Hi all!

Do you know if there's a way to protect the code from being read, and duped?
It's safe?

EDIT:
I've found my answers, it's just setting the CP bit on, but, it's REALLY safe?

Luca

100% safe ... NO.

The program can be retrieved. But it takes some extremely knowledgable people to do it. There are even some places that will do it for you for about $5000. The reputable ones require a statement in writing that you are the original owner of the program (but that's just for their protection, not yours).

Some of the really old chips like 12C and some 16C are much easier, and can be done cheaper.
<br>

Hi,

(Copy Protection in Modern Microcontrollers).

See this link:
http://www.cl.cam.ac.uk/~sps32/mcu_lock.html

The latest paper on this subject:
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html

Semi-invasive attacks – A new approach to hardware security analysis
Sergei P. Skorobogatov
April 2005, 144 pages
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

Best regards,

Luciano

Here's some nasty little devices that can just read the protected chips without destroying them.

http://www.semiresearch.com/index.php?-1226852084
http://www.semiresearch.com/index.php?-89148003
<br>

I thought it was almost impossible, i had read about microscopic readings of the memory and stuff like that, but this are really bad news, it even isnt that expensive!!! if you consider you could charge 5000 for one copy like DARREL already said.

So this piece of crap can copy 877A, is it safer to move to 18F?

A little thought... "had someone bought this thing? maybe its microcontroller is a 877A and we can copy it just to f...k them!" JAJAJA.

Hi,

If you do not sleep at night ...

you can also use the Writecode function , and destroy a part of the code ... if the circuit is out of its original board !!! Not too difficult to realize ...

just a "concours Lépine" idea ...

Alain

I have almost finished a very complicated and time consuming project. Code protection is very important to me. But I do not feel I can trust the code protect feature in the pic. so now what ?

What do you guys think of frying an IO and having a simple code that says if this io is low then erease the pic, that sort of thing ? the IO would have to goto no where otherwise the pepole who are trying to make a clone would try to find out what it is for. Normally an IO that is tied no where goes high, becuase of the internal pullup. but if we could only fry that part then it might be able to read low.

The thing is the code would need to be descrete, otherwise these copy cats would see it easy.

The subject of code protection came up in one of the classes I attended at Microchip's 2007 Masters Conference earlier this month.

According to the information I received, if the CP bit is set: So far, no one has come up with a way to beat it short of a physically invasive method--microscopic examination of the die.

Russ

It figures Microchip would say something like that.

But with devices like those linked in post #4.
I'm not sure how they can keep a straight face when they do.

They keep changing they're links, so if they don't work goto

http://www.semiresearch.com

and select "Secure MCU Readers" from the menu.
<br>

Every time someone builds a better mouse trap.
Someone else builds a better mouse.

The subject of code protection came up in one of the classes I attended at Microchip's 2007 Masters Conference earlier this month.

According to the information I received, if the CP bit is set: So far, no one has come up with a way to beat it short of a physically invasive method--microscopic examination of the die.

Russ

I have heard these quotes before. All I know of cracking devices is, that it's as simple as burgling a house. When you leave home, you put the biggest padlock you have on your door and bolt it down. When a burglar strikes, he reverses the procedure. The last time I read up on this topic, I learnt about using devices out of spec (power/timing) to beat various protection schemes. The power glitch is one very interesting technique and is sucessfully used by 8051 hackers. A related phenomenon is when you have the flash being corrupted by mere power on/off cycles. BTW : the Rst pin in the 8051 family usually is the VPP pin. Doesn't that say enough? I am almost sure that most flash micros are prone to this type of failure.

It figures Microchip would say something like that.

But with devices like those linked in post #4.
I'm not sure how they can keep a straight face when they do.

Well, I'm not going to assume that the Microchip people are in the same class as sleazy used car salesmen. As I wrote, the statement was qualified with "so far". However, I've forwarded the link with a question to my FAE, and I'll report back his reply when I get it.


They keep changing they're links, so if they don't work goto

http://www.semiresearch.com

and select "Secure MCU Readers" from the menu.
<br>

I notice that the list of target devices for both readers is still very, very short. (You have to wonder why it takes one device to do the '877 and the other to do the '877A.)

I've E-mailed them for price information, availability, warranty/guarantee information, and asked if they will provide free upgrades as other PICs become supported. I note that their sales office is in China and their lab is in Lithuania.

-----------------

My understanding is that IP (intellectual property) theft right now is worst (and rampant) in China and in India: In China because IP theft is almost a way of life in engineering and technology, and in India (Jerson, correct me if this is wrong) because their laws and court system have not kept pace with the development of technology.

http://www.mcucrack.com/ and http://www.waferstar.com/en/index.shtml doing this job for all microcontrollers.

I know some devices extract code from AT51/52 micro.
Just insert microcontroller, Press start button, and all code save in 24c64 in 4 min.
I always protect microcontroller to apply 24v 10ma power source only once to eny pin of PORT0 ( that are not used )with respect ground , No one extract code after this.

http://www.mcucrack.com/ and http://www.waferstar.com/en/index.shtml doing this job for all microcontrollers.

