At times, advanced techniques of reverse engineering PCB are time-consuming and expensive.
In practice, most PCB reverse engineers undertake manual procedures to know how a particular embedded system is made.
Here I illustrate manual workflow on how to reverse engineer a PCB.
i.Identify Components
The most fundamental thing you should identify is the electronic components that you observe on the printed circuit board.
Make sure you recognize each component on the PCB.
Identify as many components as you can, including a capacitor, transistor, IC chips, resistor, fuse, inductor, diode, connectors, among other components.
TV PCB
Having knowledge of their names and classification can assist you to quicken the time required to identify them.
In Modern PCB, there is more use of IC chips than passive components, and all the IC chips appear similar (black encapsulation with different shape and size).
For this matter, it is crucial to scrutinize the number printed on the IC chip. Because, without the number, you will require more experience and brain power to decode the PCB.
Some manufacturers will develop mechanisms to delete the number on the chips as a way of hindering reverse engineering of their PCB.
Erasing the lettering reduces the chances of copying their circuit design.
The number is essential since it helps you search for the components’ datasheet from the internet.
The design of most current PCB uses surface mount components, which can be small making it difficult to apply the traditional color band scheme regarding a component such as a resistor.
Number coding similar to the color band scheme is applied for bigger SMD resistor. The first few digits stand for the actual digit as the last digit stands for the number of zeros.
Sample SMD Resistor
Smaller SMD resistors having smaller printed area apply a standard coded system to print their value.
The standard coding system is referred to as EIA marking code. The coding system makes it very difficult to establish the resistor value.
Fortunately, the internet has simplified the task since you only need to search and find the value base on the code.
There also exist apps which enable you to enter the EIA code, and in return gives you the resistance value.
The applications also have extra features which can help you in your PCB reverse engineering process.
ii.Gather and Extract Information on Related PCB Documents
Data acquisition is the next stage in reverse engineering PCB and to carry out a successful PCB reverse engineering, get at least two samples of the PCB.
Obtain a detailed scanned image of the populated PCB since this will help you establish the polarities and locations of the components.
Collect the technical manuals and information concerning the PCB assembly. Additionally, obtain usage and maintenance data and performance specifications.
Visually inspect the printed circuit board unit and take note of inconsistency between the available data and the real PCB.
After completing the process of data collection, remove the components from the board. Thereafter, using a thinner, clean the board to remove the solders. Finally, blow dry air to remove dirt and dust from the PCB.
iii.Analyze Important Signals
The analysis is the most tedious phase of PCB reverse engineering process.
The operation involves the mapping out how the components are interconnected.
You map out the entire connection (referred to as traces) component by component.
However, before commencing the tracing procedure, it is critical to identify the printed circuit board type which is categorized as a single layer, double layer, and multilayer board.
Sample of PCB tracing
Single layer PCB is the simplest circuit board where one face of the board has only the PCB trace routing, while the other face consists of the electronic components.
Single layer board usually contains majorly through-hole components and it is fairly easy to map out the connection.
Double layer PCB is the second type of circuit board where the trace routing can be found on both faces of the board.
In most cases, you will find surface mount components on one face of the board while the through-hole components are placed on the other side.
Usually, traces routing is done beneath the through-hole components and the IC chips.
This type of traces routing makes it impractical to trace out the connection with the naked eye.
You will require a multimeter function continuity (also referred to as continuity tester) to identify a connection.
Typically, it will buzz the moment the probes get in contact with two points connected by a trace.
However, you can as well utilize an Ohm meter function which registers a zero ohm when you probe a connection.
I recommend the buzz since while you concentrate on tracing the circuit, you do not need to check the continuity tester display to confirm a connection.
The buzz sound signal is more convenient.
Even though continuity tester is a convenient device for tracing the connection, it is of essence understanding how it functions.
The buzz is made to sound at a specific ohm threshold.
This implies that a 10 Ohm resistor between two points may result in a buzz, which can mislead you into believing that there is a connection between the two points.
It is therefore important to be aware of this during the probing operation.
Combining the help of your vision and continuity tester should help reduce mistakes.
You should take note of components such as inductors, transformer, a sense resistor (normally bigger than the other types of resistor), coil, and any external wiring or connection to the PCB.
Another popular mistake is probing the trace without unplugging the power supply.
It is important to make sure that you switch off all connections to the printed circuit board before mapping out the connection.
Multilayer PCB is the most complex board to trace.
Commonly for a 4 layer circuit board, most developers prefer to use the middle layer for power traces such as GND and VCC.
Nonetheless, it is not always definite, but there are higher chances based on experience working with different printed circuit boards and common circuit theory.
PCB reverse engineering needs you to reason more like the designer of the circuit board you want to hack.
For a multilayer board, it is almost near impossible to trace the printed circuit board using your normal vision.
In some cases, knowledge of the components coupled with your experience as a designer might help you shorten the procedure.
There will be areas that you will instinctively know that it is not a must you try.
Draw out the position and the connection of the components, mark all the components, and designate the trace the moment you are in a position to establish its function.
Power supply traces are the easiest, to begin with.
This is so since we always know where the power supply is attached to the circuit board.
From there you can trace out where the power connection heads to next.
You will be capable of mapping out the next stage which is commonly the voltage regulator.
However, in the case of an AC power line, you will commonly locate a rectifier before it connects with the voltage regulator.
But this proposal presumes standard design thus it will be upon you to recognize it since there exist many varieties of PCB design.
PCB Reverse engineering design
Analysis of the datasheet of the IC chip can also assist you to establish the connection.
Order the component sign into the standard stamp circuit layout that you can identify.
With the configuration, you can easily recognize common standard circuit such as relay circuits, pull up, input circuit, voltage regulator, driver circuit using transistor, among others.
Draw them out in a layout that aids you to identify the circuit module functionality.
The process is complicated, and it is a never an ending conversation on PCB reverse engineering.