STM32 - can cloning be prevented?

[ali_asadzadeh]

A custom MCU with a standard processorcore ? So only the peripherals are custom? And you are going to create peripherals that the big uCs producers did not think of ?
You still have the code that is easily reverse engineered or are you going to obfuscate that as well?
If you have a processor where all (internal or external) instructions are de-encrypted in hardware and on chip just before execution you might have an interesting product.

It can have some custom peripherals, but it does not need something new, a new peripheral arch would prevent most of us to switch to another company that makes Cortex parts, for example if you are ok with ST, it's hard for you to convince yourself to do a design in a similar part in a NXP part for example, also please remember that NO ONE has your chip in his/her hands! so why do anything! it's the magic secret in a lot of scopes, with custom parts in them, and I'm sure they could have used regular of the shelf parts if they wanted to.

[Kjelt]

remember that NO ONE has your chip in his/her hands! so why do anything! it's the magic secret in a lot of scopes, with custom parts in them, and I'm sure they could have used regular of the shelf parts if they wanted to.

I think you are mistaken. The custom parts in the scopes et all are special analog ic's not digital microcontrollers we are discussing right now. BIG DIFFERENCE!
If you use a standard core and you have no protection on your code your product can and will be cloned in weeks.
That is what we are discussing right now how to protect your product if it is solely based on a microcontroller, SW and jelly bean parts.

[SiliconWizard]

ataradov

You are missing a major point.

FTDI did not even have the right to harm the chip they created.

They do not own the chip any longer as it has been SOLD.

I don't quite agree with that.

As I said, I reckon FTDI's decision was kind of inept for various reasons, but they were not "harming" the chips they sold. They were kind of disabling the counterfeit ones, not the genuine products.
This was not necessarily smart, but the idea was probably to force the manufacturers using counterfeit chips (and in turn the counterfeiters) to be harmed. And if customers had been smart that's exactly what should have happened. They should have gotten back at the dubious manufacturers way before getting back at FTDI. The manufacturer is ultimately 100% responsible for what they sell. And those who were unaware of using counterfeit chips were either not having the right supplier selection process or themselves got abused - then they should have gotten back at their supplier, and so on. But I guess most of them were aware and did it to get higher margins. Let's not be excessively naive.

Truth is, until customers actually notice there is a problem, nobody cares about using illegal stuff when it lowers costs, and nobody cares whether the cloned stuff works as well as the genuine or not. That's the root problem IMO. And quite often, it concerns products that have low margin anyway and it would not be cost effective to take any action against counterfeiting, unless customers stop buying or even ask for refund.

I would consider different classes of cloning though, from what has been mentioned in this thread.
* Clones in the common "PC-world" sense: making functionally-equivalent products but without just plain copying them. This usually works well for the customers, is non-ambiguous (they know they are not buying the original stuff), and often triggers sane competition. Here the cloners are not exactly parasiting the products themselves, but rather their market and ecosystem;
* Copies of products: more or less exact copies that are unauthorized, are usually not quite as reliable as the original, much cheaper and don't try to pass as genuine. The customers know they're buying a clone and accept the risks. Sometimes the copies are not quite as good, but occasionally they offer extra features that make them attractive;
* Counterfeits: copies of products that pass as genuine. This is not only unauthorized copying, but is also misleading for the customers. It's just plain fraud. And when the counterfeit products are sold at the market price of the genuine, it's not just fraud, it's a rip-off.

[Peabody]

* Counterfeits: copies of products that pass as genuine. This is not only unauthorized copying, but is also misleading for the customers. It's just plain fraud. And when the counterfeit products are sold at the market price of the genuine, it's not just fraud, it's a rip-off.

This is essentially what happened to the company's first product.  The product was copied exactly, and the copies were represented as genuine, and sold at the same price.  In fact, when customers discovered later that what they bought was a counterfeit (because the firmware updates didn't work), the counterfeiters produced documentation to both AliExpress and Ebay showing that they were authorized to manufacture the products, all of which was competely fraudulent.  But AliExpress and Ebay then refused refunds to customers on the ground that what they received was genuine.  So the customers were royally screwed.  And in fact the counterfeits are still being sold on both sites, which I think is shameful.  So now the company is trying to prevent that on the next product, if possible.

