HAL – The Hardware Analyzer

HAL [/hel/] is a complete reverse engineering and manipulation framework for gate-level netlists that specialize in potency, extendability and portability. HAL comes with a fully-fledged plugin machine, permitting to introduce arbitrary functionalities to the core.

Apart from more than one analysis tasks, HAL could also be utilized in our college lecture Introduction to Hardware Reverse Engineering.
performance because of optimized C++ core

  • Modularity: write your individual C++ Plugins for environment friendly netlist analysis and manipulation (e.g. by way of graph algorithms)
  • A feature-rich GUI taking into account visible netlist inspection and interactive research
  • An built-in Python shell to exploratively engage with netlist parts and to interface plugins from the GUI
  • Update v1.1.0 Support for Xilinx Unisim, Xilinx Simprim, Synopsys 90nm, GSCLIB 3.0 and UMC 0.18µm libraries is now added
  • API Documentation
    The C++ documentation is to be had here. The Python documentation can also be discovered here.

    Quick Start
    Install or construct HAL and get started the GUI by way of hal -g. You can record all to be had choices by way of hal [--help|-h]. We incorporated some instance netlists in examples at the side of the implementation of the respective instance gate library in plugins/example_gate_library. For directions to create your individual gate library and different helpful tutorials, check out the wiki.
    Load a library from the examples listing and get started exploring the graphical illustration. Use the built-in Python shell or the Python script window to have interaction. Both characteristic (restricted) autocomplete capability.
    Let’s record all search for tables and print their Boolean purposes:

    from hal_plugins import libquine_mccluskey

    qm_plugin = libquine_mccluskey.quine_mccluskey()

    for gate in netlist.get_gates():
    if "LUT" in gate.sort:
    print(gate.identify + " (identification "+str(gate.identification) + ", sort " + gate.sort + ")")
    print(" " + str(len(gate.input_pin_types)) + "-to-" + str(len(gate.output_pin_types)) + " LUT")
    boolean_functions = qm_plugin.get_boolean_function_str(gate, False)
    for pin in boolean_functions:
    print(" " + pin + ": "+boolean_functions[pin])
    print("")

    For the instance netlist fsm.vhd this prints:

    FSM_sequential_STATE_REG_1_i_2_inst (identification 5, sort LUT6)    6-to-1 LUT    O: (~I0 I1 ~I2 I3 I4 ~I5) + (I0 ~I2 I3 I4 I5)    FSM_sequential_STATE_REG_0_i_2_inst (identification 3, sort LUT6)    6-to-1 LUT    O: (I2 I3 I4 ~I5) + (I1 I2) + (I0 I1) + (I1 ~I3) + (I1 ~I4) + (I1 ~I5)    FSM_sequential_STATE_REG_0_i_3_inst (identification 4, sort LUT6)    6-to-1 LUT    O: (~I1 ~I2 I3 ~I4 I5) + (I0 I5) + (I0 I4) + (I0 I3) + (I0 I1) + (I0 ~I2)    OUTPUT_BUF_0_inst_i_1_inst (identification 18, sort LUT1)    1-to-1 LUT    O: (~I0)    OUTPUT_BUF_1_inst_i_1_inst (identification 20, sort LUT2)    2-to-1 LUT    O: (~I0 I1) + (I0 ~I1)    FSM_sequential_STATE_REG_1_i_3_inst (identification 6, sort LUT6)    6-to-1 LUT    O: (I0 I2 I4) + (~I1 I2 I4) + (I0 ~I3 I4) + (~I1 ~I3 I4) + (I0 I4 ~I5) + (~I1 I4 ~I5) + (I2 I5) + (I2 I3) + (I1 I5) + (I1 I3) + (I0 I1) + (~I0 I5) + (~I0 I3) + (~I0 ~I1) + (I1 ~I2) + (~I0 ~I2) + (~I3 I5) + (~I2 ~I3) + (~I4 I5) + (I3 ~I4) + (I1 ~I4)  

