This is the user sandbox of SCILee. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here. Other sandboxes: Main sandbox | Template sandbox Finished writing a draft article? Are you ready to request review of it by an experienced editor for possible inclusion in Wikipedia? Submit your draft for review!

Circuit Board Reverse Engineering (RE, sometimes called “cloning”) is the process of using a physical circuit board to generate fabrication and design data that matches the board, either exactly or in close approximation. The end goal for obtaining circuit board design data is not necessarily malicious or aimed at IP theft - rather, the data generated in the reverse engineering (RE) process can be used for troubleshooting, repair, redesign and re-manufacturing, or even testing the security of a device to be used in a secure environment. It is not uncommon for companies to reverse engineer a circuit board when they have acquired a new product line, or if the design data has been lost for some reason or, if over the course of time, the original data becomes degraded or damaged. Additionally, circuit boards may need to be reverse engineered so that the board can be updated with modernized components or to fit in a new form factor.^[1]

The RE process can also be used to provide important benchmark information - for example the process reveals whether or not a PCB fabricator has exactly matched the design specifications of the board and can also be used to inspect for counterfeit or malicious circuits embedded within the board.

The reverse engineering process does not always have to be based on a physical assembly. Before the digital age of data processing and storage, CCA designers created and stored the designs on Mylar/BoPET drafting films, which were used in the photo-resistive fabrication process for circuit boards. These films were often times the only copy of the design data for the board, and while their primary use was in the manufacturing of PCBs, they also doubled as their own storage media. Ultimately these films can disintegrate with time and use or the company will be forced to digitize the films in order to preserve them and utilize modern digital manufacturing delivery formats such as Gerber 274X, IPC-2581, or ODB++.^[1] In some cases the original design films or digital manufacturing data can be lost or permanently damaged. This can lead to diminishing stores of replacement parts, or DMS/DMSMS. When this occurs, a company may not be able to properly support an existing product. Depending on that product's application, the inability to support a legacy product line with replacement parts can leave customers unable to use the system or tool they purchased, ie: Air Traffic Control Systems, Medical Imaging Systems, Power Plant Control Systems,

In 2005, an electric utility company in California, USA, had to shut down a large generating unit at a time when there was very little additional capacity on the grid - a critical time for an unscheduled outage. This was due to the failure of a single $500 controller circuit board. The company, after looking through their inventory, realized that they had used the last of the replacement controllers, and were unable to get back up and running without it. Ultimately this company was able to reverse engineer the existing CCA and to produce enough replacement parts that they were able to continue supplying the area with power, but not without a very expensive outage. Reverse engineering the circuit card to exact form, fit and function allowed them to continue to serve the area with power, without having to go through a lengthy redesign and re-certification process for the board and related systems.

In many applications, technology is often called upon to perform well beyond its originally intended life cycle. In some cases a single damaged $10 component can completely disable the communications in a multi-million dollar communications tower at an airport. If the tower has been in service for many years, the original design data for the circuits and parts may not be available, and in the case of a one off design almost certainly won't be. Simply replacing entire communication systems is not a viable option, so the company must be able to repair the tower with parts that are a direct replacement. If they do not have the design data for those replacement parts they must either design something from scratch, or reverse engineer an existing part.

Currently, there are companies researching the ability to reverse engineer circuit boards combined with additive manufacturing techniques, to immediately repair or reprint a circuit board - useful in situations where resources are limited like on a ship, submarine or in space.^[2] This process would allow a crew to maintain their equipment without the need for traditional PCB fabrication shops, or being required to bring all of the spare parts they will ever need.

One of the most common and proven methods of reverse engineering a circuit board is to mill through and capture images of all layers of the board by physically removing layers of the board. While it is possible to use nearly any camera or image source for this method, high-end systems utilize calibrated image sources that allow for extremely accurate reproduction of the design data for the board. There are dedicated PCB reverse engineering systems in existence that are able to capture images with a .2 mil (5 micron) pixel size and 1 mil (25 micron) dimensional accuracy^[3] and provide robust tool sets for the creation of complete production and design data for remanufacture, analysis, design-check, and repair.

When done properly the destructive RE method provides the most accurate, high quality design data since it refers directly to the PCB itself.^[3] This allows an engineer to match the exact form, fit and function of the original board. For highly regulated industries such as Aerospace, Medical, Automotive and Defense, this can vastly reduce the time required to fabricate replacement parts since the new data matches the original design exactly, and does not need to undergo re-certification and thorough systems testing that would be required for a new or even slightly revised circuit board. The drawback to this method is that a CCA is consumed or destroyed during the reverse engineering process. If the data being produced comes from the last remaining circuit card in existence, the resulting data cannot be compared to the original sample if the destructive RE method is used since there will be little or no circuit board remaining at the end of the RE process. Additionally, extreme care must be taken during the milling process to avoid damaging the resulting copper. If areas of copper are removed before they are imaged, it represents a permanent loss of data, which can only be rectified by additional documentation or by reverse engineering a second, identical board.

