Searching \ for '[OT] Squibs, was: Re: protection, how?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=protection+how
Search entire site for: 'Squibs, was: Re: protection, how?'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Squibs, was: Re: protection, how?'
1998\12\07@192953 by Alex Kilpatrick

flavicon
face
>The way the military does this sort of thing is to blow the IC's up
>with a small electrically detonated explosive charge, on their
>Cryptographic systems, I've heard.  That tends to stop people from
>poking in the innards of such systems, but it's hard to do for us
>non-military designers!  There are a lot of tricks (I remember some, not
>my area of expertise...)
>

The device is called a squib.  Here's a sample warning page for one:
http://www.amerex-fire.com/msds/long/m1squibv.html

I imagine you could roll-your-own squib, but you might have a hard time with
the consumer products safety commission. :-)

However, I am curious just how valuable the code in a PIC could be.  After
all, we are only talking about 1K of assembler, not something like windows
95 or anything.  It seems like the real commercial advantage is product
design and marketing, not in the particular code in a PIC.  After all, it
seems like given an arbitrary product with a PIC in it, I could just write
code to do whatever the PIC does, without having to resort to bypassing the
code-protect bit.

Alex

1998\12\07@195310 by Tony Nixon

flavicon
picon face
Alex Kilpatrick wrote:
>
> However, I am curious just how valuable the code in a PIC could be.

I'm no expert programmer by any means, but one of my '1021 Word' hobby
programs earned me in excess of $20K and it is still doing well.

> I could just write code to do whatever the PIC does

Maybe yes and maybe no. Some of the code may be very complex and hard to
understand for some, which is why they choose to pay for it I guess.

You can squeeze a lot of functionality into 1K of PIC ROM.

--
Best regards

Tony

Multimedia 16F84 Beginners PIC Tools.

http://www.picnpoke.com
Email spam_OUTpicnpokeTakeThisOuTspamcdi.com.au

1998\12\07@225821 by William Chops Westfield

face picon face
Well, I gingerlly took apart one of our encrption devices (I assume that
ones protected by explosives have warning labels), and its protection
seemed to consist of switches that shut off the power to battery-backed
sram that held the code/keys/whatever whenever the cover was removed.

Not very applicable to PICs, but...

BillW

1998\12\07@233825 by Mark Willis

flavicon
face
Alex Kilpatrick wrote:
{Quote hidden}

 In their case, they are making a widget that will make them a lot of
money, they want to avoid anyone else being able to reverse-engineer
what they're doing.

 As I know the algorithm used to do what they want done, it should be
possible to do it in a PIC (an overclocked one, probably!) or two - It
wouldn't be easy to reverse engineer it though, I don't think.  It's
going to stretch MY brain <G>

 (They're fortunate in that it's going to sit at their facility - so I
suggested they just pull the card out & lock it up at night if they're
really bothered.  Or blow it up from a big cap if disturbed.)

 A thought - how would you reverse-engineer, say, a Radio Shack Li-Ion
charger, knowing only the parts used - if you knew it was a battery
charger, but you'd never built one before - didn't know how they worked
- and knew a little about Li-Ion batteries but didn't really know enough
to do it?  That sort of situation (Not that particular one, of course,
but that flavor of situation) where it's do-able but the algorithm is
proprietary, and IS valuable, would be good candidates for code
protection (Depends on what you want, whether you use it or not.)
Things where timing is important & you're running flat out at full speed
on the PIC, are IMHO harder to reverse-engineer <G>

 Squibs, Thermite, Mechanical crushers, drop 117 VAC across the
oscillator pins, all kinds of easy ways to break electronics <G>

 Mark, .....mwillisKILLspamspam@spam@nwlink.com

1998\12\08@001611 by dave vanhorn

flavicon
face
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 07:56 PM 12/7/98 -0800, you wrote:
>Well, I gingerlly took apart one of our encrption devices (I assume that
>ones protected by explosives have warning labels), and its protection
>seemed to consist of switches that shut off the power to battery-backed
>sram that held the code/keys/whatever whenever the cover was removed.
>
>Not very applicable to PICs, but...
>
>BillW

Interesting. In working with battery backed SRAM systems, I noticed
something that might interest you.
If the data in the SRAM was constant (program or unchanging data) it tended
to remain in the SRAM for indefinite lengths of time, even if the power was
removed, and VCC hard shorted to ground.  We had a system that developed a
bit of a glitch around this. It wouldn't let you load new software unless
the old stuff was corrupt, and we ended up having to ground /WR while it
was running, and even that didn't always cause the contents to be trashed
(we had to catch it writing to program space or setup data space).

