Author Topic: STM32 - can cloning be prevented?  (Read 5400 times)

0 Members and 1 Guest are viewing this topic.

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4405
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #100 on: May 22, 2018, 06:44:27 pm »
Unfortunately all the micros with shielding, tamper detection and zeroization are either limited to just doing a couple of crypto-functions or buried under NDAs.
That is still security trough obscurity.
Don't forget the import/export restrictions.
I am not sure if the NDA's are there to obfuscate their security implementation because the datasheets I have seen are absolutely not about silicon topography.
The used encryption algorithms are pretty much known so hiding that would also be a bit strange.

IMO those companys NDA's are there to keep the future roadmaps of the vendor restricted and my guess is also to prevent large customers to re-sell the chips.
The large volume discounts I have heard off are really steep, so it would be very interesting for a large company to buy 10 times more chips and re-sell them to (smaller) other companies. But that's my two cents.
 

Online ali_asadzadeh

  • Frequent Contributor
  • **
  • Posts: 464
  • Country: ir
    • ASiD Designer
Re: STM32 - can cloning be prevented?
« Reply #101 on: May 28, 2018, 11:14:28 pm »
Everything can be cloned! so add it to your business model ;)  When they can hack every software out there, like windows,altium,keil,solidworks,ISE,matlab, Vivado , quartus,3d max,visual studio etc... and some hardware like J-link have clones too! So you can make your product more complicated to replicate, by adding more complex mechanical case, more layers to PCB, use finer pitch parts, add encryption to your software, add battery backed up encryption keys, add tamper protection, you can make it harder, but if it's worth cloning they would clone it!

Also I have found making a product opensource, prevents many from cloning it! take linux as an example :D

The best hardware way is to use ASiCs, you can rollout your own M0 for 40K USD ARM license and prevent anybody to copy it easily!
« Last Edit: May 28, 2018, 11:18:32 pm by ali_asadzadeh »
You can order parts from www.ASiDesigner.com
we are a wire-based company
 

Offline SiliconWizard

  • Frequent Contributor
  • **
  • Posts: 498
  • Country: fr
Re: STM32 - can cloning be prevented?
« Reply #102 on: May 29, 2018, 12:47:09 am »
Actually, having one's product cloned is a very good sign of success.

Now if you keep giving your customers relevant updates and add value by other means (tech support, good after-sales service, ...), your clone competition won't be able to put up. So it will only reach a market share you wouldn't have gotten anyway, and it helps making your product popular. Think of the J-link for instance. Most people buying the clones wouldn't have bought the real deal. (And I can tell you from testing one that they're not nearly as robust either!)

Of course if you don't do any of those things and just never give anything to your customers once the sale is done, the clones will kill you. But you would die sooner or later anyway (unless maybe your product is SO good that it's self-sufficient forever, but that rarely happens).

 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4329
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #103 on: May 29, 2018, 03:06:29 am »
The best hardware way is to use ASiCs, you can rollout your own M0 for 40K USD ARM license and prevent anybody to copy it easily!
This is absolutely the worst way to go. First of all, you need to add at least $5-10 million until you get first working parts. And then, what stops clonners from decapping your parts, jut like any other MCU out there? Are you sure you can get the security right on your first try?
Alex
 

Offline Peabody

  • Regular Contributor
  • *
  • Posts: 229
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #104 on: May 29, 2018, 04:13:52 am »
Actually, having one's product cloned is a very good sign of success.

Now if you keep giving your customers relevant updates and add value by other means (tech support, good after-sales service, ...), your clone competition won't be able to put up. So it will only reach a market share you wouldn't have gotten anyway, and it helps making your product popular. Think of the J-link for instance. Most people buying the clones wouldn't have bought the real deal. (And I can tell you from testing one that they're not nearly as robust either!)

Of course if you don't do any of those things and just never give anything to your customers once the sale is done, the clones will kill you. But you would die sooner or later anyway (unless maybe your product is SO good that it's self-sufficient forever, but that rarely happens).

In this case the company provides significant ongoing customer support, including firmware updates.  But it doesn't want to expend resources providing support to clone owners.  The problem is that the clones look identical to the original, and claim to be the original, so the customer has no idea he is buying a clone.  Firmware updates don't work on clones, and may leave the clone bricked, although that's not the intention.  So they are trying to figure all this out with respect to new products.  The irony is that this is a Chinese company.  I guess the counterfeiters don't discriminate based on nationality.

