Exact match. Not showing close matches.
PICList
Thread
'[PIC] protected code'
2009\05\20@100930
by
alan smith
Setting the code protect config bits is supposed to give you a layer of protection, when at least trying to read back from the actual device. I wont get into the discussion about how that can be gotten around.
My question is...when you generate a hex file with these set, can it be dissassembled..ie..is the code protect only valid for reading back from the device.
The basis for the question is a client wants to put code updates for a product on his website, so anyone can download but doesnt want someone to easily able to reverse engineer it. I wasnt sure if this protects the hex file.
2009\05\20@102737
by
Xiaofan Chen
On Wed, May 20, 2009 at 10:09 PM, alan smith <spam_OUTmicro_eng2TakeThisOuT
yahoo.com> wrote:
> My question is...when you generate a hex file with these set,
>can it be dissassembled..ie..is the code protect only valid for
>reading back from the device.
Of course it can be disassembled if you post the hex file.
You may have to encrypt the hex file with certain method.
--
Xiaofan http://mcuee.blogspot.com
2009\05\20@103854
by
Michael Rigby-Jones
|
> -----Original Message-----
> From: .....piclist-bouncesKILLspam
@spam@mit.edu [piclist-bounces
KILLspammit.edu] On
Behalf
> Of alan smith
> Sent: 20 May 2009 15:09
> To: Microcontroller discussion list - Public.
> Subject: [PIC] protected code
>
>
> Setting the code protect config bits is supposed to give you a layer
of
> protection, when at least trying to read back from the actual device.
I
> wont get into the discussion about how that can be gotten around.
>
> My question is...when you generate a hex file with these set, can it
be
> dissassembled..ie..is the code protect only valid for reading back
from
> the device.
>
> The basis for the question is a client wants to put code updates for a
> product on his website, so anyone can download but doesnt want someone
to
> easily able to reverse engineer it. I wasnt sure if this protects the
hex
> file.
>
The code protect bits purely relate to the PIC micro, and prevent useful
code being read out via the programming pins. They have nothing to do
with the hex file generated by your assembler/compiler. If you feel you
need to protect the hex file, you will need to encrypt it in some manner
and give legitimate owners the ability to decrypt it through e.g. a
custom programming tool or via a special bootloader pre-programmed into
the product.
Regards
Mike
=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================
2009\05\20@104211
by
olin piclist
alan smith wrote:
> My question is...when you generate a hex file with these set, can it
> be dissassembled..ie..is the code protect only valid for reading back
> from the device.
Take two deep breaths and try to actually *think* a little. How do you
expect specific data in the HEX file to keep people from reading it? And if
it did, how would the programmer software know how to read it? And even if
programmer software had a means to decrypt a encrypted HEX file, what would
prevent others from using the same decryption means, considering there are
plenty of third party open source programmer applications out there that
work fine whether you set the code protect bits or not.
********************************************************************
Embed Inc, Littleton Massachusetts, http://www.embedinc.com/products
(978) 742-9014. Gold level PIC consultants since 2000.
2009\05\20@104426
by
Alan B. Pearce
>The basis for the question is a client wants to put code updates
>for a product on his website, so anyone can download but doesnt
>want someone to easily able to reverse engineer it. I wasnt sure
>if this protects the hex file.
No it doesn't, it only protects against readback from the device.
To be able to do what your client wants to do, you need a bootloader on the
PIC that can deal with encrypted download files. Microchip have a number of
app notes on bootloaders, and it would be possible to add decryption to
them. XTEA seems to be popular because it is compact and fast, while being
suitably secure.
You don't say what device your client is using, but you do need to note that
not all mid-range devices can use a bootloader. I believe all current 18F
and larger devices can use a bootloader - but check first.
2009\05\20@105144
by
Ricardo de Azambuja
|
One could encrypt a formula or a function inside a assembly file and
then generate the hex file. This way everybody could use the code
without knowing exactly how it do the things, but someone else always
could do a reverse engineering...
[ ]s
---------------------------------
Ricardo de Azambuja
http://www.azamec.com.br
On Wed, May 20, 2009 at 11:43 AM, Olin Lathrop
<.....olin_piclistKILLspam
.....embedinc.com> wrote:
{Quote hidden}> alan smith wrote:
>> My question is...when you generate a hex file with these set, can it
>> be dissassembled..ie..is the code protect only valid for reading back
>> from the device.
