Opening electronic devices: What you will find inside

Opening the Case

Now that you have set up a test environment and have the necessary tools, it is time to start disassembling the target device. Please keep in mind that in most cases, the warranty will be voided once the device is opened.

Normally, a device can be opened without much effort using a screwdriver set. If it is a device with a power plug, make sure to unplug it beforehand.

Also be careful, if it´s a safety device. These often have advanced safety measurements against curious engineers, who want to take a look inside. Check out my other blog post on anti tamper protections if you want to know more.

Identifying Type Designations

If you have successfully removed the case and the circuit board is now accessible, it is time to identify the individual components on the circuit board and research their datasheets. The next step is re. Your task is to put yourself in the designer's mindset.

First, it is important to know exactly which ICs have been installed. The exact type designation is located on the IC. In some cases, the print may be difficult to read. Use a microscope to help with this. USB microscopes are available online for little money and are absolutely sufficient. Using the phone camera can also be helpful. Take photos from different angles and try to see if you get better results with or without flash.

If you can only recognize individual digits in the pictures, Google them. In some cases, this is enough to identify an IC. If there are no search results, repeat the search with similar or fewer digits. Also, search online with and without the manufacturer's name if it is present on the IC.

If you can recognize writing in the pictures but still cannot read it, there is another trick. Upload the photo to software that can recognize text in images. Such programs are now available not only for PCs but also for smartphones. If that doesn´t help, I can also recommend trying various AI-Picture recognition tools, that you can even find online. Maybe you get lucky, and it works.

Just get a little creative!

In many cases, ICs are located under heat sinks. Removing heat sinks should be relatively easy. If present, remove the screws. Small heat sinks are often just pressed on and held in place only by the thermal compound on the chip. Give the heat sink a slight twist and remove it and the thermal paste adhering to the chip. This should be easily possible with fine cleaning cloths and some alcohol or isopropanol.

ICs, especially in high-frequency applications, can also be shielded. In this case, there is a small metal plate on the circuit board under which the IC is located. The metal is very thin and can be easily removed by bending or desoldering. In the case of welding, you can recognize this by the grooves, it may be necessary to remove the shielding by bending or cutting. Reattaching the shielding is then no longer possible.

One method manufacturers use to make the components used unrecognizable is to remove the type designation.

A simple and rather less effective way to do this is to paint over it with a permanent marker. Try holding the component against the light and slightly tilting the circuit. It should still be possible to read the labeling.

If it is not possible to read the labeling, you can try to remove the paint. Isopropanol removes lightly applied paints and is gentle on plastics. Acetone is a bit stronger and can slightly attack plastics.Isopropanol or acetone is usually sufficient. In more stubborn cases, it may be necessary to resort to stronger agents. White spirit or nitro thinners also attack plastics but easily remove the paint. Such substances are readily available at hardware stores. So be careful with these substances and always take the necessary protective measures, such as wearing gloves and safety glasses.

A somewhat more effective way to make components unrecognizable is to grind off the type designation. This cannot be undone. However, it may still be possible to identify the components as I will show you now.

All ICs have pins that perform certain functions. Some pins are for power supply (VCC), some for ground (GND), some for signals, and some may not be connected (NC). You can identify the installed IC by comparing datasheets with other ICs of the same size and package.

Datasheets are documents issued by the manufacturer to enable developers to compare components and determine if a component is suitable for a project. A datasheet, which can be downloaded as a PDF document from the internet, lists all technical details and properties, such as functionality, voltages, frequencies, protocol used, etc.

To find out which pins are for which function, they must be measured. The multimeter helps with this. Test with the continuity test which pins go to ground, GND. This measurement must be done with the device turned off.

Then turn on the device and measure the voltages at the individual pins. If there is a constant voltage of, for example, 5V, it is very likely VCC. If the voltages at a pin fluctuate, it may be signal pins or oscillators. You can also recognize oscillators by the presence of quartz components near the IC. Capacitors with small capacitances are usually located near the VCC pin. Their task is to stabilize the voltage at the respective pins during operation.

Be careful when measuring not to cause a short circuit with the test probes. This can easily happen if you are not careful enough.

When measuring with the multimeter, the following applies: Voltage measurements must be carried out with the device turned on. Continuity tests and measurements of capacitances, resistances, or other passive components should only be done with the device turned off!

