Post by thread:[PIC]: Breaking Code Protection

Hi I remember a couple of years back, there was a lot of stories/methods/speculation about Microchip PICs' code protection being crackable, and one I remember is applying a certain voltage to the program pin on one of the MCU's made the code readable. Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. I've seen circuits where the manufacturers rubbed the model and other details off the surface of the chips, possibly to make it unidentifyable. The prefered method would however be onchip code protection. I would hate to market a products that could be read and copied. Cheers Werner -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

On Wed, 26 Feb 2003 12:31:06 +0200, you wrote: >Hi > >I remember a couple of years back, there was a lot of stories/methods/speculation about Microchip PICs' code protection being crackable, and one I remember is applying a certain voltage to the program pin on one of the MCU's made the code readable. > >Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. Microchip are the only compoany to have been publicly burned over code protection through the pirate satellite card market, and I think this probably means they have taken a harder look than many others at security, and I probably have more confidence in theirs than many others. of course given sufficient resources nothing is secure. The question is whether it is 'secure enough' to protect against attacks which likely in your market, or other markets which use that chip. > I've seen circuits where the manufacturers rubbed the model and other details off the surface of the chips, possibly to make it unidentifyable. The prefered method would however be onchip code protection. Scrubbing numbers (and potting things) is a pathetic, pointless gesture by manufacturers who don't understand security. It does not significantly add to the difficulty of reverse-engineering a product. -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

>Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. I believe the prior publicly identified issues were addressed (16C84 -> 16F84) but that would only be a temporary reprieve. My understanding is that anything can be hacked for enough dollars. I believe the protection time for devices that people really really want to copy is measured in months and that this is considered enough lead time in markets where it matters to make protection worthwhile. We have had people on this list in the past (but not for long :-) * ) offering to hack anything for fees in the thousands of $US. Which doesn't mean they can always do it of course. * The name Starfire Zhu rings some sort of mental bell but it may just be the increasing level of background noise there. Googles ..... Hey! - fancy that - it's a real name. As of 1999 anyway. See below. Maybe you could contact the address given below and ask him if he is in that business and if so how much to "inspect" a PICxxx of your choice. That would give you some idea. Of course, this may be an entirely different Starfire Zhu than the one I remember :-) Russell McMahon Best reguards! ----------------------------------------------- Yours Truly, 8-) TEL: 86-756-2236157 2115540 FAX: 2115541 Starfire Zhu 8-) Email: spam_OUTzhuxhTakeThisOuTcheerful.com ICQ#:7037093 ----------------------------------------------- & Re: ??VOLTAGE FOLLOWER(?????),?????????????Starfire Zhu - 12? 29? -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

At 10:45 AM 2/26/2003 +0000, you wrote: >Scrubbing numbers (and potting things) is a pathetic, pointless gesture by >manufacturers who don't >understand security. It does not significantly add to the difficulty of >reverse-engineering a >product. I take it as a clear indication that they are small quantity makers and their profit margin is too high. Although I've had it done very occasionally when I was using a part (not a micro) well outside of its published application area etc. Best regards, Spehro Pefhany --"it's the network..." "The Journey is the reward" .....speffKILLspam@spam@interlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

I understood a while back that the military has a potting compound that turns to an acid when the surface film is broken and eats up the stuff inside. It seemed like a fascinating idea, fueled by spy-show images of the self-destructing cassette player that tells Bond of his new mission. I wonder if it was actually used, or just another rumor? -- Lawrence Lile Spehro Pefhany <speffKILLspamINTERLOG.COM> Sent by: pic microcontroller discussion list <.....PICLISTKILLspam.....MITVMA.MIT.EDU> 02/26/2003 07:53 AM Please respond to pic microcontroller discussion list To: EraseMEPICLISTspam_OUTTakeThisOuTMITVMA.MIT.EDU cc: Subject: Re: [PIC]: Breaking Code Protection At 10:45 AM 2/26/2003 +0000, you wrote: >Scrubbing numbers (and potting things) is a pathetic, pointless gesture by >manufacturers who don't >understand security. It does not significantly add to the difficulty of >reverse-engineering a >product. I take it as a clear indication that they are small quantity makers and their profit margin is too high. Although I've had it done very occasionally when I was using a part (not a micro) well outside of its published application area etc. Best regards, Spehro Pefhany --"it's the network..." "The Journey is the reward" speffspam_OUTinterlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

