Overview of the ic74ls138 chip
The ic74ls138 is a 3-line to 8-line decoder/demultiplexer IC chip used in digital logic circuitry. It takes a 3-bit binary input code and decodes it into 1 of 8 active low output lines.
Some key features of the ic74ls138:
- 16-pin DIP package
- 3-to-8 line decoding/demultiplexing
- Active low outputs
- Output enable pin for tri-state control
- Wide operating voltage range of 3-15V
- High speed CMOS technology
The ic74ls138 contains advanced high-speed CMOS technology for fast switching speeds. It’s commonly used in address decoding, data routing, and memory addressing applications.
ic74ls138 Pinout Diagram
Here is the pinout diagram for the 16-pin DIP ic74ls138:
Pin | Symbol | Function |
---|---|---|
1 | G2A | Input 2 |
2 | G2B | Input 2 |
3 | G1 | Input 1 |
4 | A0 | Input 0 |
5 | Y0 | Output 0 |
6 | Y1 | Output 1 |
7 | Y2 | Output 2 |
8 | Y3 | Output 3 |
9 | Y4 | Output 4 |
10 | Y5 | Output 5 |
11 | Y6 | Output 6 |
12 | Y7 | Output 7 |
13 | GND | Ground |
14 | /E | Output Enable |
15 | A1 | Input 0 |
16 | VCC | Positive Supply |
How the ic74ls138 Works
The operation of the ic74ls138 decoder relies on a 3-to-8 line binary decoding function. Let’s examine the internal logic:
- Inputs A0, A1, G1, G2A, and G2B encode the 3-bit binary input code.
- With the output enable (/E) pin low, one of the 8 output lines (Y0-Y7) will be activated based on the input code.
- An active low output means the output pin will be low (0V) when selected. The non-selected outputs remain high (5V).
- For example, if the input code is 110, then output Y6 will be low while the other outputs stay high.
The truth table shows the ic74ls138 input/output logic:
G2A | G2B | G1 | A0 | A1 | Selected Output |
---|---|---|---|---|---|
0 | 0 | 0 | 0 | 0 | Y0 |
0 | 0 | 0 | 0 | 1 | Y1 |
0 | 0 | 0 | 1 | 0 | Y2 |
0 | 0 | 0 | 1 | 1 | Y3 |
0 | 0 | 1 | 0 | 0 | Y4 |
0 | 0 | 1 | 0 | 1 | Y5 |
0 | 0 | 1 | 1 | 0 | Y6 |
0 | 0 | 1 | 1 | 1 | Y7 |
So in summary, the 3-bit input code maps to 1-of-8 output lines being activated based on the above truth table logic.
Tools and Equipement Needed
Here are the basic tools and equipment needed to crack open and hack the ic74ls138 chip:
- IC extractor tool – A simple and cheap plastic tool to pry open the IC package without damaging the silicon die inside.
- Tweezers – Required to handle the tiny IC chip and bond wires once decapped. Precision tipped tweezers recommended.
- Microscope – An inspection microscope with magnification of 50X to 200X is ideal to view the chip in detail.
- Multimeter – Used to measure pin voltages and trace signals on the chip. Needle probes are helpful.
- Oscilloscope – Oscilloscope with 20-100 MHz bandwidth will capture digital waveforms and signals.
- IC Tester – A logic IC tester can stimulate the inputs and read output states. Helpful for analysis.
- Soldering iron – Used if modifications or taps to bond wires are needed. Fine tip 30W iron suggested.
- Chemicals – Concentrated nitric acid effectively decaps ICs. Acetone can also be used. Proper safety equipment is required.
Decapsulating the Chip
Decapsulation involves opening the plastic IC package to expose the internal silicon die and connections. Here are the basic steps:
- First inspect the chip packaging. The ic74ls138 will be in a 16-pin DIP (dual inline) package.
- Use the IC extractor tool to carefully pry off the top of the package from the pins. Insert the tool at the top edge and twist gently.