[C]

 ataradov & SiliconWizard

Simple questions:

1. who owns all your computer equipment?

2. who has liabilities for improper function?

Think about #1
If you side with chip maker then The tire maker can come and do anything to your car tires.

For #2
You can find many cases where INTEL made a bad chip and replaced it, just like a tire maker has to replace defective tires.

To repeat
I see no problem with making a Work-A-Like unless there was a legal barrier for the USB communications to chip.
You have the Intel 8080 & the Zilog Z80. My understanding is that Intel had a copy-write on the Assembler Source mnemonics. So Zilog had to change this. But the actual binary format of the instructions was not protected. So Zilog could make a CPU that used the same binary.
Other cases were different and Intel took them to court.
Was the chip a legal work-a-like or not. I have seen nothing stating this part was not legal.
Chip maker could not have said it was a FTDI chip
If legal, chip maker could have said almost anything else.

Past this I just see Bad acts with some not legal

With a showing of harm, you have non-functioning work-a-like & harm caused by sending data not sent to driver, FTDI would lose on liability.

I think the whole supply chain would do better just stating the truth.
If sold as a clone or work-a-like, fine, if not then remove it from supply assuming work-a-like was NOT legal.

Electronics industry has a lot of businesses that make a legal copy of something.
For the computer side this is also true.

 SiliconWizard, nice list
but one problem here is that you may not need the authorization.
So "Copies of products: " you have two sub categories for authorization

Peabody
You might be thinking the wrong way.
As I have stated a tiny hole is a problem.
You should do all you can do easily.
They used a back door on you, Do the same to them each place you can.
In the USA you have copyright, trademarks that can protect a part.
For example, make it easy for all to find who is allowed to make this. A document on your web site.
Make it easy for customs.
Check legal but you might be able to have a web page stating  that ebay or allexpress are selling clones.

And still do all you can with STM32.
In the USA last I knew a copywrite message in the chip was good.
 

C

[ataradov]

If you side with chip maker then The tire maker can come and do anything to your car tires.

If I agreed in a contract that tire maker can slash my tires, then yes they can do so.

Chip vendor has no way to install new drivers (if Microsoft does not push them, but that's a different story). You chose to update the drivers and if something broke, intentionally or due to some bug, vendor is not responsible according to the driver EULA.

You can find many cases where INTEL made a bad chip and replaced it, just like a tire maker has to replace defective tires.

Examples?

[SiliconWizard]

(...) But AliExpress and Ebay then refused refunds to customers on the ground that what they received was genuine.  So the customers were royally screwed.  And in fact the counterfeits are still being sold on both sites, which I think is shameful.  So now the company is trying to prevent that on the next product, if possible.

Not meaning to be rude to AliExpress or eBay, but I wouldn't count those two as reputable retail channels. 
I rather see those as some kind of giant flea markets. I still use them occasionally. Flea markets can be fun.

[ataradov]

I agree. Anything I buy on eBay or AliExpress, I just assume to be fake and set my price expectations accordingly.

[ataradov]

One well known case being Intel replaced defective IVB/SNB-era PCH chips. Owners of affected motherboards can go to their mobo manufacturer and request a replacement. Intel screwed up by using Vcore thin oxide on Vpll circuitry, hence TDDB caused ridiculously low reliability on affected chips.

I don't believe they were mandated to do this, they just did not want to lose customers. And this is a problem that is in the design of the product, not something that happened later.

There is some talk that Intel will have to do something about performance-affecting Meltdown microcode patches, but I don't know what will come out of this. And the worst case scenario they will be caught in a contract violation with large data centers.

If company destroys their product through an update on purpose, they are pretty much committed to going out of business, and probably don't care much about the customers. And company can do that, if they chose to do so.

[Kjelt]

ataradov & SiliconWizard
Simple questions:
1. who owns all your computer equipment?
2. who has liabilities for improper function? 