Spehro Pefhany wrote: > > >Scrubbing numbers (and potting things) is a pathetic, pointless gesture by > >manufacturers who don't > >understand security. It does not significantly add to the difficulty of > >reverse-engineering a > >product. > > I take it as a clear indication that they are small quantity makers and their > profit margin is too high. I'm reluctant to add more negativity to a piclist that seems full of it recently, but isn't this attitude a bit arrogant? Are you suggesting that "small quantity makers" with high profit margins are failing, or somehow inferior to the way *you* choose to do it?? Business empires have been built on small quantity products with high profit margins, look at Lamborghini etc. -Roman -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

I know some one who claims to have hacked the PIC protection many times right the way up through the various protection methods. It still can be done just requires an electron micro scope and a few other things I really should not mention. >Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. I believe the prior publicly identified issues were addressed (16C84 -> 16F84) but that would only be a temporary reprieve. My understanding is that anything can be hacked for enough dollars. I believe the protection time for devices that people really really want to copy is measured in months and that this is considered enough lead time in markets where it matters to make protection worthwhile. We have had people on this list in the past (but not for long :-) * ) offering to hack anything for fees in the thousands of $US. Which doesn't mean they can always do it of course. * The name Starfire Zhu rings some sort of mental bell but it may just be the increasing level of background noise there. Googles ..... Hey! - fancy that - it's a real name. As of 1999 anyway. See below. Maybe you could contact the address given below and ask him if he is in that business and if so how much to "inspect" a PICxxx of your choice. That would give you some idea. Of course, this may be an entirely different Starfire Zhu than the one I remember :-) Russell McMahon Best reguards! ----------------------------------------------- Yours Truly, 8-) TEL: 86-756-2236157 2115540 FAX: 2115541 Starfire Zhu 8-) Email: @spam@zhuxhKILLspamcheerful.com ICQ#:7037093 ----------------------------------------------- & Re: ??VOLTAGE FOLLOWER(?????),?????????????Starfire Zhu - 12? 29? -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

And the reason that profit margins need to be high is PRECISELY because the volumes are low. Most people can't afford to work for free and may need to take measures to prevent the theft of their intellectual property. (Been there, have the scars). If you set your price too high, people just go elsewhere since there are many ways to skin the same cat. It's not that hard to dissolve away the epoxy covering a chip, and in the case of PICs to use a focused laser to zap the EEPROM protection bit. Even though Microchip claims that the bit is hidden under an aluminum layer, enough heat can be generated locally to erase/overide the bit (it just takes some time). If you want a secure part, look at the Atmel devices which scramble the address and data with XOR keys that are held in volatile RAM. Opening the chip clears the RAM and it is a difficult exercise to go through all possible keys to try to recreate the program from the encrypted remnants. Simple stuff like potting or scraping off numbers adds an hour or two at most, unless you have your own silicon foundry to make a custom processor so that any stolen code is useless. Just look at how the DTH satellite security system has been repeatedly hacked to realize that no chip is totally secure. R Roman Black wrote: {Quote hidden}> > Spehro Pefhany wrote: > > > > >Scrubbing numbers (and potting things) is a pathetic, pointless gesture by > > >manufacturers who don't > > >understand security. It does not significantly add to the difficulty of > > >reverse-engineering a > > >product. > > > > I take it as a clear indication that they are small quantity makers and their > > profit margin is too high. > > I'm reluctant to add more negativity to a piclist > that seems full of it recently, but isn't this > attitude a bit arrogant? > > Are you suggesting that "small quantity makers" > with high profit margins are failing, or somehow > inferior to the way *you* choose to do it?? > > Business empires have been built on small quantity > products with high profit margins, look at > Lamborghini etc. > -Roman -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

