• AVR Freaks

Helpful ReplyHot!Is there any Code Protection mechanism of Microchip MCUs?

Page: < 12 Showing page 2 of 2
Author
1and0
Access is Denied
  • Total Posts : 11000
  • Reward points : 0
  • Joined: 2007/05/06 12:03:20
  • Location: Harry's Gray Matter
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 19:52:12 (permalink)
+2 (2)
NorthGuy
But re-development is likely to be cheaper - the idea which made the product successful is evident without breaking in - the implementation is not that important.

... and re-development usually leads to a better product with improved features -- been there done that. ;)
 
#21
PStechPaul
Super Member
  • Total Posts : 2814
  • Reward points : 0
  • Joined: 2006/06/27 16:11:32
  • Location: Cockeysville, MD, USA
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 22:54:20 (permalink) ☄ Helpfulby WeHongKongers 2020/06/04 20:13:30
+2 (2)
Would it be possible to "booby trap" the circuit so that an attempt to read the device would activate some hardware which would inject a high voltage pulse into the chip to destroy its contents? Or maybe initiate a sequence that overwrites the code with gibberish or perhaps a seemingly valid but non-functional program? There may also be mechanical means to make it difficult to access the programming pins, perhaps by cutting them off, and maybe applying a cover or coating that would inhibit most attempts to remove the epoxy packaging to access the bare chip inside. If the product is connected to the internet, perhaps it could detect intrusion and "phone home" to signal a tamper alarm with IP address to locate the miscreant.

 
#22
_dex
Junior Member
  • Total Posts : 117
  • Reward points : 0
  • Joined: 2008/03/19 13:57:34
  • Location: 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/04 00:58:38 (permalink) ☄ Helpfulby WeHongKongers 2020/06/04 20:12:12
0
Not more than few days someones posted a topic about this:
https://www.ds30loader.com/images/files/ds30-Secure-Loader-product-brief.pdf
Never used, its comemrcial probably but look as it is what you are looking for.
#23
dan1138
Super Member
  • Total Posts : 3731
  • Reward points : 0
  • Joined: 2007/02/21 23:04:16
  • Location: 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/04 14:44:09 (permalink)
+2 (2)
PStechPaul
Would it be possible to "booby trap" the circuit so that an attempt to read the device would activate some hardware which would inject a high voltage pulse into the chip to destroy its contents?

To actually make it secure assume that your adversaries are at least as smart as you are and they have all of the technical details of your hardware. So if you can create a method that can defend your IP for 180 day against someone with a nation sized budget your code can be considered safe enough.
#24
WeHongKongers
Super Member
  • Total Posts : 229
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/04 20:12:02 (permalink)
+1 (1)
_dex
Not more than few days someones posted a topic about this:
https://www.ds30loader.com/images/files/ds30-Secure-Loader-product-brief.pdf
Never used, its comemrcial probably but look as it is what you are looking for.



This one looks quite close to what I am looking for.  Thanks.
#25
WeHongKongers
Super Member
  • Total Posts : 229
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/04 20:18:47 (permalink)
+1 (1)
Yes, self-destructive method is also a very good direction for IP Protection.  Smile: Smile
 
If we are able to place big order, can we request the manufacturer to remark the chips to their designer's favour?  I think it is the simplest way.  How do you guys think?  Smile: Smile
 
#26
ric
Super Member
  • Total Posts : 28009
  • Reward points : 0
  • Joined: 2003/11/07 12:41:26
  • Location: Australia, Melbourne
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/04 20:52:08 (permalink)
+1 (1)
HKPhysicist
Yes, self-destructive method is also a very good direction for IP Protection.  Smile: Smile
 
If we are able to place big order, can we request the manufacturer to remark the chips to their designer's favour?  I think it is the simplest way.  How do you guys think?  Smile: Smile

Yes. You would need to speak to your FAE to find out what quantity you need to order.
We did it once for a PIC16F1xxxx chip. I think we had to order about 10,000 of them.
 

I also post at: PicForum
Links to useful PIC information: http://picforum.ric323.co...opic.php?f=59&t=15
NEW USERS: Posting images, links and code - workaround for restrictions.
To get a useful answer, always state which PIC you are using!
#27
JRF
Super Member
  • Total Posts : 84
  • Reward points : 0
  • Joined: 2013/12/20 06:51:41
  • Location: Suffolk, UK
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/05 08:40:48 (permalink)
+1 (1)
You still assume you can get past my security to load your own code, which you can't.
How exactly do you get your code into my PIC when my input routine is manipulating your data, first to see if the right challenge response occurs, and then after than, more manipulations to turn what would be my encoded data into executable code PLUS the checksum calculations of my own creation which must agree with the checksum YOU would have to send my program before it commits the input data to run time memory..
 
My bootloader is your only gateway into my device and I'm not letting anyone in except me.
 
With the entire chip protected, as it is, you can't do anything except talk to my bootloader which will basically ignore you because your command structure to engage the bootloader to look for new code will be wrong because I won't be telling you what it is.
Assume you look at a 'proper' serial data stream and work out the command that says an update is in progress which would be a good trick...
You will need to format your next block, presumably to overwrite my bootloader, assuming you know where it is, to the right size with the check characters in the right place without my bootloader algorithm mangling your executable code into gibberish.
 
