Searching \ for '16F87x code security' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=16F
Search entire site for: '16F87x code security'.

Truncated match.
PICList Thread
'16F87x code security'
2000\04\04@190908 by Mike Morris

flavicon
face
<x-flowed>Hi,

Has anyone heard of any security issues with the 16F87x series in terms of
the code being readable even with code protect bits set?  I remember
reading somewhere that older flash devices ('C84's?) could be 'glitched' by
applying some transient to a pin which toggled off the code protect bit.
Obviously there are other security considerations like not allowing writes
to program memory so no code that would dump the pic's contents could be
programmed.  But I'd still like to be somewhat certain that the code is
reasonably secure and was just curious if there have been any reports of
the code protect bits being defeated (short of cracking the case and going
at it with microprobes & lasers.)  I was also curious what other code
security measures PIC users might employ. Our final product will be potted,
which will make physical access difficult, but I'd be more comfortable
knowing the code was locked up safe and secure..... as much as possible.

Thanks....

- Mike

</x-flowed>

2000\04\05@053310 by Arthur Brown

flavicon
face
I read somewhere that the code for the picbasic chip was read by a basic
program so the code that was protected was just read from the chip?.
*is* there any other thought's by the list as to how we can protect code
from this form of attack.
and is there any code that can test the integriety of a code protected chip

- Art

{Original Message removed}

2000\04\05@101722 by M. Adam Davis

flavicon
face
Right now there are no known 'easy' ways to get the code from the f'87x line.

Of course, that might change, but there isn't a big push for people to break it
right now.  With the 'c84 it was a big item becaue the pay-satellite TV industry
uses them in their smartcards.  There were a whole slew of people working on
that task.

When microchip made changes and intriduced the 'f84 it was indicated that it was
invulnerable to that particular hack, but I still occasionally hear of someone
who has hacked the code out of one.

Of course, like everything else, nothing is impossible given enough time and
resources.  Chances are what you are really asking is, "How much money and time
would someone have to spend in order to get my code from the PIC chip, so I can
determine whether that's more than what my code is worth."

If it takes more time and money to get your code from the chip than what the
code is actually worth, then the code protection is enough.

Lets say one wants to develop a reliable external mechanism to read the code
from one of these newer chips.  I suspect that one would have to spend a few
thousand dollars and several thousand man-hours to accomplish such a feat, and
then they would only have 20-50% success rate if they were very lucky(ie, they
need to obtain 5-10 of your chips in order to get the code off one).  Assuming
this was an individual doing it in their spare time it could take several
months, and they would have to be REALLY motivated (several hours a day, going
through 20-40 new chips/week using trial and error).  If this were a school
research project with 2-3 students, expect a few months.  If this were a
corporate reverse-engineering project, then they could put 5 people on the team
and have it done in a month (of course, those 5 people cost 4 thousand each for
that one month, so the code needs to be worth at least 25k)  But then, after
developing the mechanism, they could use it for other projects and spread the
cost out over a few years.  Of course, they could also hire a good programmer
and $5,000 later have the same functionality, minus any code keys you have
encrypted on the chip, and, as a bonus, it wouldn't be illegal to use.

Anyone with an electron microscope and a bunch of time could also probe the die,
and either get the code that way, or find weaknesses in the chip which would
make the above trial and error take much less time.

You can also perform a few other security measures.  Embed a wire in the potting
surrounding the circuit, and read the resistance (using the a/d).  If the
resistance changes much, overwrite the program memory.  Makes manufacturing more
difficult, but you get the security you pay for.

You can also buy the die(s) from micrchip, and put them in your own packaging
(dip, plcc, etc) and switch the pins around a bit.  A good hacker will still be
able to figure out what chip you used, but it would slow them down a bit.
Program the die before packaging, and don't connect the pins necessary for
programming.  There are lots of other things you can do...

-Adam

Mike Morris wrote:
{Quote hidden}

2000\04\05@104217 by Alan B Pearce

face picon face
>Program the die before packaging, and don't connect the pins necessary for
>programming.  There are lots of other things you can do...

I believe this is one of the tricks done with early one chip micros where there
was no code protection function, especially with the ROM versions of the chips,
like the 8048 series, where the read function was still available, even though
you could not write to it. When you specified the chip you specified the program
enable to not be connected to the pad.

2000\04\05@105720 by David VanHorn

flavicon
face
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>You can also buy the die(s) from micrchip, and put them in your own packaging
>(dip, plcc, etc) and switch the pins around a bit.  A good hacker will
still be
>able to figure out what chip you used, but it would slow them down a bit.
>Program the die before packaging, and don't connect the pins necessary for
>programming.  There are lots of other things you can do...

Buy the die from atmel, flip the pins around to conform to a pic pinout,
slow the I/O down by 4X to match, and then let them try to figure it out :)


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOOtuFIFlGDz1l6VWEQKPeACgjfjK+F0fTTC/BiFbOvVLZiLPooQAmwQE
IuKEEIjv3nFVIg3XVCoNNBwG
=49wa
-----END PGP SIGNATURE-----

More... (looser matching)
- Last day of these posts
- In 2000 , 2001 only
- Today
- New search...