'CODE SECURE WITH PIC?'
I am woundering if the code protection with PIC's is as secure as
promised by Microchip?
I am from China, as far as I know, there is a company in Beijin that
offers service to help decode the Microchip's PICs. The cost is about
US$1000 for each chip! I am afriad my own coding with PICs will be
copied by others one day.
Do you have any idea on this? Is my worry unnecessary?
TONY NIXON 54964
I guess it's the old story, if someone wants it bad enough they will
get it regardless of security precautions.
Just when I thought I knew it all,
I learned that I didn't.
Starfire Zhu <cheerful.com> wrote: zhuxh
> I am woundering if the code protection with PIC's is as secure as
> promised by Microchip?
Well... Since Microchip are careful not to promise ANYTHING in
regards to the security of the PIC code-protection, I guess the
answer is, "Yes."
=== Andrew Warren - ix.netcom.comfastfwd
=== Fast Forward Engineering - Vista, California
12/16/97 01:17 PM
-> Well... Since Microchip are careful not to promise ANYTHING in
-> regards to the security of the PIC code-protection, I guess the
-> answer is, "Yes."
Come now, Andy. You're being a mite disengenuous!
The very label 'code protection' contains a promise that
code will be protected. Such a promise must be subject
to a 'reasonableness' test.
Microchip promote 'programmable code protection' as a
feature of their devices, in the same way that they
promote a 'power saving SLEEP mode'.
If you discovered that the 'power saving' was a mere 5%
you would be justified in questioning the reasonableness
of Microchip's claim (despite its factual correctness).
In the same way, if you discovered that the 'code protec-
tion' could be defeated with $5 worth of electronics you
would (should) dispute the claim, and its implied promise.
|15 Dec 97, cheerful.com writes to All: zhuxh
z> I am woundering if the code protection with PIC's is as secure as
z> promised by Microchip?
Yes, due to Microchip promise only, that code protection exists, and nothing
about actual strength of code protection.
z> as far as I know, there is a company in Beijin that offers service to
z> help decode the Microchip's PICs. The cost is about US$1000 for each
The same service you can also found in Moskow, Russia. They promise any
protected PIC code reverse engineering with cost lower, than $1000
(same price!) in one-two days. For PIC16C84 it can be done for almost free and
for PIC16F8x price is lower, than $100. Probably, both companies use some
technological backdoors in Microchip products. Sorry, I don't know any
technical details, only see advertisiments and know some cases of the
successfull using of this service.
z> I am afriad my own coding with PICs will be copied by others one day.
z> Do you have any idea on this? Is my worry unnecessary?
The only things, that can protect you - change you product as frequently, as
possible, add new features, new ideas and didn't try to obtain superprofit.
If you need really protected product for security applications - use special
security designed chips, not wide available microcontrollers.
--- GoldED/2 2.50+
please, can you be more specific?
Can you tell me who offers such services, or how to find them?
I don't doubt the technical feasibility of this, but as it is presented
it sounds like one of those "urban legends" (you know: the story about
in the closet choking on the burglar's finger it had bitten off, or
whatever that was...)
I would like to know how much it really costs and how long it really
and what the success rate is (do you need a number of parts to ensure
full ROM reconstruction),
is it a destructive process (can you sneak the cracked part back into
And then I would like to hear these guys discuss what methods are
better, more expensive, etc.
Peter F. Klammer / racom.compklammer
Racom Systems, Inc. / 6080 Greenwood Plaza Blvd. / Englewood, CO 80111
(303)773-7411 / FAX:(303)771-4708 / http://www.racom.com
World's First Dual-Interface Symmetric-Access FRAM Smartcard
Martin R. Green
|This is not just an urban legend. There are some very sophisticated
techniques that are "very" destructive to the device under attack. I
used to have a link to a site that described in detail some of the
methods these "service" companies use, but I seem to have lost it.
Maybe someone else out there will know the one I am talking about.
Anyway, some of these techniques can be hacked at home, but for
difficult jobs, complex and expensive "fab" equipment is used.