There is a growing desire and need for non-destructive reverse engineering technology. Non-destructive PCB RE refers to the fact that the circuit board itself is not destroyed in the process - however, some non-destructive techniques require that the components are removed from the surface of the board. The primary difference in DRE and NDRE methods are in the way that images for the board are captured before new data is generated - in some cases optical images of the top and bottom of the board are captured, then merged with X-Ray images of the boards internal layers. Once all images of all of the layers of the board have been captured the process of generating digital manufacturing data remains fairly similar to the destructive process.

In recent years, X-Ray computed tomography-based imaging processes have advanced to the point that they are able to capture images of the circuit board well enough to isolate individual layers and the features on each of these layers. For simpler boards, X-Ray or CT Scans can provide high enough resolution images to reverse engineer a board without requiring destructive milling or de-layering. Generally, a high resolution CT scanning machine will capture images of the board in 2-D slices, varying the angle and intensity.^[4] The resulting image captures of the board are computationally assembled into a 3-D volumetric model, and images of each layer can be then extracted. Additional research is underway presently to improve the procedure of CT scanning, volumetric data reconstruction, and circuit layer extraction. In principle this process seems fairly simple, however certain issues such as the non-planarity of circuit layers and X-Ray artifacting greatly complicate the extraction of usable circuit images.^[5] Work is underway to improve this technology.^[6]

That being said, X-Ray/CT Scanning suffers many drawbacks, including resolution (which is not able to reach even half that of some off-the-shelf consumer grade optical scanners), the equipment is very expensive to purchase and operate, and the images can be distorted by beam hardening and other X-Ray artifacts. Additionally, some IC chips can be damaged by exposure to powerful X-Rays so the board must still be depopulated before being subjected to the X-Rays^[4].

Another drawback is the time involved in creating the images used to generate circuit board design data. In one study, a Versa 510 X-Ray machine was used to image a 6 layer board, measuring about 5" x 8" - the imaging and processing of the cloud data took over 18 hours to complete. By comparison, destructive reverse engineering can produce very high resolution, calibrated optical images of the same 6 layer board in under 2 hours at very low cost by a skilled operator.^[4]

If the desired outcome of the reverse engineering process is only to troubleshoot, repair or support an existing product with no need to produce new boards, a Flying Probe Test Machine (FPT machine) can be used. Minimal data is required to begin the FPT process. The FPT requires enough data to be able to place electrical probes on both sides of the board. Unlike destructive methods of reverse engineering, the PCB can generally be reused after this process. The only output from this process is a list of connections between surface pads on the card, also known as a netlist. The downside to this method is that it the netlist, the list of connections between the components, is entirely dependant on the electrical connectivity of the PCB. If a PCB becomes damaged or delaminated over the course of its lifecycle, it is possible that either via barrels or the copper traces become broken, and an FPT operator may not know. The resulting netlist will reflect the breaks in the track, and should not be used to produce a schematic or additional boards.^[1] Additionally, the netlist is a fairly narrow data format that only provides insight into whether points are connected or not. There is no information about the internal geometries of the board which become crucial to proper functionality of higher technology circuits. Without this internal graphic information representing the exact form, fit and function, it is impossible to create another functioning card without extensive analysis, redesign, and recertification. Hence this process is generally reserved for the creation of a schematics for troubleshooting and repair purposes only.

Whether the board is reverse engineered using a destructive or non-destructive method, the end result is that a netlist is obtained. While the netlist itself cannot be used to create an identical replacement, it can be used to generate supporting data for the board like a schematic. Whereas a netlist is a simple ASCII-based text file that simply lists all of the connections of the board, a PCB Schematic relays the same information in a more visual manner. In addition, a schematic can be merged with the Bill of Material (BOM) component data to further enhance its usability in troubleshooting scenarios, or can be used as a base for the design of a brand new PCB. If a destructive RE process has been used or images for all PCB layers have been captured using X-Ray imaging, the resulting data should include not only a netlist, BOM, and/or Schematic, but also a complete graphical layout of the copper layers of the board.^[7] This data can be represented in a huge number of different formats, but the most basic and most common format is Gerber RS274x. The final data package that can be created in the reverse engineering process can include most or all of the following:

• All Circuit layers, in a calibrated, accurately sized layout (Gerber RS274x, IPC-2581 or ODB++)
• Soldermask and solderpaste/stencil cut files (Gerber RS274x)
• Drill files (Excellon II/ASCII and/or Gerber RS274x)
  • Plated and NonPlated Through-holes
  • Per-layer Blind/Buried Drills
• Component Centroid data (ASCII) and pinouts
• Component Netlist (ASCII)
• BOM (Spreadsheet or Text)
• Schematics (PDF, Cadence Allegro, OrCAD, Altium, PADS, and many other proprietary formats available)

This data can then sent directly to a PCB manufacturer or be used for creation of supporting documents. Additionally, for FDM applications currently being researched, this data can be used to immediately produce an identical board to the one used to generate the fabrication data.