    Citation
    If you employ HAL in an educational context, please cite the framework the use of the reference beneath:

    FSM_sequential_STATE_REG_1_i_2_inst (identification 5, sort LUT6)
    6-to-1 LUT
    O: (~I0 I1 ~I2 I3 I4 ~I5) + (I0 ~I2 I3 I4 I5)

    FSM_sequential_STATE_REG_0_i_2_inst (identification 3, sort LUT6)
    6-to-1 LUT
    O: (I2 I3 I4 ~I5) + (I1 I2) + (I0 I1) + (I1 ~I3) + (I1 ~I4) + (I1 ~I5)

    FSM_sequential_STATE_REG_0_i_3_inst (identification 4, sort LUT6)
    6-to-1 LUT
    O: (~I1 ~I2 I3 ~I4 I5) + (I0 I5) + (I0 I4) + (I0 I3) + (I0 I1) + (I0 ~I2)

    OUTPUT_BUF_0_inst_i_1_inst (identification 18, sort LUT1)
    1-to-1 LUT
    O: (~I0)

    OUTPUT_BUF_1_inst_i_1_inst (identification 20, sort LUT2)
    2-to-1 LUT
    O: (~I0 I1) + (I0 ~I1)

    FSM_sequential_STATE_REG_1_i_3_inst (identification 6, sort LUT6)
    6-to-1 LUT
    O: (I0 I2 I4) + (~I1 I2 I4) + (I0 ~I3 I4) + (~I1 ~I3 I4) + (I0 I4 ~I5) + (~I1 I4 ~I5) + (I2 I5) + (I2 I3) + (I1 I5) + (I1 I3) + (I0 I1) + (~I0 I5) + (~I0 I3) + (~I0 ~I1) + (I1 ~I2) + (~I0 ~I2) + (~I3 I5) + (~I2 ~I3) + (~I4 I5) + (I3 ~I4) + (I1 ~I4)


    Feel unfastened to additionally come with the unique paper

    @misc{hal,
    writer = {{EmSec Chair for Embedded Security}},
    writer = {{Ruhr University Bochum}},
    name = {{HAL - The Hardware Analyzer}},
    12 months = {2019},
    howpublished = {url{https://github.com/emsec/hal}},
    }

    Install Instructions

    Ubuntu
    HAL releases are to be had by way of it is personal ppa. You can in finding it right here: ppa:sebastian-wallat/hal

    macOS
    Use the next instructions to put in hal by way of homebrew.

    @article{2019:Fyrbiak:HAL,
    writer = {Marc Fyrbiak and
    Sebastian Wallat and
    Pawel Swierczynski and
    Max Hoffmann and
    Sebastian Hoppach and
    Matthias Wilhelm and
    Tobias Weidlich and
    Russell Tessier and
    Christof Paar},
    name = {{HAL-} The Missing Piece of the Puzzle for Hardware Reverse Engineering,
    Trojan Detection and Insertion},
    magazine = {IEEE Transactions on Dependable and Secure Computing},
    12 months = {2019},
    writer = {IEEE},
    howpublished = {url{https://github.com/emsec/hal}}
    }

    Build Instructions
    Run the next instructions to download and set up HAL.

    1. git clone https://github.com/emsec/hal.git && cd hal
    2. To set up all neccessary dependencies execute ./install_dependencies.sh
    3. mkdir construct && cd construct
    4. cmake ..
    5. make

    Optionally you’ll set up HAL:
    make set up

    Build on macOS
    Please be sure you use a compiler that helps OpenMP. You can set up one from e.g. Homebrew by way of: brew set up llvm.
    To let cmake know of the customized compiler use following command.
    cmake .. -DCMAKE_C_COMPILER=/usr/native/decide/llvm/bin/clang -DCMAKE_CXX_COMPILER=/usr/native/decide/llvm/bin/clang++

    Disclaimer
    HAL is at maximum alpha-quality tool. Use at your individual possibility. We don’t inspire any malicious use of our toolkit.

    Download Hal