Searching \ for '[Bulk] Re: [PIC] protected code' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: massmind.org/techref/microchip/devices.htm?key=pic
Search entire site for: 'Re: [PIC] protected code'.

Exact match. Not showing close matches.
PICList Thread
'[Bulk] Re: [PIC] protected code'
2009\05\20@162555 by Isaac Marino Bavaresco

flavicon
face
Richard Prosser escreveu:
> If the client is determined that his clients have web access to the
> hex file, why not get him to setup a password secured web page?
>
> RP
>
> 2009/5/21 Herbert Graf <spam_OUThkgrafTakeThisOuTspamgmail.com>:
>  
>> On Wed, 2009-05-20 at 07:09 -0700, alan smith wrote:
>>    
>>> Setting the code protect config bits is supposed to give you a layer of protection, when at least trying to read back from the actual device.  I wont get into the discussion about how that can be gotten around.
>>>
>>> My question is...when you generate a hex file with these set, can it be dissassembled..ie..is the code protect only valid for reading back from the device.
>>>
>>> The basis for the question is a client wants to put code updates for a product on his website, so anyone can download but doesnt want someone to easily able to reverse engineer it.  I wasnt sure if this protects the hex file.
>>>      
>> The code protect bit is just a setting in the PIC's config space, aside
>> from that bit being flipped in the hex file there is no difference in
>> the hex file.
>>    

Most probably one must prevent everybody, including the customers, from
being able to clone the product.

Most circuits are usually simple to clone. If somebody has access to the
firmware, then he can build many boards by himself and stop buying from you.

The only safe approach is to use a cryptographic boot-loader.

Regards,

Isaac

__________________________________________________
Faça ligações para outros computadores com o novo Yahoo! Messenger
http://br.beta.messenger.yahoo.com/

2009\05\20@164303 by Bob Axtell

face picon face
The encrypted bootloader is the cats meow. Because you have to block
readable access
at every step of the process, and nothing else (that I am aware of) can do it.

--Bob

On Wed, May 20, 2009 at 1:25 PM, Isaac Marino Bavaresco
<.....isaacbavarescoKILLspamspam@spam@yahoo.com.br> wrote:
{Quote hidden}

>

2009\05\20@180440 by Tamas Rudnai

face picon face
On Wed, May 20, 2009 at 9:43 PM, Bob Axtell <.....bob.axtellKILLspamspam.....gmail.com> wrote:

> The encrypted bootloader is the cats meow. Because you have to block
> readable access
> at every step of the process, and nothing else (that I am aware of) can do
> it.
>

As you have the binary -- no matter in what form -- you can do some crypto
analysis on it trying to do some clear text attacks and so on. If you know
the encryption method you are a bit closer but if the method is a proven
good one and you were using a long enough key then it can be considered as
safe, yes.

Also you need to cryptographically sign it to make sure noone manipulated
the binary stream in the middle.

Fortunately PIC uses an architecture where the call stack, the code area and
the memory are separated so applying an exploit on the PIC is virtually
impossible -- tricking to do some misbehaviour of the firmware is something
you can still be done, but most probably that is not good enough for getting
the firmware out of the chip.

Tamas
--
http://www.mcuhobby.com

2009\05\22@073344 by Peter Restall

flavicon
face

On Wed, 20 May 2009 23:04:38 +0100, Tamas Rudnai wrote:

> [snip]
>
> Fortunately PIC uses an architecture where the call stack, the code area and
> the memory are separated so applying an exploit on the PIC is virtually
> impossible -- tricking to do some misbehaviour of the firmware is something
> you can still be done, but most probably that is not good enough for getting
> the firmware out of the chip.

At the risk of going off on a slight tangent, I saw something a while ago
about getting firmware out of a protected chip, including some PIC18Fs - I've
just managed to dig out the link:

       http://www.flylogic.net/blog/?m=200710

If these sort of techniques work it should still be possible to clone a board
fully, so even a crypto bootloader wouldn't help - although it would certainly
deter the majority of people wishing/able to do it.

Regards,

Pete Restall

2009\05\26@103315 by alan smith

picon face

Thanks for all the comments about this..my client has decided to continue to do upgrades by having them send in the unit for updates, at his expense in order to try and keep the code semi-secure.

--- On Wed, 5/20/09, Isaac Marino Bavaresco <EraseMEisaacbavarescospam_OUTspamTakeThisOuTyahoo.com.br> wrote:

{Quote hidden}

> -

More... (looser matching)
- Last day of these posts
- In 2009 , 2010 only
- Today
- New search...