I'd reccomend some sort of routine to excersize those bytes in the
background, so they will go away when you want them to!


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.5

iQA/AwUBNmy1Zkt+LG8vnBoNEQIYOgCfUEv3njuBLcaHmp2fk43vYvLff2EAoJ1B
PnM9EaRvCr7Hl917I0TmHt5t
=tpbZ
-----END PGP SIGNATURE-----

1998\12\08@082051 by wwl

picon face
On Tue, 8 Dec 1998 00:13:10 -0500, you wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>At 07:56 PM 12/7/98 -0800, you wrote:
>>Well, I gingerlly took apart one of our encrption devices (I assume that
>>ones protected by explosives have warning labels), and its protection
>>seemed to consist of switches that shut off the power to battery-backed
>>sram that held the code/keys/whatever whenever the cover was removed.
>>
>>Not very applicable to PICs, but...
Actually, it could be  - you could put 'valuable' data/keys/parameters
etc. in the PICs register file, so power loss would stop the unit
working. You could implement a 'self destruct' function on an
interrupt pin which wakes up the PIC and trashes the RAM (just watch
that ESD, though!).
Initial (or re-) activation would require the RAM data to be loaded
with a serial link or whatever. It would be VERY hard for anyone to
get at this data - much harder than reading the protected code.
If you want to protect an algorithm and had plenty of RAM to play
with, you could break up the 'sensitive' part of the code into small
sections, called from a jump table and sequenced by the data in the
RAM. Or you could use a STAMP-like approach and interpret instructions
from an external eeprom, which are encrypted by a RAM based key,
Even if the potential hacker had all the code, they'd also need the
RAM table to make any sense of it.

1998\12\08@110315 by Peter L. Peres

picon face
On Mon, 7 Dec 1998, William Chops Westfield wrote:

> Well, I gingerlly took apart one of our encrption devices (I assume that
> ones protected by explosives have warning labels), and its protection
> seemed to consist of switches that shut off the power to battery-backed
> sram that held the code/keys/whatever whenever the cover was removed.
>
> Not very applicable to PICs, but...

Those are easy prey after an X-ray picture to show the switches. You
should not post this kind of info here imho. Neither should I.

Peter

1998\12\08@133323 by John Payson

flavicon
face
|However, I am curious just how valuable the code in a PIC could be.  After
|all, we are only talking about 1K of assembler, not something like windows
|95 or anything.  It seems like the real commercial advantage is product
|design and marketing, not in the particular code in a PIC.  After all, it
|seems like given an arbitrary product with a PIC in it, I could just write
|code to do whatever the PIC does, without having to resort to bypassing the
|code-protect bit.

In cases where the PIC's behavior is well-understood, re-engineering
a 1K program is normally not a huge job, comparatively speaking (on
about the same order as engineering the surrounding hardware, more or
less).  The cases where the PIC's contents are extremely valuable are
those where important details of its behavior are NOT understood by
outsiders, especially if it's important to keep things that way.  In
some cases those details of its behavior may be worth $Millions.

This, more than any technical reasons, is probably why the 16C84's
code protection was the most-publicizedly broken.  Not because it's
weaker than other chips', but because (through no fault of Microchip's)
the 16C84 ended up being used in an application worth $big bucks.

Essentially, what happened was this: someone a few years ago managed to
decipher the encryption used in the DSS smart cards.  The original cards
were based on a proprietary CPU, and I don't know whether the person who
cracked the system did anything to crack that CPU's innards.  In an eff-
ort to capitalize on his discovery, he decided to write a PIC program to
emulate the decryption algorithm and sell black-market decoders using it.