- Once the top plastic is removed, you’ll see the internal silicon die attached via thin gold bond wires.
- Next you’ll need to use a chemical decapsulant to etch away the epoxy resin coating on top of the die. Concentrated nitric acid works best. Apply a few drops on top and let it soak in for a few minutes.
- Check progress and continue etching until the epoxy resin is removed. Acetone can also assist if needed. Rinse with isopropyl alcohol when done.
- At this point the silicon die and connections are exposed! You can inspect it under the microscope and start hacking experiments.
IC Decapsulation Safety Tips
- Use proper protective equipment when handling acids and chemicals – goggles, gloves, mask, etc. Work in a fume hood.
- Nitric acid is very dangerous. Handle with extreme care as it can burn skin instantly.
- Neutralize and properly dispose of used acids. Never pour them down drains.
- Isopropyl alcohol can help neutralize acid residue. But rinse thoroughly with water when done.
Hacking the Decapped Chip
Once the IC package has been removed, here are some examples of how to hack, modify, and reverse engineer the decapped ic74ls138 chip:
Accessing internal test points
- Use a microscope to visually inspect the tiny traces and test points across the silicon die surface.
- Probe interesting test points using a multimeter or oscilloscope to monitor inputs and outputs.
Modifying connections
- Use a thin enameled wire or probe tip to make new connections between traces.
- Apply tiny solder dots to tap into traces or die bonding pads.
- Change input logic by shorting traces to Vcc or Gnd.
Extracting the ROM code
- For chips with a ROM or programmable logic, you can directly read out the contents.
- Use a chip programmer to dump the ROM or flash memory code. Or probe addresses with a multimeter.
- Analyze the ROM code in a hex editor to understand the program. Look for vulnerabilities or backdoors.
Reversing the logic gates
- Study the layout of transistors and logic gates across the silicon die.
- Probe inputs and outputs of each gate to map the overall circuit.
- Reverse engineer the logic functions simulated by the transistor layout.
Implanting a hardware trojan
- Use FIB milling or laser cutting to modify traces on the silicon surface.
- Attach a thin wire to add connections to hidden trigger points.
- Implant a tiny receiver chip to activate a kill switch when signaled.
Cloning the chip
- Use high resolution imaging to photograph the die layout.
- Send the decap photos to a silicon foundry to produce clone ICs.
- Or use an electron microscope and CAD software to recreate the logic gates virtually.
These are just a few examples of how an attacker may physically hack a decapped IC. Always exercise caution and ethics when hacking hardware.
Frequently Asked Questions
Is decapsulating ICs illegal?
No, decapsulating chips is legal for security research and educational purposes. However, it’s illegal to reverse engineer ICs to steal copyrighted schematics or clone proprietary designs.
How small are IC components under a microscope?
An IC die can contain transistors and logic gates smaller than 1 micron (1 millionth of a meter). Bond wires are ~25 microns thick. Fine probes and high magnification is required.
What can I learn from decapping old ICs?
Decapping provides great insight into how chips work at the silicon level. Studying old ICs teaches you fundamentals of logic gates, chip design, and manufacturing.
Is concentrated nitric acid safe to handle?
No, nitric acid is extremely hazardous and corrosive. Proper protective equipment is absolutely required, as well as working in a ventilated lab or fume hood. Treat it with extreme caution.
Can decapped ICs be re-assembled and still function?
Yes, with care you can reattach the loose bond wires and replace the IC package lid with epoxy. This allows you to study a modified decapped chip in action.
How are hardware trojans implanted into ICs?
Malicious trojans are rarely implanted in modern ICs during manufacturing. But an attacker could physically modify a decapped chip to insert a trojan. Strict testing protocols also help detect trojans.
Conclusion
Decapping and hacking an IC like the 74ls138 provides unique hands-on experience into how chips work at the silicon level. While basic hacking can be done with simple tools, advanced techniques require a professional lab setup. Always keep safety and ethics in mind when hacking hardware. Reverse engineering skills are also useful for debugging, testing, and improving chip designs.