I previously reported on reverse engineering a candle flicker LED. My approach was to extract the “flicker” pattern from the input current variation and to deduce the algorithm from statistical analysis.
Reverse engineering the controller chip
Of course there is another, more involved, approach. And that is to reverse engineer the circuit directly from the die. Andrew Zonenberg from Siliconpr0n decapsulated and imaged the controller chip from one of my LEDs. You can find his report here.
He managed to obtain very high-resolution optical microscopy images of the top-level metal. It turns out that the controller chip is manufactured in a relatively coarse CMOS process with one metal layer and 1-2 µm resolution. This is 1980ies technology. But of course, that is all that is needed for a circuit as simple as a flicker-LED.
An initial survey reveals that there are two RC-oscillators. The two large rectangles in the lower part are the capacitors. The driving circuit is between the caps and the resistors are the stretched structures below the caps. One of these is probably a general clock generator, while the second one could be a part of a hardware random number generator. It is also obvious that there is no counter or shift register longer than 5-bit. This does indeed seem to confirm that no LFSR is used for the random number generator. This was already suggested by the statistical analysis.
Reverse engineering the exact circuit is a more involved effort, which yet needs to be done. Are you up to the challenge?
Another Candle Flicker-LED
It turns out there is more than one flicker-LED-controller-chip. Natecaine commented on the original story on Hack-a-Day and followed up with a micrograph of the controller chip of one of his LEDs. This is a much simpler controller, as shown below. Nothing is known about the flicker-pattern so far. This controller only uses a single RC-oscillator (bottom) and several counter or shift-registers and is probably LFSR based.
Home-brewing a Candle Flicker LED using the tiniest MCU
In other news, picatout took the code I reverse engineered from the original LED and used it to create his own Candle-flicker-LEDs by embedding a PIC10F200 into a normal LED [french]. That’s a pretty cool hack in my opinion. Of course it would also work with an ATtiny 4/5/9/10.
Tim's Blog 
There is one really clever solution used for implementing candle LEDs that are sometimes used, namely a music chip such as the one used in musical birthday cards etc. Instead of a piezo speaker, a LED is used and it does flicker quite convincingly modulated by the tune.
I was going to say, almost all of the ones i’ve seen are ol music chips from greeting cards. just connect a photodiod to a microphone plug, and you can listen to ’em
Looking at the first micrograph, I counted 31 identical blocks which I suspect implies a 31 stage shift register. There are 2 trinomials which will result in a maximal length sequence so you need only as one xor gate to generate a sequence of 2,147,483,647 pseudo random bits. Taking any 16 bits and adding a a contribution to the modulation current via a resistor for each one would give you 1 your 16 levels. This current would be added to a bypass current. This is all very easy to do in a simple IC. An RC network can be used to force a binary one into the register to prevent it repeating the all zeros state for ever. I notice a period of constant brightness – maybe a second on switch on – before the flickering. It doesn’t matter if it always starts from the same state of course.