• AVR Freaks

Helpful ReplyHot!Is there any Code Protection mechanism of Microchip MCUs?

Page: 12 > Showing page 1 of 2
Author
WeHongKongers
Super Member
  • Total Posts : 227
  • Reward points : 0
  • Status: offline
2020/06/02 12:23:42 (permalink)
0

Is there any Code Protection mechanism of Microchip MCUs?

Hello,
I know that some other MCU manufacturers do have standard "Code Protection" procedures to protect designer's Intellectual Properties.
 
Code Protection methods usually include "barring access to reading codes programmed in MCU with password", "encrypting the whole MCU codes with key so that plain codes are not readable when MCU is offline", etc.
 
So, is there any Code Protection mechanism of Microchip MCUs?  My present targets are PIC 8 and PIC 16.
 
Please share your experiences.
post edited by WeHongKongers - 2020/06/02 12:25:44
#1
NKurzman
A Guy on the Net
  • Total Posts : 18773
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: online
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/02 12:34:11 (permalink)
0
Yes in the Configuration Bits.
The Newer are better that the 20+ Year old ones.
PIC18 and PIC16 is Pretty Vague.
#2
NorthGuy
Super Member
  • Total Posts : 6162
  • Reward points : 0
  • Joined: 2014/02/23 14:23:23
  • Location: Northern Canada
  • Status: online
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/02 13:00:17 (permalink) ☄ Helpfulby WeHongKongers 2020/06/03 00:31:38
+1 (1)
Usually there's a bit which sets code protection. Some of PIC18 are broken into segments which you protect individually along with separate read and write bits. In this case you need to think about different tricky break-in scenarios.
#3
WeHongKongers
Super Member
  • Total Posts : 227
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/02 23:13:53 (permalink)
0
Thank to you both.
 
Is there any official document or guide explaining the relevant steps?
 
My target is 8 bits PIC and 16 bits PIC.
#4
ric
Super Member
  • Total Posts : 27595
  • Reward points : 0
  • Joined: 2003/11/07 12:41:26
  • Location: Australia, Melbourne
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/02 23:18:15 (permalink) ☄ Helpfulby Jim Nickerson 2020/06/03 06:29:04
+4 (4)
Have you tried reading the datasheet for any of the PICs you have in mind?

I also post at: PicForum
Links to useful PIC information: http://picforum.ric323.co...opic.php?f=59&t=15
NEW USERS: Posting images, links and code - workaround for restrictions.
To get a useful answer, always state which PIC you are using!
#5
WeHongKongers
Super Member
  • Total Posts : 227
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 00:31:13 (permalink)
0
ric
Have you tried reading the datasheet for any of the PICs you have in mind?



Hello RIC,
The data sheet talks about protecting codes from accidental erase or overwriting.  I don't see any protection mechanism against duplicating or reading codes.
#6
NKurzman
A Guy on the Net
  • Total Posts : 18773
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: online
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 00:48:03 (permalink) ☄ Helpfulby WeHongKongers 2020/06/03 01:21:03
+1 (1)
Would you like to pick a specific chip to talk about.
Or would prefer wasting time talking about generalities? Microchip has hundreds of chips. And have used dozens of different protection schemes over the years. Which data sheet are you reading right now?

Most have some type of bit that will stop you from being able to read the memory out.
However somebody dedicated enough can still read the chip. Usually by dissolving the plastic package and connecting wires to the die directly.
#7
WeHongKongers
Super Member
  • Total Posts : 227
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 01:17:04 (permalink)
0
Hello Kurzman,
My target is PIC24FJ128GA204
https://www.microchip.com/wwwproducts/en/PIC24FJ128GA204
 
#8
ric
Super Member
  • Total Posts : 27595
  • Reward points : 0
  • Joined: 2003/11/07 12:41:26
  • Location: Australia, Melbourne
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 01:49:49 (permalink)
0
Page 361. "29.4.1GENERAL SEGMENT PROTECTION"
http://ww1.microchip.com/...30010038c.pdf#page=361
'

I also post at: PicForum
Links to useful PIC information: http://picforum.ric323.co...opic.php?f=59&t=15
NEW USERS: Posting images, links and code - workaround for restrictions.
To get a useful answer, always state which PIC you are using!
#9
JRF
Super Member
  • Total Posts : 84
  • Reward points : 0
  • Joined: 2013/12/20 06:51:41
  • Location: Suffolk, UK
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 03:22:59 (permalink)
+1 (1)
This is the code I use for my favoured devices.
    LIST P=18F4520            ; directive to define processor
    #include "P18F4520.INC"    ; SHOULD BE <P18F4410.INC>    ;processor specific variable definitions
    ERRORLEVEL    0,    -302, -303, -306, -305
;#####    config = H'FFF1' ; Page 10-124

