There are actually substantially more steps involved in reverse engineering more modern SOCs. After depackaging the chips you have to strip the metal layers, special protective layers etc to get to the base layers. Modern processes can have upwards of 8 metal layers along with a top layer composed of filled metal (there are issues with processing if a relatively uniform amount of metal isn't on each layer).
After you get the images of the metal layers (you likely can't do this optically for things down near Metal1) you can image the poly and diffusions. You can probably guess which transistors are which based on which power rails they would have been connected to.
Things might be easier if you know what standard cell library the designers used when laying out the chip, as then you'd more easily be able to identify the base logical functions faster.
If you're being thorough you'd also have to make sure you obtain measurements of the widths of each of the transistors (so you can later figure out the relative drive strength which matters for things like identifying keeper circuits or more precision analog elements etc).
Determining some transistor behavior make require even more complicated tests to identify doping levels and if you were trying to duplicate the process you'd have to identify a large number of other materials (for example if they use copper you'd want to find what chemical they used to control the diffusion etc).
Yes, and that does not even get into the extremely complex principle of the process technology itself, mixed with the design placement techniques that tend to be very closely tied to the process.
Reverse engineering Digital can be conceivable by looking at blocks, but for analog it can be incredibly difficult.
After you get the images of the metal layers (you likely can't do this optically for things down near Metal1) you can image the poly and diffusions. You can probably guess which transistors are which based on which power rails they would have been connected to.
Things might be easier if you know what standard cell library the designers used when laying out the chip, as then you'd more easily be able to identify the base logical functions faster.
If you're being thorough you'd also have to make sure you obtain measurements of the widths of each of the transistors (so you can later figure out the relative drive strength which matters for things like identifying keeper circuits or more precision analog elements etc).
Determining some transistor behavior make require even more complicated tests to identify doping levels and if you were trying to duplicate the process you'd have to identify a large number of other materials (for example if they use copper you'd want to find what chemical they used to control the diffusion etc).
It's pretty interesting stuff though.