Searching \ for 'CODE SECURE WITH PIC?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=pic
Search entire site for: 'CODE SECURE WITH PIC?'.

Truncated match.
PICList Thread
'CODE SECURE WITH PIC?'
1997\12\15@104712 by zhuxh

flavicon
face
I am woundering if the code protection with PIC's is as secure as
promised by Microchip?
I am from China, as far as I know, there is a company in Beijin that
offers service to help decode the Microchip's PICs. The cost is about
US$1000 for each chip! I am afriad my own coding with PICs will be
copied by others one day.
Do you have any idea on this? Is my worry unnecessary?

1997\12\15@180606 by TONY NIXON 54964

flavicon
picon face
I guess it's the old story, if someone wants it bad enough they will
get it regardless of security precautions.


Tony


Just when I thought I knew it all,
I learned that I didn't.

1997\12\15@195225 by Andrew Warren

face
flavicon
face
Starfire Zhu <spam_OUTzhuxhTakeThisOuTspamcheerful.com> wrote:

> I am woundering if the code protection with PIC's is as secure as
> promised by Microchip?

   Well... Since Microchip are careful not to promise ANYTHING in
   regards to the security of the PIC code-protection, I guess the
   answer is, "Yes."

   -Andy

=== Andrew Warren - .....fastfwdKILLspamspam@spam@ix.netcom.com
=== Fast Forward Engineering - Vista, California
=== http://www.geocities.com/SiliconValley/2499

1997\12\15@211603 by Bob Lunn

flavicon
face
Bob Lunn
12/16/97 01:17 PM


-> Well... Since Microchip are careful not to promise ANYTHING in
-> regards to the security of the PIC code-protection, I guess the
-> answer is, "Yes."

    Come now, Andy.  You're being a mite disengenuous!

    The very label 'code protection' contains a promise that
    code will be protected.  Such a promise must be subject
    to a 'reasonableness' test.

    Microchip promote 'programmable code protection' as a
    feature of their devices, in the same way that they
    promote a 'power saving SLEEP mode'.

    If you discovered that the 'power saving' was a mere 5%
    you would be justified in questioning the reasonableness
    of Microchip's claim (despite its factual correctness).

    In the same way, if you discovered that the 'code protec-
    tion' could be defeated with $5 worth of electronics you
    would (should) dispute the claim, and its implied promise.

___Bob

1997\12\16@103936 by Alexey Vladimirov

flavicon
face
15 Dec 97, zhuxhspamKILLspamcheerful.com writes to All:

z> I am woundering if the code protection with PIC's is as secure as
z> promised by Microchip?

Yes, due to Microchip promise only, that code protection exists, and nothing
about actual strength of code protection.

z> as far as I know, there is a company in Beijin that offers service to
z> help decode the Microchip's PICs. The cost is about US$1000 for each
z> chip!

The same service you can also found in Moskow, Russia. They promise any
protected PIC code reverse engineering with cost lower, than $1000
(same price!) in one-two days. For PIC16C84 it can be done for almost free and
for PIC16F8x price is lower, than $100. Probably, both companies use some
technological backdoors in Microchip products. Sorry, I don't know any
technical details, only see advertisiments and know some cases of the
successfull using of this service.

z> I am afriad my own coding with PICs will be copied by others one day.
z> Do you have any idea on this? Is my worry unnecessary?

The only things, that can protect you - change you product as frequently, as
possible, add new features, new ideas and didn't try to obtain superprofit.
If you need really protected product for security applications - use special
security designed chips, not wide available microcontrollers.

Alexey

--- GoldED/2 2.50+

1997\12\16@124543 by Pete Klammer

flavicon
face
Terviist!

please, can you be more specific?

Can you tell me who offers such services, or how to find them?

I don't doubt the technical feasibility of this, but as it is presented
so far,
it sounds like one of those "urban legends" (you know: the story about
the dog
in the closet choking on the burglar's finger it had bitten off, or
whatever that was...)

I would like to know how much it really costs and how long it really
takes,
and what the success rate is (do you need a number of parts to ensure
full ROM reconstruction),
is it a destructive process (can you sneak the cracked part back into
service?).

And then I would like to hear these guys discuss what methods are
better, more expensive, etc.

Peter F. Klammer / .....pklammerKILLspamspam.....racom.com
Racom Systems, Inc. / 6080 Greenwood Plaza Blvd. / Englewood, CO 80111
(303)773-7411 / FAX:(303)771-4708 / http://www.racom.com
World's First Dual-Interface Symmetric-Access FRAM Smartcard

{Quote hidden}

1997\12\16@132547 by Martin R. Green

flavicon
face
This is not just an urban legend.  There are some very sophisticated
techniques that are "very" destructive to the device under attack.  I
used to have a link to a site that described in detail some of the
methods these "service" companies use, but I seem to have lost it.
Maybe someone else out there will know the one I am talking about.