At 02:23 AM 2/27/2003 +1100, you wrote: >Spehro Pefhany wrote: > > > > >Scrubbing numbers (and potting things) is a pathetic, pointless gesture by > > >manufacturers who don't > > >understand security. It does not significantly add to the difficulty of > > >reverse-engineering a > > >product. > > > > I take it as a clear indication that they are small quantity makers and > their > > profit margin is too high. > > >I'm reluctant to add more negativity to a piclist >that seems full of it recently, but isn't this >attitude a bit arrogant? >Are you suggesting that "small quantity makers" >with high profit margins are failing, or somehow >inferior to the way *you* choose to do it?? I mean they are broadcasting their vulnerability. Not, IMHO, the right thing to do. Just build a good product and sell it at a reasonable price for the market size and you don't have to do that sort of thing. When have you ever seen a well-known company do that? The anti-copy measures only stop low-grade copiers that don't have the ability to design the product from scratch. I've had products copied by basement shops, it really didn't make much difference because I was on version III by the time they copied version I, and their overall costs were higher. Only way then to compete is to cut their price, which means they don't have any future. The nice thing about microcontrollers such as PICs is that you can embed special algorithms into the chip, and the product is then often a fair bit harder to casually copy. If you did the same thing with jellybean chips, it would be much easier. >Business empires have been built on small quantity >products with high profit margins, look at >Lamborghini etc. Are you claiming that Lamborghini grinds the part numbers off their chips to try to prevent people from copying the Diablo in their garage? ;-) Best regards, Spehro Pefhany --"it's the network..." "The Journey is the reward" KILLspamspeffKILLspaminterlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

This link seems to be quite interesting... http://www.cl.cam.ac.uk/~sps32/mcu_lock.html -----Original Message----- From: Timothy Box [RemoveMETimTakeThisOuTTJBSYSTEMS.COM] Sent: Wednesday, February 26, 2003 10:06 AM To: spamBeGonePICLISTspamBeGoneMITVMA.MIT.EDU Subject: Re: [PIC]: Breaking Code Protection I know some one who claims to have hacked the PIC protection many times right the way up through the various protection methods. It still can be done just requires an electron micro scope and a few other things I really should not mention. >Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. I believe the prior publicly identified issues were addressed (16C84 -> 16F84) but that would only be a temporary reprieve. My understanding is that anything can be hacked for enough dollars. I believe the protection time for devices that people really really want to copy is measured in months and that this is considered enough lead time in markets where it matters to make protection worthwhile. We have had people on this list in the past (but not for long :-) * ) offering to hack anything for fees in the thousands of $US. Which doesn't mean they can always do it of course. * The name Starfire Zhu rings some sort of mental bell but it may just be the increasing level of background noise there. Googles ..... Hey! - fancy that - it's a real name. As of 1999 anyway. See below. Maybe you could contact the address given below and ask him if he is in that business and if so how much to "inspect" a PICxxx of your choice. That would give you some idea. Of course, this may be an entirely different Starfire Zhu than the one I remember :-) Russell McMahon Best reguards! ----------------------------------------------- Yours Truly, 8-) TEL: 86-756-2236157 2115540 FAX: 2115541 Starfire Zhu 8-) Email: TakeThisOuTzhuxhEraseMEspam_OUTcheerful.com ICQ#:7037093 ----------------------------------------------- & Re: ??VOLTAGE FOLLOWER(?????),?????????????Starfire Zhu - 12? 29? -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

