Exact match. Not showing close matches.
PICList
Thread
'[PIC]: Read this for your own good'
2001\11\03@054912
by
Peter L. Peres
I just stumbled across a method to read out PIC code in any PIC that uses
the XNOR/XOR scrambled readback method when the PIC is protected. It is
here:
http://www.net.yu/~dejan/
I know that more recent PICs read out as zeros when protected. I hope that
you out there who rely on PIC data protection know this.
Peter
PS: Apologies if you already know this.
--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads
2001\11\03@060409
by
James Caska
2001\11\04@033029
by
Philip Pemberton
2001\11\04@035016
by
James Caska
Philip Pemberton wrote,
>I don't - what's the secret? A diode? A clock glitch? A Vcc glitch?
I don't actually believe in hacking, I was just curious to see if the 877
hack is public knowledge. I don't know if making public a hack is a good
idea or not? Thoughts..?
Regards,
James Caska
caska
KILLspamvirtualbreadboard.com http://www.virtualbreadboard.com
ujVM - 'The worlds smallest java virtual machine'
{Original Message removed}
2001\11\04@054320
by
Gerhard Fiedler
At 19:51 11/04/2001 +1100, James Caska wrote:
>I don't actually believe in hacking, I was just curious to see if the 877
>hack is public knowledge. I don't know if making public a hack is a good
>idea or not? Thoughts..?
I'm not sure, but I would tend to say that publishing it is the better of
the two. Then people can make a better informed choice on whether to rely
on the protection or not, or when and how to rely on it, or what to do to
prevent the hack. And the manufacturer has a better chance to fix it.
Of course, if you want to exploit the hack, you better don't publish it...
After all, it's one of your business assets :)
ge
--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics
2001\11\04@061218
by
James Caska
|
Gerhard Fiedler wrote;
>I'm not sure, but I would tend to say that publishing it is the better of
>the two. Then people can make a better informed choice on whether to rely
>on the protection or not, or when and how to rely on it, or what to do to
>prevent the hack. And the manufacturer has a better chance to fix it.
I tend to agree that public knowledge (as with encyption algorithms) is
best. In truth it is not a "pure hack" more a special condition loophole in
the segmented protection whereby if the device is not fully protected the
877's ability to read its own memory can be used to export the whole of the
memory. Segmenting is better handled by the PIC18FXX2. I came across it when
considering how to protect the ujVM877 when it downloads new class files
(native compiled) and had to abandon having firmware onchip because of the
loophole.
Whats a ujVM877? Well thats another story that is going to take a while to
tell, but essentially ever wondered if a PIC could exectute PURE java ie
java compiled by javac.. the answer is yes.
Regards,
James Caska
.....caskaKILLspam.....virtualbreadboard.com http://www.virtualbreadboard.com
ujVM - 'The worlds smallest java virtual machine'
{Original Message removed}
2001\11\04@141546
by
Spehro Pefhany
|
At 10:13 PM 11/4/01 +1100, you wrote:
>
>I tend to agree that public knowledge (as with encyption algorithms) is
>best. In truth it is not a "pure hack" more a special condition loophole in
>the segmented protection whereby if the device is not fully protected the
>877's ability to read its own memory can be used to export the whole of the
>memory. Segmenting is better handled by the PIC18FXX2. I came across it when
>considering how to protect the ujVM877 when it downloads new class files
>(native compiled) and had to abandon having firmware onchip because of the
>loophole.
I understand the PIC "F" series, though better than previous attempts, still
have some vulnerability to Vdd glitch attacks as well as simple invasive
attack
(decapsulation and microprobing).
My thought is that you tell Microchip first, wait "n" months where 2< n < 6
and
then tell the public, and tell whatever individuals you like in the meantime.
Best regards,
Spehro Pefhany --"it's the network..." "The Journey is the reward"
EraseMEspeffspam_OUTTakeThisOuTinterlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com
/.-.\
(( * ))
\\ // Please help if you can:
\\\ dailynews.yahoo.com/fc/US/Emergency_Information/
//\\\
/// \\\
\/ \/
--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics
2001\11\05@164906
by
Peter L. Peres
|
> to tell or not to tell
I aggree with Sphero but I believe that I was right to let it go, because
it seems to be old news, and because it popped up in a web search for
something else related to pics. Makes you really wonder how many times it
popped up for others, and they did not tell, doesn't it ?
I remember that we used to be able to protect EPROMs permanently by
blasting the Vpp pad contact with a 1A reverse current (vs. gnd) in 2708
and 2716 EPROM clones. This was necessary because someone was in the
business of making them disappear and reappear on the black market (this
was not in this country).
Maybe the PIC could have a weak internal pullup on MCLR (like the 12C5xx
have for sure) and an extra beefy MCLR reverse diode to GND so the pad
wire could be burned permanently with a reverse current pulse. Then maybe
this is extreme ;-).
Peter
--
http://www.piclist.com hint: The PICList is archived three different
ways. See http://www.piclist.com/#archives for details.
2001\11\06@202444
by
Jinx
More... (looser matching)
- Last day of these posts
- In 2001
, 2002 only
- Today
- New search...
