EmbeddedRelated.com
Forums
   Forums    More Forums    rabbit-semi  

Securing code?

Started by hwrd389 November 3, 2006
Reply by IDES November 10, 20062006-11-10










A clever person would be able to replace the Flash chips without
disturbing the Battery backed MPU ran, and extract the contents of this
ram to be used in other copies of the system.



No you do not need to do a complete Flash chip replacement.

This is done by piggy backing the installed Flash chip with another
Flash device and moving the /CS to the new Flash.



This is a very simple way to hack the code.



Jim Ashby



Daniel wrote:




Nathan,



Doesn't taking this approach mean that if the module runs out of

battery it would stop working? The variable containing the key would

get a random value after the battery is removed or runs out, I imagine.



--- In rabbit-semi@yahoogroups.com,
"Nathan Johnston"

<nathan.johnston@...> wrote:

>

> A R4000 powerpoint presentation I was given last year said that it
had

> 32 bytes of internal battery backed RAM to store security keys. I
have

> not used one to personally verify this though.

>

> We previously did a job for a customer where there was a fairly
large

> risk of it being copied. Before loading the production code we
would run

> a program that in addition to performing calibration of the ADC's
etc it

> also loaded a key that ultimately got stored in battery backed ram
and

> was checked at powerup. It worked quite well. In one case one of
their

> units in India stopped functioning after the "curious" owners
decided to

> open up the unit and remove the core module :-)









__._,_.___























Recent Activity



Visit Your Group

SPONSORED LINKS






Yahoo! News

Kevin" target="_blank" rel="nofollow">http://hotzone.yahoo.com">Kevin Sites


Get coverage of


world crises.



Sitebuilder

Over"" target="_blank" rel="nofollow">http://smallbusiness.yahoo.com/webhosting/sitebuilding.php">Over" target="_blank" rel="nofollow">http://us.rd.yahoo.com/evtD092/*Over" target="_blank" rel="nofollow">http://smallbusiness.yahoo.com/webhosting/sitebuilding.php">Over 380 Templates


Build and custo-


mize your web site



Y! GeoCities

Free"" target="_blank" rel="nofollow">http://geocities.yahoo.com/ps/y360/?v=f">Free" target="_blank" rel="nofollow">http://us.rd.yahoo.com/evtB416/*Free" target="_blank" rel="nofollow">http://geocities.yahoo.com/ps/y360/?v=f">Free Blogging


Share your views


with the world.





.

nc3848539

__,_._,___

Reply by Alexis November 10, 20062006-11-10
IDES wrote:
>
> A clever person would be able to replace the Flash chips without
> disturbing the Battery backed MPU ran, and extract the contents of
> this ram to be used in other copies of the system.
>
> No you do not need to do a complete Flash chip replacement.
> This is done by piggy backing the installed Flash chip with another
> Flash device and moving the /CS to the new Flash.
>
> This is a very simple way to hack the code.
>
> Jim Ashby
>
> Daniel wrote:
>
>> Nathan,
>>
>> Doesn't taking this approach mean that if the module runs out of
>> battery it would stop working? The variable containing the key would
>> get a random value after the battery is removed or runs out, I imagine.
>>
>> --- In r...
>> , "Nathan Johnston"
>> wrote:
>> >
>> > A R4000 powerpoint presentation I was given last year said that it had
>> > 32 bytes of internal battery backed RAM to store security keys. I have
>> > not used one to personally verify this though.
>> >
>> > We previously did a job for a customer where there was a fairly large
>> > risk of it being copied. Before loading the production code we
>> would run
>> > a program that in addition to performing calibration of the ADC's
>> etc it
>> > also loaded a key that ultimately got stored in battery backed ram and
>> > was checked at powerup. It worked quite well. In one case one of their
>> > units in India stopped functioning after the "curious" owners
>> decided to
>> > open up the unit and remove the core module :-)
>>
>
I designed a custom board for a client a few years back using a Rabbit
2000. Included in the design was a windowed watchdog which monitored the
Rabbit. The code to address the watchdog was coded in assembler and
included in my source. Needless to say once the design was completed and
running, it was given to one of my competitors to add / change the code
to meet their new requirements. To cut a long story short it came back
to me a few months later, as the Rabbit was being reset every 30
seconds. They never included the assembler portion to keep the watchdog
from ticking over....

Alexis
Reply by Nathan Johnston November 13, 20062006-11-13
Daniel,

Yes this is correct. A suitably sized battery was chosen to exceed the
expected lifespan of the product.

And as Jim pointed out this method can still be hacked but it's a lot
better than having nothing...

Regards,

Nathan

-----Original Message-----
From: r... [mailto:r...]
On Behalf Of Daniel
Sent: Friday, 10 November 2006 10:41 PM
To: r...
Subject: [rabbit-semi] Re: Securing code?

Nathan,

Doesn't taking this approach mean that if the module runs out of
battery it would stop working? The variable containing the key would
get a random value after the battery is removed or runs out, I imagine.

--- In r...
, "Nathan Johnston"
wrote:
>
> A R4000 powerpoint presentation I was given last year said that it had
> 32 bytes of internal battery backed RAM to store security keys. I have
> not used one to personally verify this though.
>
> We previously did a job for a customer where there was a fairly large
> risk of it being copied. Before loading the production code we would
run
> a program that in addition to performing calibration of the ADC's etc
it
> also loaded a key that ultimately got stored in battery backed ram and
> was checked at powerup. It worked quite well. In one case one of their
> units in India stopped functioning after the "curious" owners decided
to
> open up the unit and remove the core module :-)
You might also like... (promoted content)
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
New Research Report: The State of IoT Software Development
New Research Report: The State of IoT Software Development
New Research Report: The State of IoT Software Development