Zhonghai (the first link) uses what they call "intruded crack"--that involves going in and looking at the physical die. Not much protection against that. Wafer (the second link) doesn't seem to show anything on cracking. What did I miss on that site?


I always protect microcontroller to apply 24v 10ma power source only once to eny pin of PORT0 ( that are not used )with respect ground , No one extract code after this.

This sounds interesting. Can you describe why and how this works to protect code? Does this prevent just reading the code? What about the invasive ("intruded crack") approach--can't someone still recover the code by microscopic examination of the die?

If you write to weferstar for code recovery they will quote rates.

No one can escape from microscopic examination of the die.

My understanding is that IP (intellectual property) theft right now is worst (and rampant) in China and in India: In China because IP theft is almost a way of life in engineering and technology, and in India (Jerson, correct me if this is wrong) because their laws and court system have not kept pace with the development of technology.

In India, the laws are in place, but implementation is a different game altogether. Today, India is moving way ahead in terms of R&D and many companies favour indigenous development. I would say, part of that effort involves looking at superior products for inspiration. But, yet, there are folks who make their living using plain old cracking of ics for their living. They have even got so brazen as to advertise themselves in local magazines in the past. The charges of hacking the code is proportional to the benefit you would get by hacking it (thats how it works).

I do not know if burning a port pin helps, but it sounds good to me. At least it won't be read by these flimsy techniques. Obviously, the port you blow should be directly linked to the programming data port - isn't it?

Ya that would be the most secure, if you fry the data pin for example. I heard of a guy who did that and never ruined a chip yet. But that prevents you from firmware updates and such. I am using the 18F6722, I'm wondering if that chip is even able to crack yet. I understand the older chips are easy. But from my understanding, the newer chips you can't crack them with the power glitch. Is this true ?

Here's the answer I received from my E-mail inquiry:

Hello Russ,

- Flash PIC Reader-Copier I / II price is 12000,- EUR
AVR I Reader is 15000,- EUR

- Please reffer to the web site www.semiresearch.com

- Guarantee is 12 month, no updates available.

Regards,
Anatoli Vulf
Radiolinija,UAB
Jasinskio str.17, Vilnius, LT-01111, Lithuania
Web: http://www.semiresearch.com
Email: [email protected]
GSM +37069910000
Tel. +37052685564
Fax +37052122757

Since a Euro right now is about US$1.36, that puts the PIC readers at over US$16,000 each. That strikes me as exorbitant, since the model I reads only 11 devices and the model II reads only 4.

Hello,

My friend is about to send a sample of his product using an 18F2620. I know he has paid good money for a professional software writer to write his code. Now after me showing him this thread he is worried!

He is about to send a sample for evaluation to a medium size company based in the UK. With the potential for them to purchase and resell. This company seems respectable! But it has its own R&D department. In the view of the forums users (Crystal Ball time) should he be worried? Is there anything else other than the inbuilt code protection he could do?

I have little experience of this as I have the perfect code protection!!! Anything I have written is so poor to be of any value to anyone else……

Thanks,
Bob

My friend is about to send a sample of his product using an 18F2620. I know he has paid good money for a professional software writer to write his code. Now after me showing him this thread he is worried!

He is about to send a sample for evaluation to a medium size company based in the UK. With the potential for them to purchase and resell. This company seems respectable! But it has its own R&D department. In the view of the forums users (Crystal Ball time) should he be worried? Is there anything else other than the inbuilt code protection he could do?

Foremost, your friend should have an attorney (in the UK, that's a solicitor, right?) who specializes in intellectual property (IP) and can advise and assist him.

I can't speak for others, but I no longer sell any design outright; I retain ownership and license the product to the client.

Thanks RussMartin,

I think if there was a problem it would be argued that they have written their own code independently and it would be up to the original inventor to prove otherwise. Knowing what UK solicitors charge this would be very costly to contest. I understand a copy of the code and design is logged with his Solicitor. But not sure if this will be of any use?

One thought I had was to have a bit of code embedded to make the unit do something slightly unusual that could be measured externally when a pin is grounded. Would this help prove that the copy was a copy and not a similar but different bit of software?

Also if his code for the purpose of the evaluation could be time limited somehow? Any suggestions?
I am sure George (the inventor) will be looking at this page with anticipation…

Thanks again,
Bob

BobP, see my private message to you.

Hi,

See this link:
http://en.wikipedia.org/wiki/Non-disclosure_agreement

* * *

If your product is sold to the public, then you have only one way to protect it:
http://www.ipo.gov.uk/design/d-applying/d-should/d-should-abroad.htm

Best regards,

Luciano

Thanks Luciano and Russ,

The Non Disclosure Agreement is something I have already advised George to do. It shows you are aware of the methods of protecting your product and you take it seriously.

But my worry would be if agreement is broken the cost of legal proceedings if you loose... Hello skid row.

Thankyou for the links as it give more useful information on NDA's and is something else to help in protecting our ideas.

Bob