Reading the program from GAL16V8D PLD

[waqas5304]

gal16v8d

hi
i am new in this forum . i want to now ,is it possible to read the program from a programmed GAL16V8D PLD . i have a programmed GAl and i want to read the contents .
help and suggestions are welcomed

 

[IanP]

gal16v8d programmer

Security Cell
A security cell is provided in the GAL16V8 devices to prevent unauthorized
copying of the array patterns. Once programmed, this
cell prevents further read access to the functional bits in the device.
This cell can only be erased by re-programming the device, so the
original configuration can never be examined once this cell is programmed.

Quoted from:
**broken link removed**

I guess this should explain the issue of reading programmed devices ..

Regards,
IanP

 

[waqas5304]

8051sbc.jed

thanx for reply
the problem which i am facing is that i am having a card on the output of that this GAL is there . it has two inputs that are pulses of different amplitude and the two outputs of GAL are connected to the next pc base tester for tunning the card. the input signals are on pin 2 and 3 whereas out put is on pin 17and 18. i want to decode the program of the GAL . ckl pin is not connected. the point is is there any way i can know the logic . i am new to GAl .
i mean if there are gates inside the GAL can i reverse engineer the logic

if you can comment it will be graet
waqas

 

[IanP]

jed2eqn

If the security fuse has been blown, you will not be able to read the PLD in question ..
Reverse-engineering is possible, but it will likely require a logic analyzer and most definitely schematic diagrams of the circuit in question showing how the PLD you're trying to reverse-engineer works into the circuit ..

If the security fuse has NOT been blown, you can use any PLD programmer/reader to read the PLD in quesion and then disassemble obtained file with JED2EQN - disassembler ..
It is part of the OPAL package - o.zip, which can be downloaded from:
**broken link removed**
(see section: using PLD assembler) ..
Some additional info on this:
**broken link removed**

Regards,
IanP

 

[waqas5304]

reading the gal program

hi '
thanx for help . i have done as you said . i read the GAL with the progrtammer and coinverted the jed FILE TO .EQN . I DOWNLOAD THE opal i am attaching the result file if you can view and comment . i think the GAL fuse are not blown .am i right .your reply is awaited sir
waqas

; JED2EQN -- JEDEC file to Boolean Equations disassembler (Version V063)
; Copyright (c) National Semiconductor Corporation 1990-1993
; Disassembled from FGFF.jed. Date: 8-31-107
;$GALMODE MEDIUM

chip FGFF GAL16V8

nc1=1 GND=10 /nc11=11 o12=12 o13=13 o14=14 o15=15 o16=16 o17=17
o18=18 o19=19 VCC=20

@ues ffffffffffffffff

equations

o19 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o19.oe = vcc
o18 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o18.oe = vcc
o17 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o17.oe = vcc
o16 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o16.oe = vcc
o15 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o15.oe = vcc
o14 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o14.oe = vcc
o13 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o13.oe = vcc
o12 = vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
+ vcc
o12.oe = vcc

 

[au.ajith]

opal gal assembler

can you please tell me whats that .oe function?

Added after 54 seconds:

i need to write an vhdl code for the following eqns

; JED2EQN -- JEDEC file to Boolean Equations disassembler (Version V063)
; Copyright (c) National Semiconductor Corporation 1990-1993
; Disassembled from pr.jed. Date: 8-26-108
;$GALMODE REGISTERED

chip agilenttest GAL16V8

CLK=1 i2=2 i4=4 i5=5 i6=6 i7=7 GND=10 /OE=11 o12=12 o13=13 rf14=14
o15=15 o16=16 o17=17 rf18=18 rf19=19 VCC=20

@ues 0000000000000000
@ptd unused

equations

/rf19 := /i2 * rf19

rf19.oe = OE

/rf18 := /i2 * /rf19 * /rf18
+ /i2 * rf19 * rf18

rf18.oe = OE

o17 = i7
o17.oe = vcc

o16 = i6
o16.oe = vcc

o15 = i5

o15.oe = vcc

/rf14 := /i2 * /rf18 * /rf14
+ /i2 * rf19 * rf18 * rf14
+ /i2 * /rf19 * /rf14

rf14.oe = OE

o13 = /rf19 * rf18
+ i2

o13.oe = vcc

o12 = i4

o12.oe = vcc

 

[jaysenghani]

Re: jed2eqn

If the security fuse has been blown, you will not be able to read the PLD in question ..
Reverse-engineering is possible, but it will likely require a logic analyzer and most definitely schematic diagrams of the circuit in question showing how the PLD you're trying to reverse-engineer works into the circuit ..

If the security fuse has NOT been blown, you can use any PLD programmer/reader to read the PLD in quesion and then disassemble obtained file with JED2EQN - disassembler ..
It is part of the OPAL package - o.zip, which can be downloaded from:
**broken link removed**
(see section: using PLD assembler) ..
Some additional info on this:
**broken link removed**

Regards,
IanP

how to identify GAL16V8D is fuse protected or not??
what data it should give if it is fused protected because i copied one IC.



does it fuse protected???

 

[FvM]

I can't say for sure if it's erased or fuse protected, but it has surely not a single product term bit set (range 0 - 0xFF), in other words doesn't contain any logic.