Suddenly, while most 16C84 programs would have a value to a hacker of at
most a few thousand dollars, there existed a particular 16C84 program that
would allow anyone who could copy it the ability to make black-market sat-
telite decoder cards (which could sell for many $hundreds each).  With all
the efforts of would-be sattelite pirates focused on it, it should be no
surprise that the 16C84's code protection was broken.

So while on the one hand, you're correct that there is limitted value in a
1Kx14 program, there are cases where such a program's worth far exceeds its
"intrinsic" value.

1998\12\08@133955 by wwl

picon face
On Tue, 8 Dec 1998 00:13:10 -0500, you wrote:


>At 07:56 PM 12/7/98 -0800, you wrote:
>>Well, I gingerlly took apart one of our encrption devices (I assume that
>>ones protected by explosives have warning labels), and its protection
>>seemed to consist of switches that shut off the power to battery-backed
>>sram that held the code/keys/whatever whenever the cover was removed.
>>
>>Not very applicable to PICs, but...
Actually, it could be  - you could put 'valuable' data/keys/parameters
etc. in the PICs register file, so power loss would stop the unit
working. You could implement a 'self destruct' function on an
interrupt pin which wakes up the PIC and trashes the RAM (just watch
that ESD, though!).
Initial (or re-) activation would require the RAM data to be loaded
with a serial link or whatever. It would be VERY hard for anyone to
get at this data - much harder than reading the protected code.
If you want to protect an algorithm and had plenty of RAM to play
with, you could break up the 'sensitive' part of the code into small
sections, called from a jump table and sequenced by the data in the
RAM. Or you could use a STAMP-like approach and interpret instructions
from an external eeprom, which are encrypted by a RAM based key,
Even if the potential hacker had all the code, they'd also need the
RAM table to make any sense of it.

1998\12\08@135438 by William M. Smithers

flavicon
face
> On Tue, 8 Dec 1998 00:13:10 -0500, you wrote:
> >At 07:56 PM 12/7/98 -0800, you wrote:
> >>Well, I gingerlly took apart one of our encrption devices (I assume that
> >>ones protected by explosives have warning labels), and its protection
> >>seemed to consist of switches that shut off the power to battery-backed
> >>sram that held the code/keys/whatever whenever the cover was removed.
> >>
> >>Not very applicable to PICs, but...
> Actually, it could be  - you could put 'valuable' data/keys/parameters
> etc. in the PICs register file, so power loss would stop the unit
> working. You could implement a 'self destruct' function on an
> interrupt pin which wakes up the PIC and trashes the RAM (just watch
> that ESD, though!).

Yeah, not bad - then all you'd need to is take a foot of wire,
which is attached to ground and holding a pull-up low on
the self-destruct pin, and wrap it all around the circuit/PIC.
Then pot it in that super-hard stuff with lead foil or chips,
and that would be pretty damn hard to crack.  Anybody breaks
that wire trying, and it's all over.

-Will




{Quote hidden}

1998\12\09@055032 by Mark Willis

flavicon
face
William M. Smithers wrote:
{Quote hidden}

 Actually, that's a great idea - only do it in a small trace of
conductive epoxy, that's X-Ray translucent, so they never know WHY the
circuit's acting the way it does...  <VBEG>

 (I always wanted to make a little blob to plant somewhere where
someone was likely to actually use X-Rays on it, with the legend on it
saying, in X-Ray opaque materials:
 "This Side Towards Enemy" and
 "Warning: Radiation Sensitive Explosives and Electronics"

 <VBEG>  Ought to make 'em think somewhat...

 Mark, mwillisspamKILLspamnwlink.com

1998\12\09@063120 by Caisson

flavicon
face
> Van: Peter L. Peres <.....plpKILLspamspam.....ACTCOM.CO.IL>
> Aan: EraseMEPICLISTspam_OUTspamTakeThisOuTMITVMA.MIT.EDU
> Onderwerp: Re: [OT] Squibs, was: Re: protection, how?
> Datum: dinsdag 8 december 1998 13:56

<Snip>

> Those are easy prey after an X-ray picture to show the switches. You
> should not post this kind of info here imho. Neither should I.

