Fun hardware discovery of the day: so Atmel has their ATF15xx CPLD family, and this chip is compatible enough with Altera's MAX 7000 series to the point where Atmel has a tool, POF2JED, that can convert Altera bitstreams without recompiling.
I always assumed that this came about via some kind of licensing or second-sourcing agreement, but then I decided to actually take a look at the strings in the POF2JED binary.
It turns out that the POF2JED binary has some secret debugging capability (that cannot be turned on by default) that dumps Altera POF files into a human-readable form.
However, this human-readable information includes comments that very much look like somebody's reverse engineering notes (e.g. "4th bit: JTAG, 5th bit: ?, 6th bit: ?").
So it would appear that Atmel actually reverse-engineered Altera's CPLD and then engineered their own product with a different architecture with a superset of functionality (e.g. there are more macrocell functions and interconnect lines)
If you want to play with this, you can patch the POF2JED executable as follows:
at 0x20d84 change 95 b3 00 to 00 22 01
at 0x32f88 change zeros to 68 ad 2f 43 00 68 a4 2f 43 00 e8 86 91 ff ff 83 c4 08 a3 54 1d 44 00 e9 79 91 ff ff 64 75 6d 70 2e 74 78 74 00 77 00
at 0x20d84 change 95 b3 00 to 00 22 01
at 0x32f88 change zeros to 68 ad 2f 43 00 68 a4 2f 43 00 e8 86 91 ff ff 83 c4 08 a3 54 1d 44 00 e9 79 91 ff ff 64 75 6d 70 2e 74 78 74 00 77 00
The output will be written to dump.txt in the current working directory. The unmodified file should have a SHA256 hash of 513c2e20e04ff826e7efc480d75e0aa4f988375460e0a0901e397a9ab856e5ca
and the patched file should have a hash of b636a8797f94937d9c1d3fd13540bc10f1fd5064e511d29c46e564f1891d6959
cc @whitequark
• • •
Missing some Tweet in this thread? You can try to
force a refresh
