Reverse Engineering CPLD Controller
Reverse Engineering CPLD Controller can use brute force to a hardware design implemented into a CPLD. In this case the attacker tries to apply all possible logic combinations to the input of the device while observing all its outputs.
That kind of CPLD microcontroller reverse engineering could be also called black-box analysis because the CPLD attacker does not have to know anything about the design of the device under test. He only tries to understand the function of the device by trying all possible combinations of signals. This approach works well only for relatively small logic devices.
Another problem the CPLD microcontroller reverse engineering will face is that designs implemented in CPLDs have flip-flops, so the output will probably be function of both the previous state and the input. But the search space can be significantly reduced if the signals are observed and analysed beforehand. For example, clock inputs, data buses and some control signals could be easily identified, significantly reducing the area of search.
In Lattice CPLD chip reverse engineering case, security fuses are physically located on the chip die. This could mean a separate memory cell located next to the main memory array, or even far from it. For example, the security is not very high as the fuses can be easily found and disabled by one or another method.
Meantime, some methods require very expensive equipment and even if the CPLD controller attacker knows where the fuse is, he will not be able to reset it until he gets access to such equipment and learns how to use it which will cause the deterioration of microcontroller reverse engineering success rate;