 

Offline SiliconWizard

  • Frequent Contributor
  • **
  • Posts: 498
  • Country: fr
Re: STM32 - can cloning be prevented?
« Reply #105 on: May 29, 2018, 06:20:03 am »
The problem is that the clones look identical to the original, and claim to be the original, so the customer has no idea he is buying a clone.  Firmware updates don't work on clones, and may leave the clone bricked, although that's not the intention.  So they are trying to figure all this out with respect to new products.  The irony is that this is a Chinese company.  I guess the counterfeiters don't discriminate based on nationality.

I understand your point, and I guess it would all depend on a few factors.

Unless we are talking about a very low-cost product (even the genuine one), the customer usually knows, or at least should reasonably know, that  they are buying a clone. Clones are usually much cheaper - that's the whole point. Now if some clones are sold at prices in the same ballpark as the genuine product, this is another problem: this is just plain rip-off, and the customer would be entitled to get back at the reseller. But it's pretty rare, unless you like buying from very suspect sources. Usually the clones are way cheaper, and a moderately-educated customer should figure out this can't be a genuine product, and if in doubt, testimonies are usually not hard to find before you decide to buy.

If a customer is silly enough to believe they can actually buy a genuine product for 10 times less than the market price, they are living in a fairy world. And if on the other hand, they understand they are buying a clone and still think they will get full support and equivalent quality - again they are fooling themselves. So I personally think this is the customer's responsibility, and in some cases, the reseller's (if they really advertise some product as a genuine one and sells it at equivalent prices). One of the two is not being honest IMO.

Now for very low-cost products, you may not notice the difference, and you can get fooled easily - but it won't matter much, it's cheap.

This is a consideration for end-products. For semi-finished products or components, this is a slightly different story. The responsibility shifts from the customer (or reseller) to the manufacturer using said components. Let's take the FTDI case. A few manufacturers may have bought what they thought were genuine parts, and they weren't. But that's their responsibility. If you care for your business, selecting reputable suppliers is a big part of the story. If you don't, well, you know what to expect. And for the huge majority of manufacturers that were fully aware they were using cloned FTDI chips in their products to lower costs, this is all the more their responsibility: if anything goes wrong, they should fully refund their customers. Plain and simple. In this FTDI case, you may or may not agree with FTDI's move (bricking fake chips) which admittedly was pretty inept, but that doesn't change the fact that the full responsibility lies on the manufacturers' heads.

Anyway, just my opinion.

But just to get back to this "not-aware customers" thing: again apart from plain and obvious rip-off, customers should really get educated regarding their consuming habits in general, especially in this now completely world-wide market. Some people are gullible enough to think that they can get products that are overpriced in the western world, at barely manufacturing costs just because the reseller is from China. This is very rarely the case. Most of those products are either clones, or in some cases, indeed genuine products coming from the plants that manufacture them, but just the ones that got rejected at QC control, so they may present various issues, including being DOA.



 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4405
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #106 on: May 29, 2018, 06:53:36 am »
I have seen cloned products going through proper retail channels because they had no idea they were fakes. That is how good the copycats are these days. The only way the engineers could tell they were fakes was because they used chinese inductors instead of the german branded ones but the rest was identical.
So the customers are not always to blame or should be aware of this.
 

Online C

  • Super Contributor
  • ***
  • Posts: 1297
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #107 on: May 29, 2018, 01:32:44 pm »

The whole PC industry is based on legal cloning.

Start with the legal clone of the IBM PC bios program.
Then you have clones of video CGA, EGA & VGA.

Now from this list is it proper to call these clones or functional work-a-likes.
Does not take much searching that each of these were most likely far better them the original.

So is it proper to call the FTDI a clone or a functional work-a-like?
From what I have seen they are work-a-like. 
So the only problem here is the use of the FTDI software driver unless you can legally protect how a chip works and it's pin-out.
If FTDI did not want their software driver working with NON-FTDI functional chips, Fine make it not work.
They did not have right to harm what they did not create.

That last sentence if important, No one has a right to harm what is not theirs or that they did not create!!

If FTDI could not prevent their driver functioning with a work-alike with out harming work-alike then they had a choice.continue shipping the software & chip or stop shipping these.
A simple live with it or move on to newer software & chip.