Create a drawing of the IC, either by hand or using PC software, in which you display and label the individual pins. If the purpose of the circuit is known, search online for chips used in such devices and compare their images in the datasheets with your drawing. If there are similarities, it is very likely that your IC is the one you found in the datasheet.

This type of determination can be very time-consuming and does not always lead to satisfactory results. It is more of a measure that can be taken if there are no other options.

Next, let´s focus on the circuitboard.

For simple analysis of a device, it is not necessarily important to know the entire layout of the circuit board. It always depends on the goals being pursued.

As already mentioned, existing resources should be used first. Schematics, documentation, and datasheets on the internet are the first point of contact. If the efforts to search for such data on the internet have not been successful, manual reverse engineering must continue.

RE involves analyzing a circuit or device until the entire functionality is understood. This may be necessary in some cases. In this part of the book, practical tips are given to help you completely reverse engineer a circuit board.

First, the individual components on the circuit board should be identified. The main SOC is usually located under a heat sink in the middle of the circuit board for practical reasons.

Create a list of all the components used and research the corresponding datasheets.

Next, it is important to understand the wiring of the individual components. How are they electrically connected?

This can be done by creating your own schematic. Start roughly and work step by step. Initially, it may be sufficient to create a block diagram that roughly shows which part of the circuit is connected to which part.

If you want to go into more detail, a detailed schematic that includes all electronic components must be created. Depending on the size of the circuit, it is more sensible to create the schematic using suitable software. The selection of software is vast. Eagle is the professional tool par excellence for creating schematics. However, free software can also be used, which is less professional but should still be sufficient. The free software KiCad has proven itself in this regard.

Always proceed systematically. Follow the traces on the circuit board and determine which components the individual pins of the ICs are connected to. The use of a multimeter is indispensable at this step. The continuity test provides information about which points are connected. You can also analyze the circuit digitally on the PC.

A good tip is to take a photo of the circuit board. The picture should be taken from above and with good lighting. Make sure the picture is sharp and taken as straight as possible at a right angle from above. Upload the picture to an image editing program.

Next, search online for the datasheet of an IC on the circuit board. Specifically, look for the pin layout of the IC. Also, upload this image to the image editing program and remove the background.

Now the two images can be overlaid.

This is a good way to have the IC with its labeling in view on one image. In rare cases, manufacturers use the exact same circuit as found in the schematic in the datasheet. Nevertheless, this schematic can be helpful in understanding the circuit.

Depending on the extent, it may also be necessary to understand the circuit in detail. In this case, capacitors, coils, resistors, voltage regulators, etc., must also be identified.

This can be difficult if parts are built in SMD and are only microscopically small. In this case, the use of a USB microscope helps. SMD components are labeled with a certain code that provides information about the value. Corresponding tables for SMD resistor codes or SMD capacitor codes are available online.

If you have digitally built the circuit in the software, you can take a closer look at the functionality and further understand which components perform which tasks.

You will encounter pull-up and pull-down resistors, filter capacitors, quartz oscillators, and many other circuits that are realized with the help of other components.

A very important approach to analyzing circuit boards is finding ports and headers. Ports are used to allow components on the circuit board to communicate with each other via a certain protocol. I have already described the most important protocols earlier on in the blog section. If you find 3 to 5 solder points in a row on the circuit board, it is very likely a port. A port is used to allow the circuit board to communicate with the outside world. Headers, on the other hand, are more intended to transfer data internally within a system.

There may also be additional test points on the circuit board that are not necessarily bound to a protocol. In production, signals can be measured at the test points. This is done using special needles that are guided to the contacts to establish an electrical connection. Such constructions are usually custom-made and very expensive. However, there are also inexpensive options for amateurs. For example, there are online construction manuals for so-called needle probe holders that can be easily built by yourself. If you have a 3D printer for example, you can build a station yourself. The necessary files for the construction can be downloaded from the internet.

Of course, there are other components on the circuit board, such as antennas, shields, jumpers, etc. Over time, you will encounter some "special cases."

Jumpers, for example, are small bridges that are plugged onto pins. They are used to configure the circuit board.

A circuit board, as such, is basically just a piece of plastic with copper traces. The components are soldered onto the surface using solder. On the surface of the circuit board is the solder mask, sometimes also called the solder stop mask. It protects the underlying traces from corrosion or damage. If necessary, the solder mask can also be removed using a fiberglass eraser or similar tools. When scraping off the protective layer, proceed slowly and carefully. Solder mask is also available for purchase if scratched areas need to be resealed.