Various chemicals and mechanical methods are used to obtain access to
the die, then by connecting to various points on the die, the contents
of the ROM can be read out.
Like most MCU's, PIC's a very vulnerable to an extremely sophisticated
attack. These guys are so good at what they do that several companies
(I think ATMEL is one of them) have developed high security MCU's,
that use a variety of tricks to thwart this kind of attack. I believe
some such chips actually self-destruct if the package is compromised.
CIAO - Martin.
On Tue, 16 Dec 1997 10:31:33 -0700, Pete Klammer <RACOM.COM> pklammer
Martin R. Green
To reply, remove the NOSPAM from the return address.
Stamp out SPAM everywhere!!!
I have heard of a commercial product sold in the UK called a PICBuster,
and I have seen a suggested attack method on the 16C84 which is alleged
to work (it also sounded likely to fry the chip, though) - search on
AltaVista for 16C84 and code and protect, I think.
The interest in Europe regarding PIC code protection defeating is
largely due to the use of these chips in satellite scrambling systems.
There is a thriving black market in smartcards which defeat the
encryption systems. Why they bother, I can't imagine. Its only 500
channels of utter crap, anyway, but that's human nature for you.....
What these minds could do in solving the world's *real* problems (sigh!)
> The only things, that can protect you - change you product as frequently, as
> possible, add new features, new ideas and didn't try to obtain superprofit.
> If you need really protected product for security applications - use special
> security designed chips, not wide available microcontrollers.
Very seldom is it worthwhile to crack a code-protected chip. While the
software in many chips has $1000's of dollars of engineering invested in
it, the designer has access to knowlege and information NOT contained
within the chip (e.g. info about debug modes, etc.) In many cases, it's
better to rewrite software from scratch than to reverse-engineer what's
there, especially if it's necessary to make any changes.
The one time code-cracking is profitable (which is what made the 16X84's such
a nice target) is when the contents of the chip are worth more than the device
in which it's embedded. For example, in a Satellite TV decoder, the contents
of the chip may be worth thousands of dollars even though the decoder itself
may be worth only a few hundred.
Note that the 16C84/16F84 may in fact be no easier to break than other 16Cxx
parts; the big reason it got cracked was the value of the broadcast satellite
|Andrew Mayo <GEAC.CO.NZ> wrote: andrew
> The interest in Europe regarding PIC code protection defeating is
> largely due to the use of these chips in satellite scrambling systems.
> There is a thriving black market in smartcards which defeat the
> encryption systems.
AFAIK, the PIC was never used in any original satellite descrambler or
smartcard. It was designed into some of the pirate smartcards. The
interest in defeating the PIC16C84 code protection was from people who
thought it would be easier to copy a pirate smartcard than
reverse-engineer the real (original) smartcard.
The processor of choice for new pirate stuff seems to be the Dallas DS5000,
which is designed to be very secure. I haven't heard whether anyone has
figured out how to dump the memory of the Dallas part.
> Why they bother, I can't imagine. Its only 500
> channels of utter crap, anyway, but that's human nature for you.....
> What these minds could do in solving the world's *real* problems (sigh!)
Typically the people who do the reverse-engineering aren't the same people
who spend eight hours a day watching television. It is done by people who
notice the large revenue stream from that group, and want to divert some of
it into their own pockets. There is enough potential revenue that the
pirates are willing to spend the money for some very heavy-duty reverse-
engineering, including microprobing.
Note that I don't condone any of this. And I personally don't have time to
watch more than two hours of TV a week (Babylon 5, The Simpsons, and King of
I've got a big pile of Sony audio and video gear, and I've gotten really
fed up with the fact that the volume control buttons on all the remotes
send volume commands with the TV device code, not to the receiver/preamp.
The speakers on my TV aren't even enabled. I've hacked some PIC code to
receive the IR, decode the TV volume commands, change the device code, and
forward them via Control-S to my preamp.
More... (looser matching)
- Last day of these posts
- In 1997
, 1998 only
- New search...