• AVR Freaks

Hot!Secured data in PIC32MZ inernal flash

Author
pascalB
New Member
  • Total Posts : 14
  • Reward points : 0
  • Joined: 2017/06/13 07:18:50
  • Location: 0
  • Status: offline
2019/06/26 05:24:03 (permalink)
0

Secured data in PIC32MZ inernal flash

Hi,
 
I would like to save critical data (like https private keys, password, ...) in my PIC32MZ that must be unrecoverable by the user.
I have seen that it is possible to activate the "code protect" that prevents to read directly the program memory, but nothing prevents the user to reprogram the PIC preserving memory zone that he wants to read with a program that reads all the ROM and so he can get the critical data.
 
Is there a way to be sure that my data are unreachable by the user ?
 
#1

8 Replies Related Threads

    ric
    Super Member
    • Total Posts : 23846
    • Reward points : 0
    • Joined: 2003/11/07 12:41:26
    • Location: Australia, Melbourne
    • Status: online
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 05:27:41 (permalink)
    0
    pascalB
    ...
    I have seen that it is possible to activate the "code protect" that prevents to read directly the program memory, but nothing prevents the user to reprogram the PIC preserving memory zone that he wants to read with a program that reads all the ROM and so he can get the critical data.
     

    Clearing code protect will clear ALL of the FLASH.

    I also post at: PicForum
    Links to useful PIC information: http://picforum.ric323.co...opic.php?f=59&t=15
    NEW USERS: Posting images, links and code - workaround for restrictions.
    To get a useful answer, always state which PIC you are using!
    #2
    pascalB
    New Member
    • Total Posts : 14
    • Reward points : 0
    • Joined: 2017/06/13 07:18:50
    • Location: 0
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 05:57:08 (permalink)
    0
    Thank you for your quick answer.
    My problem is if the user makes a program that doesn't clear the code protect but reads the flash to display the data (on UART for example)
    #3
    friesen
    Super Member
    • Total Posts : 2080
    • Reward points : 0
    • Joined: 2008/05/08 05:23:35
    • Location: Indiana, USA
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 06:48:49 (permalink)
    0
    I don't think you understand how this works.  You can't read out a code protected chip with an external programmer.
     
    Also, 'unrecoverable' is somewhat subjective to the value of the desired, but for typical scenarios standard code protection is sufficient.

    Erik Friesen
    #4
    pascalB
    New Member
    • Total Posts : 14
    • Reward points : 0
    • Joined: 2017/06/13 07:18:50
    • Location: 0
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 07:46:47 (permalink)
    0
    I must have misexplained the problem.
    Imagine that I program my PIC with a code including a password registered at address 0x9D010000, and that I have activated the code protect.
    Indeed, an attacker will not be able to read the chip with an external programmer.
    However, if the attacker makes a simple program with the code protect still active, that reads and sends the value registered at address 0x9D010000 on a serial port, and programs the PIC with the option to preserve the memory zone adress 0x9D010000. Will he be able to recover the password?
    #5
    Jim Nickerson
    User 452
    • Total Posts : 6258
    • Reward points : 0
    • Joined: 2003/11/07 12:35:10
    • Location: San Diego, CA
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 07:49:13 (permalink)
    0
    I suggest you give this a try and see what happens.
    #6
    rjc101
    Super Member
    • Total Posts : 108
    • Reward points : 0
    • Joined: 2016/07/08 14:56:34
    • Location: 0
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 07:55:38 (permalink)
    5 (1)
    To quote the datasheet
     
    Prevents boot and program Flash memory from being read or modified by an external programming device.

     
    Which means you cannot just upload a small program to then read and dump the whole of the flash.  To upload new code via an external programmer a device erase is required.
     
    You can also obfuscate the keys / passwords too keeping various sections of keys in separate areas and put them together when you need them.  Put in dummy passwords / keys that don't get used etc.  If you upload new code via a boot loader, then ensure this is encrypted too, so only your code can be uploaded.
    #7
    pascalB
    New Member
    • Total Posts : 14
    • Reward points : 0
    • Joined: 2017/06/13 07:18:50
    • Location: 0
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 08:26:08 (permalink)
    0
    Ok thank you for the explanation and advice
    #8
    maxruben
    Super Member
    • Total Posts : 3365
    • Reward points : 0
    • Joined: 2011/02/22 03:35:11
    • Location: Sweden
    • Status: offline
    Re: Secured data in PIC32MZ inernal flash 2019/06/26 13:56:21 (permalink)
    0
    If you are trying to comply with some cyber-security regulations you should encrypt the sensitive data.
     
    /Ruben
     
     
    #9
    Jump to:
    © 2019 APG vNext Commercial Version 4.5