The ware for this month is actually not a picture. It is a sound clip.

Click on this link to download and listen to the clip.

Many may recognize this sound, but I think few actually know what makes this sound. I’ve heard it in many contexts, but I was convinced to make this a contest candidate when I heard it in a radio recording of General Petraeus’ progress report to congress on NPR (you can hear it just barely in one of the sound clips on this page, under Audio Highlights, “Crocker warns against…”). I’m sure the recording engineer wasn’t too pleased when choice soundbites had this playing in the background.

The challenge this month is to name the type of ware and the phenomenon that generates this sound.

The Ware for August 2007 is a die shot of the EEPROM memory area from an MF RC530 ISO 14443A Reader IC by NXP. The MF RC530 is one of the RFID readers IC that can be used in the MIFARE system, and it employs the CRYPTO-1 protocol. This EEPROM memory is part of a secure memory region that contains the keys used by the CRYPTO-1 protocol. One question I am still puzzling over is the location of the CRYPTO-1 implementation on this die. CRYPTO-1 is a proprietary cipher, and some friends of mine were curious as to the algorithm–so I contacted Flylogic and we popped the top of the MF RC530 to have a look around. My original opinion was that the array of gates immediately below the EEPROM was the CRYPTO-1 cipher. However, tracing the wires in and out of the block seem to disagree with this functionality, and instead it looks more appropriate as the programming and sequencing logic for the EEPROM. There is a microcode ROM on this chip as well, so quite possibly the cipher is implemented using part of the microcode ROM, or it is implemented using random, compiled logic.

Several readers correctly guessed the capacity of the memory array at 4kbits, although many were unclear as to what kind of array it was–some guessed DRAM, others SRAM, others a PLA. Actually, all of these are pretty good guesses. The clue that makes me think this is an EEPROM (or FLASH) array is the charge pumps on the right hand side. The large capacitors are used in a set of voltage doublers to create the high voltage necessary to erase and program the floating gates of the EEPROM memory devices. The high voltages are unique, at least in today’s modern processes, to FLASH and EEPROM devices. Christian Vogel basically nailed this analysis, so he is the winner. Congratulations, email me for your prize!

The ware for August 2007 is shown below. Click on the photo for a much larger version (warning, about 2 MB in size).

It’s late in coming, as Chumby has kept me very busy lately, but better late than never. Yep, this is a portion of a silicon chip, imaged at just 20x magnification! The challenge for this…er last…month is to correctly name what type of functional block this is, and some basic properties about it. Thanks to Chris at Flylogic.net for the awesome chip shot! We’ll be teaching an introductory workshop on silicon reverse engineering at this years’ Toorcon in San Diego.

The Ware for July 2007 was indeed a pair of crystal devices. The top image is an SMT crystal oscillator. It embeds both a quartz crystal and some active circuitry to create an autonomous CMOS-level frequency reference. The bottom image is of a “tuning fork” quartz crystal–you can see the mounting for the tuning fork structure in the X-ray–and it is a passive device that requires an external chip to cause it to oscillate.

The bottom device is actually a sort of “trick question”. Nobody got it exactly right! The interesting thing about the bottom image is what it looks like in visible light:

Compare it to the X-ray:

You may ask, what is going on? Well, the X-ray goes right through the plastic, so you don’t see it in the lower image. Instead, you see the shadows of a classic “metal can” oscillator. Why would someone go through the trouble of burying a metal can in a rectangular plastic case? The reason the overmolding is done is to allow the part to be machine-assembleable. The round can normally used for these watch crystal oscillators are difficult for machines to pick up and place, whereas a flat plastic surface with four pads is much more amenable to the vacuum tweezers used for automated assembly.

Participants in the contest could have called it out as an overmolded device because you can see the dark shadows of the four pads used to tack the device to the board in the x-ray…well, at least none of us are radiologists trying to diagnose a patient, thankfully!

The winner for Name that Ware July 2007 is Hugo! Congrats, email me for your prize. This one was relatively easy to judge, thankfully. I’m of course behind on getting August’s up (my, it’s September already!) but I wanted to spend some time on the Made in China series before catching up on Name that Ware.