OSE Reverse Engineering Protocol

Notes

How to reverse engineer anything.

Using Baidu (China's Google) and knowing some chinese gets you to design schematics online, from China with love.

Reverse Engineering Lab

• Reverse Engineering Lab Construction Set

Essentially Though:

External Structure / Large Component Measurements

• • 3D Scanner (Large Handheld Type) (Also Photogrammetry )
    • And/or Calipers + Tape Measure + Level / Protractor / Rotation Dial / Angle Dial
  • CAD

Internal Structures / Small Components Measurements

• Typical Tools for Disassembly (Stuff For Fasteners, Stuff For Removing "Permanent" / Tamper Evident Seals (Re: iFixit 's toolkits)
• Overhead Camera / Tripod , or even a separate person acting as the Videographer to capture what all went into taking it apart (To make re-assembly etc easier)
  • Taking photos before each step can work to an extent, but can leave gaps in the knowledge
• Labeled Parts Bins/Containers
• Calipers and/or scAnt / Smartphone Photo Studio for #3DBenchy and tiny stuff / similar Small Part Turntable Style 3D Scanners

Material Analysis

• In Order of Increasing Cost/Complexity:
• A Well Trained Person + Simple Tools Like a XACTO Knife etc
  • RE: BOLTRs by AVE
• Optical Microscope (Etchants/Laser Engravers can be used to Delid IC Packages if they are unlabeled to learn more
• Universal Testing Machine
• Plastic Scanner
• OpenRaman
• XRF Gun
• Industrial CT Scanner
• Electron Microscope / Atomic Force Microscope

Methodology

If The Hardware in Question is on Hand

• An important thing to note is if/to what degree the investigation will be "destructive"
  • A Mass Produced Robotic Actuator could be dissected in a more rough and destructive manner than some mechanical artifact in a Museum! (For some odd things that are so old only a few still exist / Flops Cultural and Historical Value should be considered and preserved as well
• After all that is planned out:
• One starts from the least invasive and most towards the "outside" as possible
• So taking dimensions with the Tape Measure/Calipers, Taking Pictures, and using a Handheld 3D Scanner if Applicable are done
  • Think of it almost like an Archeological Dig / CSI Scene in this phase
• Next the disassembling begins
• First remove all fasteners that can be removed
  • Take note as to if / what type of Threadlocker etc is used
  • Another thing to note is any Grease / Lubricant / Water Displacement Fluid used, potentially take samples along the way for Chemical Mixture Reverse Engineering
• Once this is done one can move on to "popping tabs" and Bypassing Tamper Evident Seals / Preforming Cuts if need be
• If another "layer" is encountered, one should return to the first step of measuring + photographing
• It would preferably be done throughout the whole process, but especially as that first step is done less and less, and the periods of "disassembling" grow longer one should document the process by something like an Overhead Camera , A Helmet Camera or POV Video / VR180 etc
• As parts are taken out they should be put into separate LABELED containers to allow for later re-assembly etc (unless a very destructive approach is taken/only certain parts are of interest (a certain gear system or a chipset found inside the guts and unlabeled)
• The lowest level at this "phase" that one will stop on will be PCBs
• These get sent to another phase/station that is very similar to Microelectronics Repair in composition/expertise
• There they can use their Inspection Microscopes etc to view and document the PCB Schematics (if none are available)
• If there are any unknown components these can be Desoldered and sent off to the final "phase" for processing
• The "Final Phase" Consists of Determining What Specific IC's, Materials, And Chemical Solutions/Mixtures were used
  • For instance Dyson Cinetic 's Cyclone Depends on the Elastomer at the tip of the nozzle being the proper Shure Hardness to allow it to ossilate and self-declog or the whole system clogs up. This is not published, but if you get an old used unit, and a Durometer you can be good to go!
  • Another thing could be determining what type of plastic, or what alloy of metal was used for a structual member
  • Finally, even at the PCB level some companies will attempt to hide what they are doing/what they used. IC Packages can be De-Lidded and investigated with various microscopes to determine what they are, and thus better fill in the schematic

Links

• Seminal work from Bunnie Huang on reverse engineering of hardware - [1]

• Bunnie's video - https://www.youtube.com/watch?v=msrTR3hNDQM#t=161

• Software reverse engineering - [2]