Now a simple look at history and you find that IBM tried to take back control of PC with it's PS2 line of computers. A fail for many reasons.

Now I have problems with sellers not stating it is a FTDI Clone or FTDI work-a-like. Would be even better if the chip was better then original like has happened with PC's.

Your customer wants the best hardware & software for a cheap as passable price.

The higher the price for what is received, the more likely a clone or work-a-like will happen.

You should build what you can easily, quick and cheap and start designing/making a better model.

Some micro-controllers come with a built-in serial number. Most have some ways to protect firmware.
Do the best you can with out high expense and call it good.
The higher the cost the more likely someone will start looking for a security hole in what is created.
A tiny hole can bring down the mighty.

The result could be legal or not legal.

C
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4329
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #108 on: May 29, 2018, 01:40:31 pm »
They did not have right to harm what they did not create.
They had the right to write their drivers however they feel like. If "work-alikes"  reused USB VID/PID numbers, but are not fully compatible, then it is work-alikes problem, not FTDI's.

Alex
 

Online C

  • Super Contributor
  • ***
  • Posts: 1297
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #109 on: May 29, 2018, 02:58:40 pm »
They did not have right to harm what they did not create.
They had the right to write their drivers however they feel like. If "work-alikes"  reused USB VID/PID numbers, but are not fully compatible, then it is work-alikes problem, not FTDI's.

Simple then show where FTDI can buy simple numbers as that is what they are. No body can buy numbers, someone can grant their use but they are not owned.

C
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4329
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #110 on: May 29, 2018, 03:01:07 pm »
Simple then show where FTDI can buy simple numbers as that is what they are. No body can buy numbers, someone can grant their use but they are not owned.
Technically yes, but the potential problems of releasing USB devices with colliding IDs are known, so it is on the clonners. And it is pretty clear what they were trying to do here (save money on engineering and supporting driver and marketing), so that position is really indefensible.
Alex
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4405
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #111 on: May 29, 2018, 03:12:01 pm »
You can not compare ftdi with the cga/ega/vga clones simply because the latter supported their hardware by writing and releasing software drivers for their products.
In fact hardware is half the job, supporting software, getting the software MS approved and regular updates esp. when new OS's are released is the second part where many modern cloners fail to deliver.

 

Offline blueskull

  • Supporter
  • ****
  • Posts: 9450
  • Country: cn
  • Power Electronics Guy
Re: STM32 - can cloning be prevented?
« Reply #112 on: May 29, 2018, 03:35:00 pm »
This is absolutely the worst way to go. First of all, you need to add at least $5-10 million until you get first working parts. And then, what stops clonners from decapping your parts, jut like any other MCU out there? Are you sure you can get the security right on your first try?

Not nearly that high. You don't need 28nm or less process for IoT chips.
Commonly available 130nm is good enough for small scale digital chips, and if you are after big A small D, maybe even 180nm/250nm will work.
An MPW run on 180nm can be as low as a $5k~$8k, and if you are after pure analog, a 350nm or 500nm can go down to $3k.
EDA software is also not that expensive. Tanner offers subscription model, which costs less than a few k$ to get you started.

All the above are based on you have in-house labor to design the chip, of course. If you have to hire a consulting company, you will get billed by tens of k$ just for the labor.
SIGSEGV is inevitable if you try to talk more than you know. If I say gibberish, keep in mind that my license plate is SIGSEGV.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4329
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #113 on: May 29, 2018, 03:37:47 pm »
I was mostly factoring in having to hire people to do the work, and likely having to scrap first set of masks. There is absolutely no way that rolling your own chip is the best way to go, unless you are Google or Apple.
Alex
 

Offline blueskull

  • Supporter
  • ****
  • Posts: 9450
  • Country: cn
  • Power Electronics Guy
Re: STM32 - can cloning be prevented?
« Reply #114 on: May 29, 2018, 03:52:05 pm »
I was mostly factoring in having to hire people to do the work, and likely having to scrap first set of masks. There is absolutely no way that rolling your own chip is the best way to go, unless you are Google or Apple.

With MPW, you don't have your own mask. The $5k service fee includes all shared cost and fab's and broker's profit. You pay $5k, you send the GDSII, you get a few tens of sample chips. Period.
You have a f*ed up GDSII? You only lose 3 months of time (for the next batch of MPW for most fabs) and $5k.
If you are a startup and you have literally only a few engineers and engineers are time multiplexed, you don't waste labor cost during the 3 months. Just assign the engineer on other tasks.