Maybe they _should_ be easy prey.  The 'real' nasty could be really hidden
..

[The next is not ment personally !  Any resemblence with persons living or
death is purely coincidental :-) ]

Maybe I should not post this.  This information should be kept secure by
the designer of the protection and the real crooks.  Whe should not be
notified of the simpleness to twarth some kind of 'protection'.  We should
keep on relying on the (false) security/usefullness some products guarantee
..  And than watch with big eyes when some person shows it's garbage.

Any kind of encription that relies it's security on keeping the algorithm a
secret seems to be regarded as a 'dud' a 'hoax' or 'a piece of sh*t'.  But
if that's so, why do we _still_ think that a product is 'secure' when we
are not allowed to know the technique involved ?

Greetz,
 Rudy Wieser

1998\12\09@103857 by Engineering Department

flavicon
face
<Mark Willis comments>
>  (I always wanted to make a little blob to plant somewhere where
>someone was likely to actually use X-Rays on it, with the legend on it
>saying, in X-Ray opaque materials:
>  "This Side Towards Enemy" and
>  "Warning: Radiation Sensitive Explosives and Electronics"
>
>  <VBEG>  Ought to make 'em think somewhat...


Neat.  But here in the States someone is likely to sue you for false
advertising <g>

Cheers,

Win Wiencke

1998\12\12@104919 by Mark A Moss

picon face
I believe Dallas Semiconductor makes a micro with a self-destruct pin.
Not sure how it works, maybe a high-current surge through certain parts
of the die?  I wonder what would happen if you let a PIC output pin drive
the primary of a step-up transformer whose secondary was connected to a
well chosen pin on the chip?

Mark Moss
Amateur Radio Operator, Technician, and General Tinkerer


On Mon, 7 Dec 1998 14:56:56 -0500 Alex Kilpatrick <MalachiCspamspam_OUTHOTPOP.COM>
writes:
{Quote hidden}

___________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com/getjuno.html
or call Juno at (800) 654-JUNO [654-5866]

1998\12\13@134732 by wwl

picon face
On Sat, 12 Dec 1998 01:24:29 +0000, you wrote:

>I believe Dallas Semiconductor makes a micro with a self-destruct pin.
>Not sure how it works, maybe a high-current surge through certain parts
>of the die?  I wonder what would happen if you let a PIC output pin drive
>the primary of a step-up transformer whose secondary was connected to a
>well chosen pin on the chip?
>
No, this chip relies on internal SRAM based keys to decrypt data held
in external SRAM. The SD pin just trashes these keys.

1998\12\13@135724 by Marc

flavicon
face
> I believe Dallas Semiconductor makes a micro with a self-destruct pin.
> Not sure how it works, maybe a high-current surge through certain parts
> of the die?  I wonder what would happen if you let a PIC output pin drive
> the primary of a step-up transformer whose secondary was connected to a
> well chosen pin on the chip?

I beleive it is SRAM based. It contains a cryptographic key for external
bus encryption (and maybe also some internal memory?). You connect a
battery to it. When an attacker removes the battery the secret info
fades away within seconds. When he triggers your self destruct mechanism,
the Dallas will activly erase the secrets.

Possible attacks are to a) cryptographically attack the external bus
encryption (as shown by Markus Kuhn with one of the DS5002) or
b) remove the battery off a frozen chip because SRAM cells retain their
memory for minutes/hours then, "open" the chip quickly and use chip
laboratory equipment to "read" the SRAM. c) find weaknesses in the
un-manipulated product to extract the secret during valid operation.

Or d) use the one very simple attack no-one has thought of before and
become famous :-)

1998\12\14@114358 by John Payson

flavicon
face
|I believe Dallas Semiconductor makes a micro with a self-destruct pin.
|Not sure how it works, maybe a high-current surge through certain parts
|of the die?  I wonder what would happen if you let a PIC output pin drive
|the primary of a step-up transformer whose secondary was connected to a
|well chosen pin on the chip?

