Description

Reballing Process:

Identification of Faulty BGA (Ball Grid Array) Chips: Initially, the faulty BGA chips on the PCB (Printed Circuit Board) are identified. These chips might have issues like broken solder balls or poor connections.

Removal of the BGA Chip:

  • Heating: The BGA chip is carefully heated using a rework station to melt the existing solder.
  • Lifting: Once the solder is molten, the chip is gently lifted off the PCB.

Cleaning and Preparation:

  • Chip Cleaning: Residual solder is removed from the chip using a solder wick or soldering iron.
  • PCB Cleaning: The PCB area is also cleaned to remove old solder and flux residues.

Reballing:

  • Applying Flux: Flux is applied to the chip's pads to improve soldering quality.
  • Stencil Placement: A stencil that matches the BGA pattern is placed over the chip.
  • Solder Ball Placement: New solder balls are placed into the stencil openings.
  • Heating: The assembly is heated, causing the solder balls to melt and attach to the chip's pads.

Re-Attaching the BGA Chip:

  • PCB Preparation: Flux is applied to the PCB pads
  • Alignment: The reballed chip is precisely aligned with the PCB pads.
  • Reflow Soldering: The PCB is heated, reflowing the solder and forming new solder joints between the chip and the PCB.

Use Case:

Role of Reballing in Hardware Pentesting

  • Access to Secured Chips: In hardware pentesting, access to secured or encrypted chips is crucial. Reballing can be used to remove these chips from a device, enabling penetration testers to bypass security measures that are hardwired into the hardware.
  • Analysis of Embedded Systems: After removing chips via reballing, pentesters can analyze the firmware or embedded software. This is crucial for identifying vulnerabilities in the system's lowest levels.
  • Reverse Engineering: Pentesters often engage in reverse engineering to understand how a device functions. Reballing allows for the extraction and replacement of microchips, facilitating deeper analysis without permanently damaging the hardware.
  • Custom Firmware Loading: Reballing can enable the loading of custom firmware onto a device. This is particularly useful in testing how the device behaves under modified or unexpected firmware conditions, a common practice in advanced hardware pentesting.
  • Circumventing Physical Security Mechanisms: Some devices have physical security mechanisms that prevent easy access to internal components. Reballing helps in circumventing these by allowing controlled removal and reattachment of components.
  • Failure Analysis: Understanding why and how hardware fails is a part of pentesting. Reballing allows pentesters to replace suspected faulty components, aiding in failure analysis and vulnerability identification.

Trainer

vulncon
Mohammed Saqeeb Shariff
Senior Specialist @ SISA

He works with SISA as a Senior Specialist. He is Core team member of IoTSecurity101 and Null Bangalore chapter leader, Speaker at c0c0n, Bsides Bangalore , null Bangalore and mainly focusing towards SCA and EMFI attacks and PCB Reverse engineering.

vulncon
Karthik Ekanathan
QE engineer @ Crestron

He works with Crestron as QE engineer and he is Soldering, Lockpikcing expert & PCB analyst. Active member of null and core team member of iotsecurity101.