>
> Take two deep breaths and try to actually *think* a little. How do you
> expect specific data in the HEX file to keep people from reading it? And if
> it did, how would the programmer software know how to read it? And even if
> programmer software had a means to decrypt a encrypted HEX file, what would
> prevent others from using the same decryption means, considering there are
> plenty of third party open source programmer applications out there that
> work fine whether you set the code protect bits or not.
>
>
> ********************************************************************
> Embed Inc, Littleton Massachusetts,
http://www.embedinc.com/products
> (978) 742-9014. Gold level PIC consultants since 2000.
>
2009\05\20@105739
by
John Coppens
On Wed, 20 May 2009 07:09:29 -0700 (PDT)
alan smith <EraseMEmicro_eng2spam_OUT
TakeThisOuTyahoo.com> wrote:
> My question is...when you generate a hex file with these set, can it be
> dissassembled..ie..is the code protect only valid for reading back from
> the device.
>
> The basis for the question is a client wants to put code updates for a
> product on his website, so anyone can download but doesnt want someone
> to easily able to reverse engineer it. I wasnt sure if this protects
> the hex file.
Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
use a password. Publish on the 'net, and give the password only to the
correct users.
John
2009\05\20@110137
by
alan smith
|
Well thats what I figured...but now and then the obvious isnt so...and I told this to the client but he was.."but its code protected". So figured I would simply ask, making sure I didnt overlook something. The conversation will go..."like I told you"..."did you ask anyone?"..."Yes"..
--- On Wed, 5/20/09, Olin Lathrop <olin_piclist
spam_OUTembedinc.com> wrote:
{Quote hidden}> From: Olin Lathrop <
@spam@olin_piclistKILLspam
embedinc.com>
> Subject: Re: [PIC] protected code
> To: "Microcontroller discussion list - Public." <
KILLspampiclistKILLspam
mit.edu>
> Date: Wednesday, May 20, 2009, 7:43 AM
> alan smith wrote:
> > My question is...when you generate a hex file with
> these set, can it
> > be dissassembled..ie..is the code protect only valid
> for reading back
> > from the device.
>
> Take two deep breaths and try to actually *think* a
> little. How do you
> expect specific data in the HEX file to keep people from
> reading it? And if
> it did, how would the programmer software know how to read
> it? And even if
> programmer software had a means to decrypt a encrypted HEX
> file, what would
> prevent others from using the same decryption means,
> considering there are
> plenty of third party open source programmer applications
> out there that
> work fine whether you set the code protect bits or not.
>
>
> ********************************************************************
> Embed Inc, Littleton Massachusetts,
http://www.embedinc.com/products
> (978) 742-9014. Gold level PIC consultants since
> 2000.
> -
2009\05\20@111149
by
olin piclist
John Coppens wrote:
> Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
> use a password. Publish on the 'net, and give the password only to the
> correct users.
Who will the post it on the web.
********************************************************************
Embed Inc, Littleton Massachusetts, http://www.embedinc.com/products
(978) 742-9014. Gold level PIC consultants since 2000.
2009\05\20@111411
by
Tamas Rudnai
You can use TEA for example
http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
...and I remember somebody was talking about encrypted bootloader here in a
while ago so if you search on PicList archive you will find it for sure.
Sorry for my short memory.
Tamas
On Wed, May 20, 2009 at 4:01 PM, alan smith <RemoveMEmicro_eng2TakeThisOuT
yahoo.com> wrote:
{Quote hidden}>
> Well thats what I figured...but now and then the obvious isnt so...and I
> told this to the client but he was.."but its code protected". So figured I
> would simply ask, making sure I didnt overlook something. The conversation
> will go..."like I told you"..."did you ask anyone?"..."Yes"..
>
> --- On Wed, 5/20/09, Olin Lathrop <
spamBeGoneolin_piclistspamBeGone
embedinc.com> wrote:
>
> > From: Olin Lathrop <
TakeThisOuTolin_piclistEraseME
spam_OUTembedinc.com>
> > Subject: Re: [PIC] protected code
> > To: "Microcontroller discussion list - Public." <
RemoveMEpiclist
TakeThisOuTmit.edu>
> > Date: Wednesday, May 20, 2009, 7:43 AM
> > alan smith wrote:
> > > My question is...when you generate a hex file with
> > these set, can it
> > > be dissassembled..ie..is the code protect only valid
> > for reading back
> > > from the device.