The Dallas' "destruct" pin merely erases certain RAM contents stored on
the chip--nothing more, nothing less.

As for electrical destruction of IC's, the high-voltage injection method
will block most snoopers, but there is no particular guarantee of effective-
ness with regard to erasing information stored in, e.g., EPROM cells.  In
many cases, the bonding wires that fed the power will be destroyed but the
actual damage to the memory array itself will be fairly slight and a very
determined adversary may be able to repair the device sufficiently to read
it out.

Of course, unless your adversaries have $big bucks to spend on reading out
your data, the "zap"-based approach may be just fine...


Attachment converted: wonderland:WINMAIL.DAT (????/----) (00021706)

1998\12\14@212424 by Mark A Moss

picon face
On Sun, 13 Dec 1998 15:07:38 GMT Mike Harrison <@spam@wwlKILLspamspamnetcomuk.co.uk>
writes:
>On Sat, 12 Dec 1998 01:24:29 +0000, you wrote:
>
>>I believe Dallas Semiconductor makes a micro with a self-destruct
>pin.
>>Not sure how it works, maybe a high-current surge through certain
>parts
>>of the die?  I wonder what would happen if you let a PIC output pin
>drive
>>the primary of a step-up transformer whose secondary was connected to
>a
>>well chosen pin on the chip?
>>
>No, this chip relies on internal SRAM based keys to decrypt data held
>in external SRAM. The SD pin just trashes these keys.
>

I still say it would be much more fun with explosives! :)

Mark Moss
Amateur Radio Operator, Technician, and General Tinkerer

___________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com/getjuno.html
or call Juno at (800) 654-JUNO [654-5866]

1998\12\14@214100 by Eric Smith

flavicon
face
Bii wrote:
> Well, I gingerlly took apart one of our encrption devices (I assume that
> ones protected by explosives have warning labels), and its protection
> seemed to consist of switches that shut off the power to battery-backed
> sram that held the code/keys/whatever whenever the cover was removed.

Peter wrote:
> Those are easy prey after an X-ray picture to show the switches. You
> should not post this kind of info here imho. Neither should I.

Which is why the true high-security stuff also contains X-Ray detectors,
oxygen detectors, and various other detectors, any one of which will dump
the RAM contents if triggered.

Commercial-grade stuff is usually not too well secured.

1998\12\14@230454 by William Chops Westfield

face picon face
   > Well, I gingerlly took apart one of our encrption devices (I assume that
   > ones protected by explosives have warning labels), and its protection
   > seemed to consist of switches that shut off the power to battery-backed
   > sram that held the code/keys/whatever whenever the cover was removed.

   Peter wrote:
   > Those are easy prey after an X-ray picture to show the switches. You
   > should not post this kind of info here imho. Neither should I.

   Which is why the true high-security stuff also contains X-Ray detectors,
   oxygen detectors, and various other detectors, any one of which will dump
   the RAM contents if triggered.

I should defend myself by saying that as far as I know, the only
non-volatile part of these was key storage.  If someone can take apart
your router, remove the encryption board, freeze/xray/whatever to decode
your keys, all BEFORE you notice that it's missing and change the keys...
Well, then the lost keys are one of the smaller problems you have.

Presumably, the safeguards employed are sufficient for the task at hand.

BillW

1998\12\15@064149 by Peter Williamson

flavicon
face
It doesn't matter. One night a couple of people will come and make you
an offer regarding the welfare of you family and you will tell them the
keys.

