Exact match. Not showing close matches.
'[PIC]:Help! Need info on 16F84 code retreival with'
Hello. I have been searching for information on how to retreive my code from a 16F84 that has the Code Protect flag set. I have heard many stories, including reducing voltage to the 16F84, using X-rays and voltage spikes.
My code was on a HDD that crashed, and I put many hours into this project and I desparately need to be able to get this code out of my 16F84, as it is very important. (yes, I know, you are all saying "BACKUP", which I do, but I have also learnt that floppy disks are not very reliable either.)
Any help with this would be greatly appreciated.
Content-type: text/plain; charset=US-ASCII
Content-description: Mail message body
On 19 Jun 00, at 20:05, Phil wrote:
> Hello. I have been searching for information on how to retreive my code from a 16F84 that has the Code Protect flag set. I have heard many stories, including reducing voltage to the 16F84, using X-rays and voltage spikes.
> My code was on a HDD that crashed, and I put many hours into this project and I desparately need to be able to get this code out of my 16F84, as it is very important. (yes, I know, you are all saying "BACKUP", which I do, but I have also learnt that floppy disks are not very reliable either.)
> Any help with this would be greatly appreciated.
Content-type: text/plain; charset=US-ASCII
Content-description: Text from file 'picbust.htm'
PICBUSTER - Details Released On Internet
For a long time, some of the most frequently asked questions on
Special Projects were about Picbuster. Was it a program? Was it a
device? Did it really exist. The answer has been given in a Usenet
message. It is essentially a Welsh Poet - Dai Ode. In other words,
it is a diode.
The standard method of popping a PIC was to actually remove the
top of the chip and re-engineer the fuse. The method described
opposite is effectively the cheapest solution. Of course other
The standard result when the fuse is reset is that the complete
memory of the PIC16C84 is reset. In the normal programming mode
there is a large difference between the programming voltage
(approx 13.8 Volts) and the supply voltage (5 Volts). In the
Picbuster as described opposite, the recommended difference is
approximately 0V5. The voltage drop across the diode is 0V6 to
0V7. The 0V5 voltage differential may not be enough to reset the
entire memory but is enough to alllow the fuse to be reset.
The publication of this information on the Usenet does provide
other problems. Most of the pirate smart cards in use at the
moment are based on the PIC16C84. The widespread knowledge of how
to hack these chips means that the market can become over-
saturated with pirate cards.
To date the pirate cards have been upgraded in a trickle-down
manner. A few companies at the top of the chain figure out the
fix for the new ECM and implement it. The details of the fix are
then sold on down the chain until finally the whole market has
been upgraded. In effect it is almost feudal.
It would be easy to think that this would benefit the hacked
channels more than the pirates. That would of course be wrong. The
net result of the publication is that the knowledge of the system
is spread more widely than before. Therefore the more people who
understand the system, the quicker the turn around between ECM and
The widespread availability of the knowledge to pop the PIC16C84
is making some pirate card manufacturers rethink their strategy.
One notable change has been the Benedex - Futuretron Battery card.
This card uses the Dallas Micros chip rather than one from the
PIC16* series. Another option is the reprogrammed Sky 09 card (see
separate story in this issue).
The PIC16C84 is widely used. In some applications it is used to
control electronic locks such as those used on some of the more
up market cars. There was a court case in the UK last year where
the defendant was convicted for having in his possession a device
that snatched the RF data from these electronic keys and replayed
it to open the locks. The use of Picbuster could be dangerous if
it showed that there was a backdoor code (bad pun) that could be
used by garages in the event of the car owner losing his
It is almost certain that Arizona Microchip have implemented some
sort of modification to PIC16C84 die. This modification would of
course take some time to filter into the market. Most of the
pirate cards at the moment are recycling the PIC16C84 chips from
07 pirate cards. There have been some rumours that the Picbuster
does not work with some of the more recent 1995 batches.
This is the Usenet Message that gave the details of PicBuster.
Article: 16241 of alt.satellite.tv.europe
From: bannold.demon.co.uk (Lester Wilson) Lester
Subject: Re: NEW PROGRAMMER
Organization: PO BOX 845 WATERBEACH CAMBRIDGE CB5 9JS
X-Newsreader: Newswin Alpha 0.7
Date: Wed, 26 Apr 1995 07:27:50 +0000
Message-ID: <bannold.demon.co.uk> 429713219wnr
> lester may i ask a question just how secure is a pic chip when
> the security fuses have been blown ?
> PAUL BULMER
In my opinion hte pIC16C84 is secure enough to prevent the casual
reading of protected code. I think that this subject has been
covered in other discussions in this group in the not too distant
past. I have many private emails from persons claiming to have had
success in reading data from a Code protected PIC16C84. I myself
am convinced that it is possible, so are many others, but each to
his own.I do not condone or encorage the reading of copyright
protested code by unathorised persons. It is acheivable in many
ways, one of which was emailed to me some time back by a satisfied
______________________more deleted stuff________________________________
The Pic chip (PIC16C84) can in fact have it's program and data
memory read after the config fuses have been set to code
Try the following:
Write some code to the chip with the code protection set to "ON".
Read back to verify that the protection has indeed come on.
Now set Vdd ( pin 14 ) to Vpp-0.5v, (Programming voltage less
Set config fuse to "OFF" and reprogram config fuse.
Now set Vdd back to normal, +5v.
Power off the programmer.
Wait 10 to 20 sec.
Power back on the programmer. (VDD at + 5V)
Read the Pic.... and hey presto, data in unprotected format should
now be available.
This is experimental only and no liability will be accepted for
any loss of data.
_____________lots and lots more deleted stuff_____________________
by revealing the above I hope that you are satisfied ( though I
doubt it), I will not be replying to further questions on the
The above mail has been reproduced without the specific
pewrmission of the sender, however I believe that since the mail
was sent to me with no request for confidentiality I am within my
rights to display my person mail.
The information imparted is I believe in the PUBLIC DOMAIN, I did
not invent or discover it myself.
I have used methods SIMILAR to the above to acheive the same
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
<LI><A HREF="hackw.html">Return To Table Of Contents</A>
<LI><A HREF="welcome.html>Return To Main Page </A>
<H3><B><I>Copyright (c) 1995 Hack Watch News </I></b></H3>
Alan B. Pearce
That attachment was for a 16C84. I believe that Microchip fixed this in the
16F84 such that it does not not work at all.
More... (looser matching)
- Last day of these posts
- In 2000
, 2001 only
- New search...