forked from epfl-vlsc/bitfiltrator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCITATION.cff
82 lines (73 loc) · 2.58 KB
/
CITATION.cff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# This CITATION.cff file was generated with cffinit.
# Visit https://bit.ly/cffinit to generate yours today!
cff-version: 1.2.0
title: >-
Bitfiltrator: A general approach for
reverse-engineering Xilinx bitstream formats
message: >-
If you use this software, please cite it using the
metadata from this file.
type: software
authors:
- given-names: Sahand
email: [email protected]
affiliation: EPFL
family-names: Kashani
- given-names: Mahyar
family-names: Emami
email: [email protected]
affiliation: EPFL
- given-names: James
name-particle: R.
family-names: Larus
email: [email protected]
affiliation: EPFL
repository-code: 'https://github.com/epfl-vlsc/bitfiltrator'
abstract: >-
As the usage of FPGAs spreads, engineers will
inevitably employ them in ways unforeseen—or
unwanted—by their manufacturers.
Xilinx’s toolchains offer multiple points for
customizing the FPGA compilation flow, but all
flows must end with Vivado as it is the only tool
capable of generating the bitstream to program an
FPGA.
Xilinx does not document its bitstream format, so
users who wish to bypass Vivado and modify a
bitstream directly must reverse-engineer it to
discover the location and format of cells.
Prior work has reverse-engineered parts of the
bitstream format for security or
debugging/instrumentation activities, but no paper
has explained how to do this reverse engineering
systematically! Code from prior efforts (when
available) is hard- coded to reverse engineer a
specific device and is difficult or impossible to
use for another one.
These efforts—focused on applications instead of
reverse-engineering—compel engineers who need to
modify a bitstream to rediscover unwritten
practice.
Our work bridges this gap by explaining: (1) the
various parameters needed to navigate a bitstream
correctly, (2) the experiments to obtain them, and
(3) the many pitfalls and erroneous assumptions to
avoid while undertaking this endeavor.
We demonstrate our technique by using it to extract
the bitstream format of initial LUT equations,
LUTRAM contents, BRAM contents, and register values
in Xilinx UltraScale and UltraScale+ FPGAs.
Our methods are implemented in an open-source tool,
Bitfiltrator [1], that can extract device layouts
and architecture- specific bitstream formats for
these cells automatically and without physical
access to an FPGA.
keywords:
- Xilinx
- Bitstream
- Reverse Engineering
- UltraScale
- UltraScale+
license: MIT
version: '1.0'
date-released: '2022-08-30'