Eric Smith wrote:
{Quote hidden}

--
Peter Williamson | Phone: +61 15 898934
Waybeat Pty Ltd  | Email: KILLspampeterwKILLspamspamwaybeat.com.au

1998\12\15@141246 by Mark Willis

flavicon
face
That's exactly why physical security, as well as security systems
where the humans do not KNOW the keys, are such good ideas!  (How many
bank heist movies have we all seen where someone takes the bank
manager's family hostage at 2 AM & makes the bank manager hand over the
combination?  Enough to make *me* glad I'm not a bank manager <G>)
You'd think bank managers would catch on & have at least as good of
physical security as the neighborhood crack house {faceteous here, yep!}

 Mark, RemoveMEmwillisTakeThisOuTspamnwlink.com

Peter Williamson wrote:
{Quote hidden}

1998\12\15@143347 by dave vanhorn

flavicon
face
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:34 AM 12/15/98 -0800, you wrote:
>That's exactly why physical security, as well as security systems
>where the humans do not KNOW the keys, are such good ideas!  (How many
>bank heist movies have we all seen where someone takes the bank
>manager's family hostage at 2 AM & makes the bank manager hand over the
>combination?  Enough to make *me* glad I'm not a bank manager <G>)
>You'd think bank managers would catch on & have at least as good of
>physical security as the neighborhood crack house {faceteous here, yep!}
>

Visa uses a three part key system to load their encryption keys. Three
executives each have 1/3 of the key, and they are never in the same room
with the loader at the same time.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.5
Comment: Trust them, they're from the government!  (NOT!)

iQA/AwUBNna4bkt+LG8vnBoNEQK0SwCgypnc3UYQKDObxlfU/RufVvalz8oAn3wd
wVmqalfa2zoNAQ3kgOYZa8lW
=MEFW
-----END PGP SIGNATURE-----

1998\12\15@172351 by John Payson

flavicon
face
|Visa uses a three part key system to load their encryption keys. Three
|executives each have 1/3 of the key, and they are never in the same room
|with the loader at the same time.

Returning somewhat to the realm of microprocessors and PICs,
it's sometimes useful to combine encryption with a Hamming or
similar code; in this way, you can divide a key up into parts
such that some known fraction of parts are needed to get the
whole key.

For example, if there are five key officers at a company, and
it's desired that four of them must be present to access the
supersecret data, it's possible to give four of them each 1/4
of the key and the fifth a computed parity value derived from
the four partial keys.  The four keys themselves are sufficient
without the parity word, and with three keys plus the parity
word the fourth key can be computed.(*)

(*) This particular scheme is not the best, because it allows
   four of the principals to determine the key of the fifth.
   There are other methods which allow any four principals to
   access the data, but without giving any information about
   the fifth's key.

Although this may not be as secure against illegal entry as
requiring all five officers' input for access, it's more likely
that one officers would be incapacitated than that two would;
if all officers are needed to access the data, then having even
one officer incapacitated would render the company's supersecret
data compiletely inaccessible.

1998\12\15@190334 by Mark Willis

flavicon
face
John Payson wrote:
{Quote hidden}

 I'm reminded of a situation where the combination to a country's
armory was lost because the key officer had been assassinated - as part
of the start of a coup;  some newsgroup had a story about it (under
"Tech Support Hell" or some such) as the country's people were calling
the TS folks asking for some way to unlock their electronically secured
armory...  NO JOY.

 Something to consider when installing a security system - it's called
a "Reality Check" <G>  Someone didn't think about all likely
possibilities there!

 Not likely that the replacement government will make the same
mistake...

 Some designs could easily have a timed open (if 1 day with only 3 of 4
keys entered & locked in passes, go ahead and open up when they come
back 24 hours later.  So if a company official dies, you're not stuck
forever.)

 Mark, TakeThisOuTmwillisEraseMEspamspam_OUTnwlink.com

1998\12\16@083857 by Andy Kunz

flavicon
face
>  I'm reminded of a situation where the combination to a country's
>armory was lost because the key officer had been assassinated - as part
>of the start of a coup;  some newsgroup had a story about it (under
>"Tech Support Hell" or some such) as the country's people were calling
>the TS folks asking for some way to unlock their electronically secured
>armory...  NO JOY.

Hey, John, that was THIS list.  Can't you tell - it has NOTHING to do with
PICs!

Andy


==================================================================
Andy Kunz - Statistical Research, Inc. - Westfield, New Jersey USA
==================================================================

More... (looser matching)
- Last day of these posts
- In 1998 , 1999 only
- Today
- New search...