Forums

Secure update distribution?

Started by tadaosystems January 16, 2005

I'm trying to figure out a way to distribute software updates
without the source code becoming public. I want to use a bootloader
and two wire serial connection to the PC from the circuit board, so
new software can be programmed into the flash memory easily.

However, I'm not sure how to distribute the program to people
without it "hanging in the breeze". Should I hash the hex file and
rename it to a different file extension? I suppose I'd have to
write a very specific pc "Update" program that would decrypt the
file and then serially feed it to the circuit board.

Is this a common thing to do?

Any suggestions would be greatly appreciated.




Just renaming the file is next to useless.
I guess there are several ways of securing the soft but it is quite obvious that it must be encrypted.
And it must stay encrypted while it is transferred to the target, otherwise one could just tap into
the serial link to get parts or the whole file in 'clear text'.

Some time ago I made a encrypted system, consisting of the bootloader and the accompanying windows program.
Have programmed over 200 units with this and it works perfect.

The basic algorithm is as follows:
Data is transferred in blocks of 64 bytes. Before a block is transferred the entire block is XOR'ed by a
fixed 64 byte 'masterkey' before transmission over the serial link.
The PIC bootloader then buffers the whole frame and XOR's it with the same 64 byte key (which is stored
in the PIC bootloader code).

That is the basic concept.
But there are several other things to watch out for...
obviously both the bootloader and the uploader software
contains the masterkey and both source codes must protected. The chip must be read protected. It must also
be write protected in such a way that no one can plant code into it to send the bootloader code out of the chip
over the serial link (revealing the masterkey and the whole algorithm).
Also any transfer must start by sending a few dummy frames of data, the object of this is to hide the actual start of
the code...the first few(100) bytes of code in a program is to some extent predictable.
All unused program space within the code (00 - FF ) must be filled with random or dummy data. If any such large
block are left open they will reveal the masterkey.

For data integrity I used  CRC16 on transmissions in both directions...if bootloader crc-check fails on a frame it
asks for a re-send.+ +
In addition the the mentioned 'masterkey' I also incorporated a 1 byte 'subkey' which is applied right at the serial port. This allowd the use of individual soft updates that would only run on given chip serialnumbers.
 
 

I made this system for PIC18, and the PIC18 series has very good code protection facilities. I'm not sure such a secure bootloader could be made for any of the other (lower) PIC series chips.

tadaosystems wrote:

 
I'm trying to figure out a way to distribute software updates
without the source code becoming public.  I want to use a bootloader
and two wire serial connection to the PC from the circuit board, so
new software can be programmed into the flash memory easily.

However, I'm not sure how to distribute the program to people
without it "hanging in the breeze".  Should I hash the hex file and
rename it to a different file extension?  I suppose I'd have to
write a very specific pc "Update" program that would decrypt the
file and then serially feed it to the circuit board.

Is this a common thing to do?

Any suggestions would be greatly appreciated.
 
 
 
 

to unsubscribe, go to http://www.yahoogroups.com and follow the instructions

--
*******************************************
VISIT MY HOME PAGE:
<http://home.online.no/~eikarlse/index.htm>
LAST UPDATED: 23/08/2003
*******************************************
Regards
Eirik Karlsen