Skip to content

Introduction to HAL

Jump to bottom
SJulianS edited this page Oct 19, 2020 · 11 revisions

HAL [/hel/] is a comprehensive netlist reverse engineering and manipulation framework. Virtually all available research on netlist analysis operates on a graph-based representation of the netlist under inspection. At its core, HAL provides exactly that: A framework to parse netlists of arbitrary sources, e.g., FPGAs or ASICs, into a graph-based netlist representation and to provide the necessary built-in tools for traversal and analysis of the included gates and nets.

Our vision is that HAL becomes the hardware-reverse-engineering-equivalent of tools like IDA or Ghidra. We want HAL to enable a common baseline for researchers and analysts to improve reproducibility of research results and abstract away recurring basic tasks such as netlist parsing etc.

  • High performance thanks to the optimized C++ core
  • Flexibility through built-in Python bindings
  • Modularity via a C++ plugin system
  • Stability is ensured via a rich test suite

HAL is actively developed by the Embedded Security group of the Max Planck Institute for Security and Privacy. Apart from multiple research projects, it is also used in our university lecture Introduction to Hardware Reverse Engineering.

Note that we also have a set of modern state-of-the-art benchmark circuits for the evaluation of netlist reverse engineering techniques available in a seperate repository.

GUI

TODO

Python Bindings

TODO

Plugin System

HAL facilitates customization by providing a sophisticated plugin interface that allows to its extend its functionality using plugins written in C++. Via the plugin system, the developer has full access to HAL's rich C++ API providing access to all components of its internal netlist representation. Furthermore, Python bindings for plugin functionality can easily be deployed to be used within the GUI or from the build-in Python shell. By default, HAL comes with a set of plugins that have been developed at our research group and enrich HAL's capabilities.

Shipped Plugins

  • GUI: A feature-rich GUI allowing for visual netlist inspection and interactive analysis
    • Native integration of a Python shell with access to the HAL Python bindings
    • Isolation of specific gates or modules for clutter-free inspection
    • Interactive traversal of netlists
    • Detailed widgets with information on all aspects of the inspected netlist
  • Netlist Simulator: A simulator for arbitrary parts of a loaded netlist
  • Dataflow Analysis: Our dataflow analysis plugin DANA that recovers high-level registers in an unstructured netlist
  • Graph Algorithms: igraph integration for direct access to common algorithms from graph-theory
  • Python Shell: A command-line plugin to spawn a Python shell preloaded with the HAL Python bindings
  • VHDL & Verilog Parsers: Adds support for parsing VHDL and Verilog files as netlist input formats
  • Liberty Parser: Adds support for arbitrary gate libraries in the standard liberty gate library format
  • VHDL & Verilog Writers: Adds support for serializing a (modified) netlist to synthesizable VHDL or Verilog files
  • Gate Libraries: Adds support for the XILINX Unisim and Simprim gate libraries
Clone this wiki locally