    #define CARRY    STATUS,0

    CONFIG    XINST = OFF          ; Instruction set extension and Indexed Addr'ing mode disabled (Legacy mode)
    CONFIG    PWRT = ON

    IF Protection == 1 ; I set or clear protection in my assembly depending on whether this is a release or debug build.
    CONFIG    CPB = ON
    CONFIG    CP0 = ON
    CONFIG    CP1 = ON
    CONFIG    CP2 = ON
    CONFIG    CP3 = ON

    ELSE
    CONFIG    CPB = OFF
    CONFIG    CP0 = OFF
    CONFIG    CP1 = OFF
    CONFIG    CP2 = OFF
    CONFIG    CP3 = OFF
    ENDIF
 
or for smaller devices...
    LIST P=PIC16F1827
    #include "P16F1827.inc"

    ERRORLEVEL    0,    -302, -303, -306, -305


    __CONFIG _CONFIG1, 0xFFFF & _FOSC_INTOSC & _WDTE_OFF & _PWRTE_ON & _MCLRE_ON & _BOREN_ON & _CPD_ON & _CP_ON
    __CONFIG _CONFIG2, 0xFFFF & _LVP_OFF & _PLLEN_OFF
 
The syntax can be derived from the tab <configure><configuration Bits> in MPLAB (I program in assembler so MPLABx will be different). In the line above, the setting is "& _CP_ON"

My personal experiences of getting past even the protection settings are by using a bootloader where the bootloader permits reading of the program data, so I wrote my own bootloader that could NOT read the program memory other than to send back to my PC a byte to indicate that the checksum calculation was OK or not.
I also mangled my code to the bootloader so that ONLY in the chip does the code become executable PIC code thus examining the USB data stream could not reveal the PIC code either.
I found this tweak mandatory when upgrading my product off the internet as the data posted is gibberish unless the code is reconstituted using the algorithm within the PIC (By my custom boot loader) which is modified by the first dozen or so bytes in the posted code as this also allowed me to prevent the update being applied to the wrong product yet use the same bootloader in every product.
Security by obscurity. It worked for me.
 
 
#10
1and0
Access is Denied
  • Total Posts : 10902
  • Reward points : 0
  • Joined: 2007/05/06 12:03:20
  • Location: Harry's Gray Matter
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 06:06:46 (permalink)
0
JRF
 
My personal experiences of getting past even the protection settings are by using a bootloader where the bootloader permits reading of the program data, so I wrote my own bootloader that could NOT read the program memory other than to send back to my PC a byte to indicate that the checksum calculation was OK or not.
I also mangled my code to the bootloader so that ONLY in the chip does the code become executable PIC code thus examining the USB data stream could not reveal the PIC code either.
I found this tweak mandatory when upgrading my product off the internet as the data posted is gibberish unless the code is reconstituted using the algorithm within the PIC (By my custom boot loader) which is modified by the first dozen or so bytes in the posted code as this also allowed me to prevent the update being applied to the wrong product yet use the same bootloader in every product.
Security by obscurity. It worked for me.

 
On older PIC18 devices such as your 18F4520 and 18F4410, which allows block erase of individual program memory blocks, small hack code can be programmed into the device to read out its contents. ;)
 
 
#11
JRF
Super Member
  • Total Posts : 84
  • Reward points : 0
  • Joined: 2013/12/20 06:51:41
  • Location: Suffolk, UK
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 10:24:36 (permalink)
+1 (1)
" ..... small hack code can be programmed into the device to read out its content" ?
 
This assumes you can get your hack into my device somehow.
With a bootloader than can only accept commands correctly parsed, (assuming you manage to determine the correct "write" command), and when my bootloader modifies incoming data in accordance with an algorithm I don't disclose, in order to recreate executable code, I would be most interested to read how you plan to get executable code into my device to read data out.
#12
1and0
Access is Denied
  • Total Posts : 10902
  • Reward points : 0
  • Joined: 2007/05/06 12:03:20
  • Location: Harry's Gray Matter
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 11:19:58 (permalink) ☄ Helpfulby WeHongKongers 2020/06/03 11:50:57
0
JRF
" ..... small hack code can be programmed into the device to read out its content" ?
 
