BSides Dehradun Logo
BSides Dehradun Logo
VillageCTF
Get Your Tickets

Microchip Makeover : The Reballing Realm

INSTRUCTORS

Mohammed Saqeeb Shariff

Senior Specialist

@ SISA

He is Core team member of IoTSecurity101 and Null Bangalore chapter leader, Speaker at c0c0n, Bsides Bangalore , null Bangalore and mainly focusing towards SCA and EMFI attacks and PCB Reverse engineering.

Kartheek Ekanatham

QE Engineer

@ Crestron

He is a Soldering, Lockpikcing expert & PCB analyst. Active member of null and core team member of iotsecurity101.

Description

Reballing Process

Identification of Faulty BGA (Ball Grid Array) Chips

Initially, the faulty BGA chips on the PCB (Printed Circuit Board) are identified. These chips might have issues like broken solder balls or poor connections.

Removal of the BGA Chip

Heating

The BGA chip is carefully heated using a rework station to melt the existing solder.

Lifting

Once the solder is molten, the chip is gently lifted off the PCB

Cleaning and Preparation

Chip Cleaning

Residual solder is removed from the chip using a solder wick or soldering iron.

PCB Cleaning

The PCB area is also cleaned to remove old solder and flux residues.

Reballing

Applying Flux

Flux is applied to the chip's pads to improve soldering quality.

Stencil Placement

A stencil that matches the BGA pattern is placed over the chip.

Solder Ball Placement

New solder balls are placed into the stencil openings.

Heating

The assembly is heated, causing the solder balls to melt and attach to the chip's pads.

Re-Attaching the BGA Chip

PCB Preparation

Flux is applied to the PCB pads.

Alignment

The reballed chip is precisely aligned with the PCB pads.

Reflow Soldering

The PCB is heated, reflowing the solder and forming new solder joints between the chip and the PCB

Re-Attaching the BGA Chip

PCB Preparation

Flux is applied to the PCB pads.

Alignment

The reballed chip is precisely aligned with the PCB pads.

Reflow Soldering

The PCB is heated, reflowing the solder and forming new solder joints between the chip and the PCB

use cases

Role of Reballing in Hardware Pentesting

Access to Secured Chips

In hardware pentesting, access to secured or encrypted chips is crucial. Reballing can be used to remove these chips from a device, enabling penetration testers to bypass security measures that are hardwired into the hardware.

Analysis of Embedded Systems

After removing chips via reballing, pentesters can analyze the firmware or embedded software. This is crucial for identifying vulnerabilities in the system's lowest levels.

Custom Firmware Loading

Reballing can enable the loading of custom firmware onto a device. This is particularly useful in testing how the device behaves under modified or unexpected firmware conditions, a common practice in advanced hardware pentesting.

Circumventing Physical Security Mechanisms

Some devices have physical security mechanisms that prevent easy access to internal components. Reballing helps in circumventing these by allowing controlled removal and reattachment of components.

Failure Analysis

Understanding why and how hardware fails is a part of pentesting. Reballing allows pentesters to replace suspected faulty components, aiding in failure analysis and vulnerability identification.

Reverse Engineering

Pentesters often engage in reverse engineering to understand how a device functions. Reballing allows for the extraction and replacement of microchips, facilitating deeper analysis without permanently damaging the hardware.