Automated PCB Reverse Engineering


Stephan Kleber, Henrik Ferdinand Nölscher, and Frank Kargl, Institute of Distributed Systems, Ulm University


The very first step for analyzing the security of an embedded device, without prior knowledge of the device’s construction, is analyzing the printed circuit board (PCB) of the device, in order to understand its electrical implementation. This analysis is called PCB reverse engineering and its results are a list of components, technical documentation related to those components, and a schematic reconstruction, that illustrates basic connections between the PCB’s components.

Motivated by the lack of inexpensive methods for efficiently performing PCB reverse engineering, we propose a novel framework that formalizes and automates most of the tasks required for PCB reverse engineering. The framework is capable of automatically detecting components using machine vision, gathering technical documentation from the internet and analyzing technical documents to extract security-relevant information. We implement the concept and evaluate the gain of efficiency and analysis coverage. Our results show that automating almost all steps of PCB reverse engineering is possible. Furthermore, we highlight novel use cases that are enabled by our approach.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {206140,
author = {Stephan Kleber and Henrik Ferdinand N{\"o}lscher and Frank Kargl},
title = {Automated {PCB} Reverse Engineering},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT 17)},
year = {2017},
address = {Vancouver, BC},
url = {},
publisher = {USENIX Association},
month = aug