A typical small analog IC (in my case, a buck-boost converter) only takes ~500 man-hours to design, layout and verify, and that's only $25k worth of labor for an average fresh MSEE graduate's wage.
If you can convince the government to help your design through SBIR/STTR (also grants you access to public universities), and off load some boring, repetitive works (layout, etc.) to university students (at $20/hr), you can get a fairly complicated chip done in one year for <$100k.
SIGSEGV is inevitable if you try to talk more than you know. If I say gibberish, keep in mind that my license plate is SIGSEGV.
 

Offline matseng

  • Frequent Contributor
  • **
  • Posts: 541
  • Country: se
    • My Github
Re: STM32 - can cloning be prevented?
« Reply #115 on: May 29, 2018, 04:03:18 pm »
...With MPW, you don't have your own mask. The $5k service fee includes all shared cost and fab's and broker's profit. You pay $5k, you send the GDSII, you get a few tens of sample chips.
How much will the required design/verify software set me back?  It is *almost* tempting to spend 5K and a lot of time for my own chip just for the sake of self-accomplishment.
 

Offline blueskull

  • Supporter
  • ****
  • Posts: 9450
  • Country: cn
  • Power Electronics Guy
Re: STM32 - can cloning be prevented?
« Reply #116 on: May 29, 2018, 04:18:39 pm »
How much will the required design/verify software set me back?  It is *almost* tempting to spend 5K and a lot of time for my own chip just for the sake of self-accomplishment.

$100k+ with Virtuoso, unless you have access to it by work.
$20k with Tanner, perpetual, with T-spice and L-edit.
$1.5k with Layouteditor, it does not have built-in simulator, so you need to reverse engineer your fab's PDK and reconstruct spice files and use LTSpice instead.
$0 with ElectricVLSI, similar to LE, more powerful, but more buggy.

Tanner also has synthesizing engine, at (quite some) extra cost. Electric+Yosys+ABC can do the same, but you need to do some works to get the combo to work.

Virtuoso is supported by most, if not all, fabs, while Tanner has much less support from fabs. The latter 2 are basically for simple designs where you don't need simulation or you can hack an inaccurate but good enough spice model.
SIGSEGV is inevitable if you try to talk more than you know. If I say gibberish, keep in mind that my license plate is SIGSEGV.
 
The following users thanked this post: matseng

Online C

  • Super Contributor
  • ***
  • Posts: 1297
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #117 on: May 29, 2018, 04:45:56 pm »
Kjelt

Again a look through history will show that hardware using someone else's ID numbers has been very common.
This was common a long time before the first PC.

Just a simple look back and you would find many clones of DEC's VT terminals, these were not true clones but "work-a-likes"
You would find all kinds of hardware that ID's as something else.

Clones or more properly work-a-likes have existed for a very long time.

Until USB most or all keyboards IDed as a IBM XT or IBM PS2 keyboards.
IBM did not have the right to harm a clone PS2 keyboard when plugged into a IBM PS2 computer.
Just like FTDI had no rights doing what they did.
In fact it could be shown that FTDI acted with a criminal intent to harm with their drivers.

As for the cga/ega/vga all start using default drivers. The special drivers were to enable more feathers then original IBM versions.

And not everything is Windows.
And Microsoft does not OWN your or my computer. Microsoft also not allowed to harm hardware or software.
And when Microsoft learned something they supplied was harming hardware they had some responsibility to remove the code causing the harm.

Clone work-a-likes cam be better or worse then original.
Some work-a-likes clones as the PC industry shows can win over the original and be legal.

C
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4405
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #118 on: May 29, 2018, 04:55:20 pm »
Again a look through history will show that hardware using someone else's ID numbers has been very common.
This was common a long time before the first PC.
What happened in the past does not make it right today. In the not so far past countries invaded other countries and took ownership, does that make it right to do this today?
In the beginning of the PC where you are talking about software was illegally copied more often than bought originally, there were no laws against that either back then, does that make it right today?
And so on.

What the real problem in this situation is: there are customers that bought ic's that they thought were original ones but they were not.
This even happened to major companies that put a fake chip in their products.
If it was clear that the chips were fake no-one would have given a damn about a driver not working anymore (they did not kill the chip they just did not work with their drivers anymore), that is the risk you take buying fakes.