> >
> > Take two deep breaths and try to actually *think* a
> > little. How do you
> > expect specific data in the HEX file to keep people from
> > reading it? And if
> > it did, how would the programmer software know how to read
> > it? And even if
> > programmer software had a means to decrypt a encrypted HEX
> > file, what would
> > prevent others from using the same decryption means,
> > considering there are
> > plenty of third party open source programmer applications
> > out there that
> > work fine whether you set the code protect bits or not.
> >
> >
> > ********************************************************************
> > Embed Inc, Littleton Massachusetts,
http://www.embedinc.com/products
> > (978) 742-9014. Gold level PIC consultants since
> > 2000.
> > --
2009\05\20@111916
by
Harold Hallikainen
> John Coppens wrote:
>> Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
>> use a password. Publish on the 'net, and give the password only to the
>> correct users.
>
> Who will the[n] post it on the web.
To be secure, I think the decryption has to happen in the bootloader with
the key in the code protected bootloader.
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!
2009\05\20@112644
by
Mark Rages
On Wed, May 20, 2009 at 9:57 AM, John Coppens <johnEraseME
.....jcoppens.com> wrote:
> On Wed, 20 May 2009 07:09:29 -0700 (PDT)
> alan smith <EraseMEmicro_eng2
yahoo.com> wrote:
>
> > My question is...when you generate a hex file with these set, can it be
> > dissassembled..ie..is the code protect only valid for reading back from
> > the device.
> >
> > The basis for the question is a client wants to put code updates for a
> > product on his website, so anyone can download but doesnt want someone
> > to easily able to reverse engineer it. I wasnt sure if this protects
> > the hex file.
>
> Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
> use a password. Publish on the 'net, and give the password only to the
> correct users.
>
This is probably the best answer, but hex files are so small that you could
just give the hex file to the correct users and have similar security with
less hassle.
Zip encryption is subject to a plaintext attack if you include a known or
guessable file in the archive. I wouldn't use it for serious encryption. I
know nothing about RAR encryption.
Regards,
Mark
markrages@gmail
--
Mark Rages, Engineer
Midwest Telecine LLC
RemoveMEmarkragesEraseME
EraseMEmidwesttelecine.com
2009\05\20@114837
by
Herbert Graf
On Wed, 2009-05-20 at 07:09 -0700, alan smith wrote:
> Setting the code protect config bits is supposed to give you a layer of protection, when at least trying to read back from the actual device. I wont get into the discussion about how that can be gotten around.
>
> My question is...when you generate a hex file with these set, can it be dissassembled..ie..is the code protect only valid for reading back from the device.
>
> The basis for the question is a client wants to put code updates for a product on his website, so anyone can download but doesnt want someone to easily able to reverse engineer it. I wasnt sure if this protects the hex file.
The code protect bit is just a setting in the PIC's config space, aside
from that bit being flipped in the hex file there is no difference in
the hex file.
TTYL
2009\05\20@155042
by
Richard Prosser
|
If the client is determined that his clients have web access to the
hex file, why not get him to setup a password secured web page?
RP
2009/5/21 Herbert Graf <RemoveMEhkgrafspam_OUT
KILLspamgmail.com>:
{Quote hidden}> On Wed, 2009-05-20 at 07:09 -0700, alan smith wrote:
>> Setting the code protect config bits is supposed to give you a layer of protection, when at least trying to read back from the actual device. I wont get into the discussion about how that can be gotten around.
>>
>> My question is...when you generate a hex file with these set, can it be dissassembled..ie..is the code protect only valid for reading back from the device.
>>
>> The basis for the question is a client wants to put code updates for a product on his website, so anyone can download but doesnt want someone to easily able to reverse engineer it. I wasnt sure if this protects the hex file.
>
> The code protect bit is just a setting in the PIC's config space, aside
> from that bit being flipped in the hex file there is no difference in
> the hex file.
>
> TTYL
>
>
2009\05\20@160728
by
Vitaliy
Richard Prosser wrote:
>If the client is determined that his clients have web access to the
hex file, why not get him to setup a password secured web page?<
Because he doesn't want people to take his HEX file and use it in someone
else's device.
Bootloader with encryption is the way to go.
Vitaliy
More... (looser matching)
- Last day of these posts
- In 2009
, 2010 only
- Today
- New search...