Within my update serial stream are false packets simply to make the serial stream look larger than it actually is.
You can't analyse the stream to determine the decoding algorithm as each block is encoded differently, like a one time pad if you know about codes and cyphers.
I am sure Microchip would have something to say if their secure devices could be hacked as easily as you suggest.
 
Fortunately, my devices remain secure despite many attempts to get past the security.
Until someone manages to hijack one of my devices, I remain entirely happy with my boot loader algorithm and the protection that Microchip apply so that code and data blocks are hidden from view when the protect bits are correctly set.
 
Changing these would be another good trick.
I am done... and retired some 10 years so I have nothing to prove and my products remain in production and secure from snooping.
Best wishes of course and no offence is given and none should be implied.
#28
dan1138
Super Member
  • Total Posts : 3731
  • Reward points : 0
  • Joined: 2007/02/21 23:04:16
  • Location: 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/05 10:21:40 (permalink)
+1 (3)
@JRF,
 
I believe you have done a fine job in crafting a loader, but doors are only as secure as the house they are built in to.
 
As I see it these are the possibilities:
  • Your loader is as secure as you claim
  • The Intellectual Property secured is of too low a value
  • No serious well funded attempt has been made
  • You are unaware of successful attacks
Remember that just because you cannot find a way to crack in to your loader does not mean there is no way to do it.
 
Security buys time, good enough security buys just enough time. It's a balance of costs and benefits.
 
We live in an age of wonders where you go from rockets exploding to people walking on the moon in 8 years.
 
Things are only impossible until they are not.
 
Best of luck in future.
#29
1and0
Access is Denied
  • Total Posts : 11000
  • Reward points : 0
  • Joined: 2007/05/06 12:03:20
  • Location: Harry's Gray Matter
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/05 12:26:03 (permalink)
0 (2)
In addition to what Dan said, which I agree with ...
 
JRF
You still assume you can get past my security to load your own code, which you can't.

Read my post #13 again. Better yet, search for the thread and study the procedure that I've documented.
 

My bootloader is your only gateway into my device and I'm not letting anyone in except me.

No! There are other ways. Your bootloader is not required. ;)
 
 
I am sure Microchip would have something to say if their secure devices could be hacked as easily as you suggest.

Do you really think they will announce that to the public?  They read my hack and then re-designed their 18F devices to patch the security issue as I've suggested. ;)
 

Fortunately, my devices remain secure despite many attempts to get past the security.
Until someone manages to hijack one of my devices, I remain entirely happy with my boot loader algorithm and the protection that Microchip apply so that code and data blocks are hidden from view when the protect bits are correctly set.

Read Dan's post.
 

I am done... and retired some 10 years so I have nothing to prove and my products remain in production and secure from snooping.
Best wishes of course and no offence is given and none should be implied.

Good for you. No offence taken nor given.
 
post edited by 1and0 - 2020/06/05 12:57:19
#30
JRF
Super Member
  • Total Posts : 84
  • Reward points : 0
  • Joined: 2013/12/20 06:51:41
  • Location: Suffolk, UK
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/06 03:09:04 (permalink)
+2 (2)
Thanks Dan.
You are correct of course.
I will point out that my product, when released in the USA some years ago now, sold 1 million dollars worth in the first 3 months.
The market is rather niche and the software would be useless without the hardware which requires, to work as intended, specially formatted MIFARE wireless cards with re-encrypted UID's that comprise part of the card block encoding so you may hack one card, but that is all you get.
To date, no one has created a second card from a donor card. All they have managed to do was exploit a weakness in the Mifare protocol, but I didn't get a say in how that was written. :) .
 
My product bought my house within the first year of me creating the forerunner product that didn't use wireless cards, so I feel very fortunate in being in the right place at the right time.
My competition couldn't hack my code (with just the standard protection enabled) but they did copy an LCD screen display in one product, to the letter in their own offering which, because theirs was written in C (and mine in assembler), was considerably slower and so was a bit of a flop.
The value of the IP was considerable but the relatively low cost of the product compared to the value to the buyer compared to the higher cost to create a rival from scratch ensured that any hack would cost orders of magnitude more than the payback.
 
best wishes and good luck back to you.
#31
WeHongKongers
Super Member
  • Total Posts : 229
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/06 05:14:01 (permalink)
+1 (3)
JRF,
Congratulate to your cool product! 1 million US$ was a lots many years ago!
 
In the present days, any cool products will be hacked by China Commies with their whole nation's resource.
 
One case is:
A new American manufacturer's sample of tampered glass has been tested (hit, destroyed, etc.) by China Commie's laser weapon.  Then, China Commie sent the broken sample back to its owner.
#32
1and0
Access is Denied
  • Total Posts : 11000
  • Reward points : 0
  • Joined: 2007/05/06 12:03:20
  • Location: Harry's Gray Matter
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/06 09:34:00 (permalink)
+1 (1)
HKPhysicist
In the present days, any cool products will be hacked by China Commies with their whole nation's resource.

I used to have a neighbor who worked for a major US automobile manufacturer. They'd buy their competitors' cars (foreign and domestic), disassemble entire cars, reverse engineer, and learn precisely how they work and made. All auto makers cheat off each other. Other manufacturers and companies are no different.
 
Remind me of movies like Paycheck, Pirates of Silicon Valley, etc.
 
#33
Page: < 12 Showing page 2 of 2
Jump to:
© 2020 APG vNext Commercial Version 4.5