On Wed, 26 Feb 2003 11:08:48 -0700, you wrote: >And the reason that profit margins need to be high is PRECISELY because the >volumes are low. Most people can't afford to work for free and may need >to take measures to prevent the theft of their intellectual property. >(Been there, have the scars). If you set your price too high, people just >go elsewhere since there are many ways to skin the same cat. > >It's not that hard to dissolve away the epoxy covering a chip, and in >the case of PICs to use a focused laser to zap the EEPROM protection >bit. Even though Microchip claims that the bit is hidden under an aluminum >layer, enough heat can be generated locally to erase/overide the bit >(it just takes some time). >If you want a secure part, look at the Atmel devices which scramble the >address and data with XOR keys that are held in volatile RAM. Opening the >chip clears the RAM and it is a difficult exercise to go through all possible >keys to try to recreate the program from the encrypted remnants. Aren't you thinking of the Dallas 5000 devices - Actually these have been hacked. There is a very interesting article describing this and other hardware security issues here : http://www.cl.cam.ac.uk/~mgk25/tamper.pdf -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

At 07:08 PM 2/26/2003 +0000, you wrote: > >The nice thing about microcontrollers such as PICs is that you can embed > >special algorithms into the chip, and the product is then often a fair bit > >harder to casually copy. If you did the same thing with jellybean chips, > >it would be much easier. > >Another thing that's worth doing where you have the space is to add some >hidden functionality, so >you can prove that someone copied your code instead of re-engineering >their own. Sure, put an Easter Egg in there if you are worried. Most of my products are externally complex enough that it's obvious if they were copied. Best regards, Spehro Pefhany --"it's the network..." "The Journey is the reward" RemoveMEspeffTakeThisOuTinterlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

On Wed, 26 Feb 2003 14:16:47 -0500, you wrote: >At 07:08 PM 2/26/2003 +0000, you wrote: >> >The nice thing about microcontrollers such as PICs is that you can embed >> >special algorithms into the chip, and the product is then often a fair bit >> >harder to casually copy. If you did the same thing with jellybean chips, >> >it would be much easier. >> >>Another thing that's worth doing where you have the space is to add some >>hidden functionality, so >>you can prove that someone copied your code instead of re-engineering >>their own. > >Sure, put an Easter Egg in there if you are worried. Most of my products >are externally complex enough that it's obvious if they were copied. ..but something that provides conclusive proof to non-technical people (e.g. judge, jury etc. ) can't hurt. Some years ago someone I know found out how good an idea this was - He'd filled spare areas of a ROM with random values, mainly to make it harder to dissasemble. A competitor copied it, changing obvious things like names. Because of the random blocks, it was a very simple matter to prove they copied it and the infringer settled before going to court. If you can, say, press an obscure sequence of buttons and have a copyright message (mildly encrypted of course to hide it to anyone looking at the code) appear on a display (even a LED in morse code....!), at the very least it could save time and lawyers' fees....! -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

Mike Harrison wrote: > >If you want a secure part, look at the Atmel devices which scramble the > >address and data with XOR keys that are held in volatile RAM. Opening the > >chip clears the RAM and it is a difficult exercise to go through all possible > >keys to try to recreate the program from the encrypted remnants. > > Aren't you thinking of the Dallas 5000 devices - Actually these have been hacked. Yes I meant the Dallas devices. Commonly used on "battery cards" so that the pirates can protect their piracy code from other pirates <G>. The Dallas parts are much less hackable than PICs IMO. As always it is a trade off between cost of protection vs cost of I.P. loss. Copywrong and Patent laws are only good if you have really deep pockets so you can afford enforce your rights. And by the time you get your infringer into court the market will have changed. And a lot of countries have very poor law for protecting intellectual property (I.P.), so you basically have to sell as many devices as you can, as quickly as you can, then get out when the knock off's appear. > There is a very interesting article describing this and other hardware security issues here : > http://www.cl.cam.ac.uk/~mgk25/tamper.pdf A "Must read" for anyone considering code protection. Again, many ways to secure the cat. R -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

