be exploited to induce errors during normal operation. This helps to implement fault injection attacks to crack secured systems using this IC.
Clock Glitching
Clock glitching involves disrupting the clock signal feeding digital ICs to create setup/hold time violations and errors. We can use this to attack 74ls 138 as well.
Required Equipment
- 74ls 138 IC
- Breadboard
- Function generator
- Oscilloscope
- Jumper wires
Procedure
- Connect 74ls 138 to breadboard and power it up with 5V supply.
- Use function generator to provide 10 MHz clock signal to 74ls 138 enable pin (pin 4).
- Provide valid digital inputs to pins 1-3 and monitor an output pin on oscilloscope.
- Alter the clock signal from function generator to induce glitches and noise during specific clock edges.
- When glitch coincides with internal data propagation, erroneous output will be seen.
- Vary glitch timing relative to clock to identify sensitive regions to cause maximum disruption.
- Combine glitching with valid input transitions to map fault conditions.
Through deliberate clock glitching, we can thus identify timing sensitive zones within 74ls 138. Induced errors can be leveraged to implement fault injection attacks and crash/control target systems.
Summary
Here are some key points on how to crack 74ls 138:
- Brute force input pin combinations to find pinout and logic behavior
- Manipulate supply voltage to induce errors and faults
- Use optical injection to identify fragile internal circuit nodes
- Glitch the clock signal to cause timing violations and disrupt operation
These techniques can help hackers reverse engineer and hack real world systems employing 74ls 138 and similar logic ICs. The methods can be combined to maximize effectiveness and fully compromise security. With some customization, the attacks can be applied to other logic ICs as well based on their internal construction.
FAQ
Is brute forcing the only way to find 74ls 138 pinouts?
No, the pinout can also be determined by tracing PCB connections or identifying part numbers silkscreened on the IC body. But brute forcing is a reliable approach when these physical indicators are unavailable.
How does supply voltage manipulation cause errors?
Lowering supply voltage reduces noise margins in logic gates. At some point, noise can overpower the signal and flip logic states, causing faulty operation.
Which optical fault injection techniques are most effective?
Methods like laser scanning and UV LEDs are common. Lasers allow precise targeting while UV LEDs have wider fault coverage.
What clock glitching tools can be used apart from function generators?
Dedicated clock glitching hardware like ChipWhisperer and microcontrollers like Arduino can be used to generate precise clock glitches.
Can these attacks destroy or permanently damage 74ls 138 IC?
High voltage/current can damage pins and ESD can destroy IC. Otherwise these non-invasive attacks only induce temporary faults without permanent damage.