 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4405
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #119 on: May 29, 2018, 04:58:18 pm »
With MPW, you don't have your own mask. The $5k service fee includes all shared cost and fab's and broker's profit. You pay $5k, you send the GDSII, you get a few tens of sample chips. Period.
So how does this work exactly. I heard pricing of a set of reticles going up to several hundreds of thousands of $. That's right multiple 100k$ for a reticle set (20+ layers or so on 16nm) How can they get their money back with a $5k service like that? There must be a big catch somewhere.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4329
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #120 on: May 29, 2018, 05:06:32 pm »
Again a look through history will show that hardware using someone else's ID numbers has been very common.
That's fine, but it comes with a foot note that whoever wrote the software controls you. That's all. Clonning is fine as long as you accept responsibility.

That's FTDI drivers, they can do whatever they want with them. There is nothing criminal about it.
Alex
 

Offline blueskull

  • Supporter
  • ****
  • Posts: 9450
  • Country: cn
  • Power Electronics Guy
Re: STM32 - can cloning be prevented?
« Reply #121 on: May 29, 2018, 05:07:27 pm »
So how does this work exactly. I heard pricing of a set of reticles going up to several hundreds of thousands of $. That's right multiple 100k$ for a reticle set (20+ layers or so on 16nm) How can they get their money back with a $5k service like that? There must be a big catch somewhere.

I was talking about legacy technologies. You definitely won't get cheap 16nm. You can, probably, get "cheap" 28nm from ST's FDSOI, as they are promoting that process as the next universal process (just like what 250nm/350nm did before).
To me, the most attractive processes are 180nm/250nm/350nm/500nm/700nm, as I am a power electronics engineer. All I care are custom SMPS controllers and gate drivers. I do DIY projects alongside university projects, so saving pennies is also important.
SIGSEGV is inevitable if you try to talk more than you know. If I say gibberish, keep in mind that my license plate is SIGSEGV.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4329
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #122 on: May 29, 2018, 05:09:18 pm »
How can they get their money back with a $5k service like that? There must be a big catch somewhere.
It is a shuttle service. You get 10 pieces of silicon, hundreds of others on the same wafer also get 10.  If you want real quantities, you will have to pay for the real masks.

The primary cost driver is still engineering. You need to either know what you are doing, or hire people who know. Neither option is cheap.
« Last Edit: May 29, 2018, 05:16:24 pm by ataradov »
Alex
 

Offline blueskull

  • Supporter
  • ****
  • Posts: 9450
  • Country: cn
  • Power Electronics Guy
Re: STM32 - can cloning be prevented?
« Reply #123 on: May 29, 2018, 05:19:44 pm »
It is a shuttle service. You get 10 pieces of silicon, hundreds of others on the same wafer also get 10.  If you want real quantities, you will have to pay for the real masks.

Also legacy process is kinda cheap. Some fabs even stopped offering shuttle for 350nm and just offer cheap 350nm MLM/MLR mask service instead.

You can mass produce with MLM/MLR and the mask cost is greatly reduced while you still get decent throughput.

Fabs don't like this, though, since loading and calibrating MLM/MLR is harder and more time consuming than single layer masks.

Nonetheless, they offer such services, at higher cost per wafer, but if you only need a few k to a few hundreds of k of chips (for small designs, that means one to a few tens of wafers), this still can be cheaper than building a full mask set.
SIGSEGV is inevitable if you try to talk more than you know. If I say gibberish, keep in mind that my license plate is SIGSEGV.
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4405
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #124 on: May 29, 2018, 05:34:41 pm »
Now I have problems with sellers not stating it is a FTDI Clone or FTDI work-a-like. Would be even better if the chip was better then original like has happened with PC's.
Well it would have also helped tremendously if they had not marked the chips with the FTDI logo  ::)

Hey but you are right, they should not have rendered the ic inoperational.
What they should have done is
- on driver init test the ic with their "illegal check" for authenticity, so check if it is genuine FTDI, and roll it back so also clones remain in the same state as before.
- If it is an authentic chip continue as usual.
- if it is not an authentic chip then display an annoying message onscreen that you have the wrong driver for this unknown IC and you should contact your seller or company for the correct driver, and abort.

That is how it should have been done.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf