Forums

Secure PIC programming

Started by Keith Wootten March 31, 2006
On Fri, 31 Mar 2006 23:04:51 GMT, Keith Wootten <keith@nononono.cod.uk> wrote:

>...Obviously, a determined person could capture the ICSP data as it's loaded to the >PIC, but we think the risk is small and is one we'd be prepared to take..
Then you should be willing to take the much smaller risk that they would be able to make any sense of the hex file. Robert Scott Ypsilanti, Michigan
In message <442e6564.1170281@news.provide.net>, ---@---.?.invalid writes
>On Fri, 31 Mar 2006 23:04:51 GMT, Keith Wootten <keith@nononono.cod.uk> wrote: > >>...Obviously, a determined person could capture the ICSP data as it's >>loaded to the >>PIC, but we think the risk is small and is one we'd be prepared to take.. > >Then you should be willing to take the much smaller risk that they >would be able >to make any sense of the hex file.
Disassembly is trivial with freeware tools and interpreting the result may even be fun. There are parts of the code which would give away the secrets of a proprietary protocol. Capturing the ICSP data requires, comparatively, a lot of effort and equipment. Making the code hard to interpret with all the usual tricks isn't an option as it's pre-existing and tight. If we can't find something off the shelf, then we may try to commission a USB PIC programmer maker to do what should be a fairly easy enhancement. Cheers -- Keith Wootten
Keith Wootten wrote:

> In message <442e6564.1170281@news.provide.net>, ---@---.?.invalid writes >>On Fri, 31 Mar 2006 23:04:51 GMT, Keith Wootten <keith@nononono.cod.uk> >>wrote: >> >>>...Obviously, a determined person could capture the ICSP data as it's >>>loaded to the >>>PIC, but we think the risk is small and is one we'd be prepared to take.. >> >>Then you should be willing to take the much smaller risk that they >>would be able >>to make any sense of the hex file. > > Disassembly is trivial with freeware tools and interpreting the result > may even be fun. There are parts of the code which would give away the > secrets of a proprietary protocol. Capturing the ICSP data requires, > comparatively, a lot of effort and equipment.
Not really, an old 80386 PC with a printer port could probably do it, or it would be trivial with a 20 year old logic analyser or a $50 FPGA eval board. Chris
Here is a real simple methode for PIC code.  You generate a 'keysteam'
of bytes which you XOR for both the encode and decode process.  Look
for "Better, Faster, random numbers" on this page...

http://members.cox.net/berniekm/tricks.html

Luhan

On Sat, 01 Apr 2006 16:15:15 +0100, the renowned Chris Jones
<lugnut808@nospam.yahoo.com> wrote:

>Keith Wootten wrote: > >> In message <442e6564.1170281@news.provide.net>, ---@---.?.invalid writes >>>On Fri, 31 Mar 2006 23:04:51 GMT, Keith Wootten <keith@nononono.cod.uk> >>>wrote: >>> >>>>...Obviously, a determined person could capture the ICSP data as it's >>>>loaded to the >>>>PIC, but we think the risk is small and is one we'd be prepared to take.. >>> >>>Then you should be willing to take the much smaller risk that they >>>would be able >>>to make any sense of the hex file. >> >> Disassembly is trivial with freeware tools and interpreting the result >> may even be fun. There are parts of the code which would give away the >> secrets of a proprietary protocol. Capturing the ICSP data requires, >> comparatively, a lot of effort and equipment. > >Not really, an old 80386 PC with a printer port could probably do it, or it >would be trivial with a 20 year old logic analyser or a $50 FPGA eval >board. > >Chris
Right, but you have to have some knowledge to make that work. You can download MPLAB for free, load the hex file, enter in the part number, and be off simulating in no time. Nothing's perfect, the PIC protection can be bypassed too, for a price, so it's all a trade-off. Best regards, Spehro Pefhany -- "it's the network..." "The Journey is the reward" speff@interlog.com Info for manufacturers: http://www.trexon.com Embedded software/hardware/analog Info for designers: http://www.speff.com
"Keith Wootten" <keith@nononono.cod.uk> wrote in message 
news:d1frD+ACabLEFwC4@ntlworld.com...
> > We have customers using PICs who sometimes need to re-program them with > updated firmware. It's inconvenient to have to ship the equipment back to > a service centre, and most customers are quite capable of doing it > themselves. >
Perhaps it would be easier to try a legal solution rather than a technical one. Supply the code under a license that forbids the disassembly of it and the use of any knowledge gleaned from doing so.