This assumes you can get your hack into my device somehow.
With a bootloader than can only accept commands correctly parsed, (assuming you manage to determine the correct "write" command), and when my bootloader modifies incoming data in accordance with an algorithm I don't disclose, in order to recreate executable code, I would be most interested to read how you plan to get executable code into my device to read data out.

In a nutshell, erase your boot block and replace it with "hack" routines to read out the rest of your device. If your boot block is not fully protected, routines can be installed in other blocks to read out the boot block. So with a few chips and trials, the code can be read and send out via UART, etc. I've documented the procedure in this forum, and it's known to have been used to copy commercial products.
 
#13
NKurzman
A Guy on the Net
  • Total Posts : 18773
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: online
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 11:21:37 (permalink)
0
They Assume that the "hacker" would remove the PIC from the PCB and use a Programmer.
For maximum Protection.  You need a Current PIC and make sure you lock correctly.
#14
WeHongKongers
Super Member
  • Total Posts : 227
  • Reward points : 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 11:51:11 (permalink)
0
It is a very Deep topic.  pink
#15
ric
Super Member
  • Total Posts : 27595
  • Reward points : 0
  • Joined: 2003/11/07 12:41:26
  • Location: Australia, Melbourne
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 12:48:17 (permalink)
+1 (1)
HKPhysicist
It is a very Deep topic.  pink

Chip security always is.
Any scheme can be circumvented if you throw enough money and resources at it, but then it would often be cheaper to develop your own product rather than copy someone else's.
 

I also post at: PicForum
Links to useful PIC information: http://picforum.ric323.co...opic.php?f=59&t=15
NEW USERS: Posting images, links and code - workaround for restrictions.
To get a useful answer, always state which PIC you are using!
#16
1and0
Access is Denied
  • Total Posts : 10902
  • Reward points : 0
  • Joined: 2007/05/06 12:03:20
  • Location: Harry's Gray Matter
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 13:09:44 (permalink)
0
Locks are for honest people.
 
#17
NKurzman
A Guy on the Net
  • Total Posts : 18773
  • Reward points : 0
  • Joined: 2008/01/16 19:33:48
  • Location: 0
  • Status: online
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 15:01:39 (permalink)
0
1and0
Locks are for honest people.

And Lazy ones.
#18
dan1138
Super Member
  • Total Posts : 3620
  • Reward points : 0
  • Joined: 2007/02/21 23:04:16
  • Location: 0
  • Status: offline
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 16:58:10 (permalink)
+2 (2)
Why are the new kids always concerned with flash image copy protection of an embedded controller?
 
From a practical point of view there is almost no benefit.
 
If code is small and the behavior of the controller is simple it's easier and faster to code a new solution from scratch.
 
If the code is large or the behavior of the controller is complex reverse engineering would be a better choice.
 
In 30 years of making complex code for embedded controllers using copy protection has only caused me problems when looking for my own bugs in my legacy projects where my own loader was corrupting something it should not have been able to.
 
Flash image copy protection should be considered as only one small part of an in depth strategy for protecting intellectual property.
 
In fact the protection needs to be only "good enough" as nothing of value will remain a secret for long. If it's not of any value you wasted the effort in protecting it. If it's of value then "good enough" protection will secure the IP until it has no more value for a competitor.
 
Does anyone have an example of firmware embedded in a Microchip controller where the code alone has such intrinsic value that a disassembly of that code is as valuable as creating the code from a reverse engineering specification?
post edited by dan1138 - 2020/06/03 16:59:45
#19
NorthGuy
Super Member
  • Total Posts : 6162
  • Reward points : 0
  • Joined: 2014/02/23 14:23:23
  • Location: Northern Canada
  • Status: online
Re: Is there any Code Protection mechanism of Microchip MCUs? 2020/06/03 19:14:19 (permalink)
+1 (1)
dan1138
Does anyone have an example of firmware embedded in a Microchip controller where the code alone has such intrinsic value that a disassembly of that code is as valuable as creating the code from a reverse engineering specification?



If you're stealing someone's firmware, I guess this is not for disassembly, but to replicate and sell the successful product. Thus, if the cost of breaking in is lower that the cost of developing the product from scratch, then it makes economic sense. But re-development is likely to be cheaper - the idea which made the product successful is evident without breaking in - the implementation is not that important.
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2020 APG vNext Commercial Version 4.5