At 07:32 PM 2/26/2003 +0000, you wrote: > >are externally complex enough that it's obvious if they were copied. >..but something that provides conclusive proof to non-technical people >(e.g. judge, jury etc. ) >can't hurt. Some years ago someone I know found out how good an idea this >was - He'd filled spare >areas of a ROM with random values, mainly to make it harder to >dissasemble. A competitor copied it, >changing obvious things like names. Because of the random blocks, it was a >very simple matter to >prove they copied it and the infringer settled before going to court. Did the competitor actually break copy protection on a microcontroller or just burn a copied EPROM on a microprocessor? >If you can, say, press an obscure sequence of buttons and have a >copyright message (mildly >encrypted of course to hide it to anyone looking at the code) appear on a >display (even a LED in >morse code....!), at the very least it could save time and lawyers' fees....! It also saves you from having to break copy protection on the competitor's unit in order to determine for sure that its been copied! That could actually be a criminal act in some jurisdictions. Note that many ordinary data sheets (including uChip literature) are now *legally* protected from modification (such as pulling pages out for documentation) by the rather draconian DMCA legislation (in the US at least). It's embedded, including a "criminal" warning, in the PDFs. Best regards, Spehro Pefhany --"it's the network..." "The Journey is the reward" speffEraseME.....interlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

On Wed, 26 Feb 2003 14:44:59 -0500, you wrote: >At 07:32 PM 2/26/2003 +0000, you wrote: > >> >are externally complex enough that it's obvious if they were copied. >>..but something that provides conclusive proof to non-technical people >>(e.g. judge, jury etc. ) >>can't hurt. Some years ago someone I know found out how good an idea this >>was - He'd filled spare >>areas of a ROM with random values, mainly to make it harder to >>dissasemble. A competitor copied it, >>changing obvious things like names. Because of the random blocks, it was a >>very simple matter to >>prove they copied it and the infringer settled before going to court. > >Did the competitor actually break copy protection on a microcontroller or just >burn a copied EPROM on a microprocessor? Copied an eprom. -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

At 08:52 PM 2/26/2003 +0100, you wrote: > > Note that many ordinary data sheets (including uChip > > literature) are now > > *legally* protected from modification (such as pulling pages out for > > documentation) by the rather draconian DMCA legislation (in the US at > > least). It's embedded, including a "criminal" warning, in the > > PDFs. > >There is still a world *outside* US jurisdiction ;) Dmitry Sklyarov might disagree, though I think his company (Elcomsoft) and he were eventually found not guilty. I'm not sure that the lack of jurisdiction was the reason, however. Extraterritorial legislation is becoming more common, starting with politically unassailable attempts to punish criminal activity such as child exploitation. It's an interesting approach- take rather weak technical protection and wrap DMCA legislation around it that can put someone who modifies it in jail. Best regards, Spehro Pefhany --"it's the network..." "The Journey is the reward" EraseMEspeffinterlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

On Wed, 26 Feb 2003, Spehro Pefhany wrote: > At 02:23 AM 2/27/2003 +1100, you wrote: > > > >Scrubbing numbers (and potting things) > I mean they are broadcasting their vulnerability. Not, IMHO, the right > thing to do. Just build a good product and sell it at a reasonable > price for the market size and you don't have to do that sort of thing. > When have you ever seen a well-known company do that? All the time. IBM and Seagate, just for two that immediately pop to mind. It's quite common. But I also agree with most of the rest of what you say. Dale -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

On Wed, 26 Feb 2003 15:10:10 -0500, you wrote: >At 08:52 PM 2/26/2003 +0100, you wrote: >> > Note that many ordinary data sheets (including uChip >> > literature) are now >> > *legally* protected from modification (such as pulling pages out for >> > documentation) by the rather draconian DMCA legislation (in the US at >> > least). It's embedded, including a "criminal" warning, in the >> > PDFs. >> >>There is still a world *outside* US jurisdiction ;) Have you seen the new EU copyright directive - the US doesn't have the monopoly on Dumb Laws! -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