Anyway, some of these techniques can be hacked at home, but for
difficult jobs, complex and expensive "fab" equipment is used.
Various chemicals and mechanical methods are used to obtain access to
the die, then by connecting to various points on the die, the contents
of the ROM can be read out.

Like most MCU's, PIC's a very vulnerable to an extremely sophisticated
attack.  These guys are so good at what they do that several companies
(I think ATMEL  is one of them) have developed high security MCU's,
that use a variety of tricks to thwart this kind of attack.  I believe
some such chips actually self-destruct if the package is compromised.


CIAO - Martin.

On Tue, 16 Dec 1997 10:31:33 -0700, Pete Klammer <KILLspampklammerKILLspamspamRACOM.COM>
wrote:

{Quote hidden}

Martin R. Green
elimarEraseMEspam.....NOSPAMbigfoot.com

To reply, remove the NOSPAM from the return address.
Stamp out SPAM everywhere!!!

1997\12\16@151841 by Andrew Mayo

flavicon
face
I have heard of a commercial product sold in the UK called a PICBuster,
and I have seen a suggested attack method on the 16C84 which is alleged
to work (it also sounded likely to fry the chip, though) - search on
AltaVista for 16C84 and code and protect, I think.

The interest in Europe regarding PIC code protection defeating is
largely due to the use of these chips in satellite scrambling systems.
There is a thriving black market in smartcards which defeat the
encryption systems. Why they bother, I can't imagine. Its only 500
channels of utter crap, anyway, but that's human nature for you.....
What these minds could do in solving the world's *real* problems (sigh!)

{Quote hidden}

1997\12\16@164131 by John Payson

picon face
> The only things, that can protect you - change you product as frequently, as
> possible, add new features, new ideas and didn't try to obtain superprofit.
> If you need really protected product for security applications - use special
> security designed chips, not wide available microcontrollers.

Very seldom is it worthwhile to crack a code-protected chip.  While the
software in many chips has $1000's of dollars of engineering invested in
it, the designer has access to knowlege and information NOT contained
within the chip (e.g. info about debug modes, etc.)  In many cases, it's
better to rewrite software from scratch than to reverse-engineer what's
there, especially if it's necessary to make any changes.

The one time code-cracking is profitable (which is what made the 16X84's such
a nice target) is when the contents of the chip are worth more than the device
in which it's embedded.  For example, in a Satellite TV decoder, the contents
of the chip may be worth thousands of dollars even though the decoder itself
may be worth only a few hundred.

Note that the 16C84/16F84 may in fact be no easier to break than other 16Cxx
parts; the big reason it got cracked was the value of the broadcast satellite
signals.

1997\12\18@191927 by Eric Smith

flavicon
face
Andrew Mayo <andrewSTOPspamspamspam_OUTGEAC.CO.NZ> wrote:
> The interest in Europe regarding PIC code protection defeating is
> largely due to the use of these chips in satellite scrambling systems.
> There is a thriving black market in smartcards which defeat the
> encryption systems.

AFAIK, the PIC was never used in any original satellite descrambler or
smartcard.  It was designed into some of the pirate smartcards.  The
interest in defeating the PIC16C84 code protection was from people who
thought it would be easier to copy a pirate smartcard than
reverse-engineer the real (original) smartcard.

The processor of choice for new pirate stuff seems to be the Dallas DS5000,
which is designed to be very secure.  I haven't heard whether anyone has
figured out how to dump the memory of the Dallas part.

> Why they bother, I can't imagine. Its only 500
> channels of utter crap, anyway, but that's human nature for you.....
> What these minds could do in solving the world's *real* problems (sigh!)

Typically the people who do the reverse-engineering aren't the same people
who spend eight hours a day watching television.  It is done by people who
notice the large revenue stream from that group, and want to divert some of
it into their own pockets.  There is enough potential revenue that the
pirates are willing to spend the money for some very heavy-duty reverse-
engineering, including microprobing.

Note that I don't condone any of this.  And I personally don't have time to
watch more than two hours of TV a week (Babylon 5, The Simpsons, and King of
the Hill).

I've got a big pile of Sony audio and video gear, and I've gotten really
fed up with the fact that the volume control buttons on all the remotes
send volume commands with the TV device code, not to the receiver/preamp.
The speakers on my TV aren't even enabled.  I've hacked some PIC code to
receive the IR, decode the TV volume commands, change the device code, and
forward them via Control-S to my preamp.

Cheers,
Eric

More... (looser matching)
- Last day of these posts
- In 1997 , 1998 only
- Today
- New search...