>If you want a secure part, look at the Atmel devices which >scramble the address and data with XOR keys that are held >in volatile RAM. Opening the chip clears the RAM and it is >a difficult exercise to go through all possible keys to try >to recreate the program from the encrypted remnants. The other secure devices are some FPGA devices from Actel which are claimed to be secure against having the layers shaved off, as there is supposedly no detectable change in the composition when the programming bits are programmed versus the non-programmed state. If one need a really secure device then the way to do it would probably be to get an IP core for a PIC (or other suitable micro) to use in one of these, using a big enough device to include sufficient program memory as well. If going this route then space can probably be saved by removing decoding of unused instructions from the micro IP core, to do a "RISC PIC Instruction set" (how often do you use the DAA, TRIS and OPTION instructions ?) -- http://www.piclist.com hint: The list server can filter out subtopics (like ads or off topics) for you. See http://www.piclist.com/#topics

There was a web page I read several years ago which went through several layers of breaking harder and harder types of code protection. I'm sorry to not have it on hand now... The bottom line was that nothing is impossible. The better the protection, the more someone has to pay money, time, or study into breaking it. You need to take a look at the cost of securing your device, the cost of having someone else pirate it, and the cost of legal action if/when you discover the piracy. If those things add up to a lot of money, then you'd be wise to make certian your chips couldn't be broken. I suspect that perhaps $5000, several protected chips, and a good knowledge of the code protection mechanism would be enough to get at the code, plus some free time with a scanning electron microscope and knowledge of semiconductor dies. I doubt you could find a chip currently at the same price os the PIC with as good a protection as it has. But let's say for the sake of discussion that your nemesis has the aformentioned resources and a desire to duplicate your code. At this point you want to make the litigation as easy as possible, so you hide some interesting, non-obvious easter eggs in your code - ideally ones which, if removed or changed significantly, will affect the rest of the device. When their product goes to market, you simply inspect the operation of the device. If it exhibits your odd behavior, then it'll be relatively easy to cause them to cease and desist and return to you monetary damages. But the only thing really worth protecting are universal (or global) non-expiring (or infrequently expiring) cryptographic keys. Ideally cryptography, when implemented in any form, is reasonably secured and keys change as frequently as the physical security permits and calls for. This is because if someone wants to duplicate your device, they can spend $5000 on many contractors on this list to duplicate the functionality (and add some) without even reverse engineering your device. They don't have to have any of the special equipment, just mpasm and a programmer. The only real reason to get the actual code from a chip is to obtain keys within it. As to whether it's good enough for you application - well, that depends on the factors above. Judge for yourself. -Adam Werner Soekoe wrote: {Quote hidden}>Hi > >I remember a couple of years back, there was a lot of stories/methods/speculation about Microchip PICs' code protection being crackable, and one I remember is applying a certain voltage to the program pin on one of the MCU's made the code readable. > >Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. I've seen circuits where the manufacturers rubbed the model and other details off the surface of the chips, possibly to make it unidentifyable. The prefered method would however be onchip code protection. > >I would hate to market a products that could be read and copied. > >Cheers >Werner > > >-- >http://www.piclist.com hint: PICList Posts must start with ONE topic: >[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads > > > > > -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details.

On Fri, 28 Feb 2003, M. Adam Davis wrote: *>The bottom line was that nothing is impossible. The better the *>protection, the more someone has to pay money, time, or study into *>breaking it. The bottom line is that if it is computable it will be computed, therefore make it un-computable. As in one-time codepad ? There is nothing new about this, those have been around for minimum 60 years afaik. Besides tempest and such used on one of the ends. The only new thing is crypto companies betting their maths against the speed with which entropy and other people's math and computers catch up with their products imho. If they catch up slowly then they have a good product which sort of auto-expires. I like this as a business concept. Peter -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details.