You are asking the wrong questions, you are HW thinking but you should be system thinking.
The real and only question is:

- Who owns the legal rights to the FTDI driver software ?
The subquestion is:
- Who has the right to use that driver sw for their own fabricated chips ?

You are mistaken to think that if Company A writes a driver for their ic , that company B can (mis) use it also legally and get away with it.
This is not the case.

You claim PC clones, where Compaq reverse engineered the BIOS software and rewrote it from scratch to get out under legal issues.
If Compaq re-used the BIOS 1:1 they would have lost the courtcase and no-one would have heard of them.

You talk about USB ID's which is totally besides the point. If it were only a USB ID then why do my other brand USB-COM converters do not work with the FTDI drivers but need their own special driver installed ?
Why do some older USB-COM converters only work with older SW and not with the latest drivers and is this explicitly mentioned in the documentation of the newer drivers?

You are trying to talk a bent banana straight (dutch saying).

[iMo]

The end user is the one (unknowingly) installing FTDI drivers, which is illegal.

A "standard buyer" is not able to distinguish whether a product he/she purchased on "the market" in "good faith" is a "clone" or not. If he/she acquired a chip sold as "XYZ" and the "OS" installs a driver for it, he/she is definitely not liable for any damages or losses, direct or subsequent, caused to any "party" involved.

You cannot prevent cloning. You may file a "patent" or register a "trade mark", etc., when you consider your product is somehow special.

This topic is pretty complex stuff and even the experts in this area have usually problem to deal with such a Case.

Thus let us focus on issues in electronics we understand better

[Kjelt]

The end user is the one (unknowingly) installing FTDI drivers, which is illegal. The cloning company might be held responsible for inducing the user to conduct illegal acts, but the cloning company itself doesn't breach license agreements at all, unless it provides download for FTDI drivers on their websites.

If you are talking law, there is no law that prevents a sw manufacturer to do what FTDI did.
They even stated the possible side effects in their EULA:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

It is only the bad publicity that they reversed their driver software.

Now we can argue all day but the law is not helpfull in this situation. In fact what FTDI did with their software is what is going on dayly with illegal import products, they are destroyed at the customs entry of the EU, USA etc. The customer is screwed since the stuff is not delivered and (s)he should see how to get their money back.

[Kjelt]

The end user is the one (unknowingly) installing FTDI drivers, which is illegal.

A standard buyer is not able to distinguish whether a product he/she purchased on the market in good faith is a clone or not. If he/she acquired a chip sold as "XYZ" and the OS installs a driver for it, he/she is definitely not liable for any damages or losses, direct or subsequent, to anybody.
You cannot prevent cloning. You may file a patent or register a trade mark when you consider your product is somehow special.
This topic is pretty complex stuff and even the legal experts have usually problem to deal with such a Case.

So, if tomorrow a chip is sold on the market that destroys itself when a FTDI driver is run instead of their own driver than MS or FTDI would be accountable ?
How could MS / FTDI prevent this from happening exactly if the chip manufacturer re-uses their ID ?
The only solution to this is that MS will ask each user each time if they accept to install a driver for that product.

[iMo]

The end user is the one (unknowingly) installing FTDI drivers, which is illegal.

A "standard buyer" is not able to distinguish whether a product he/she purchased on "the market" in "good faith" is a "clone" or not. If he/she acquired a chip sold as "XYZ" and the "OS" installs a driver for it, he/she is definitely not liable for any damages or losses, direct or subsequent, caused to any "party" involved.

You cannot prevent cloning. You may file a "patent" or register a "trade mark", etc., when you consider your product is somehow special.

This topic is pretty complex stuff and even the experts in this area have usually problem to deal with such a Case.

Thus let us focus on issues in electronics we understand better

[SiliconWizard]

So, if tomorrow a chip is sold on the market that destroys itself when a FTDI driver is run instead of their own driver than MS or FTDI would be accountable ?
How could MS / FTDI prevent this from happening exactly if the chip manufacturer re-uses their ID ?
The only solution to this is that MS will ask each user each time if they accept to install a driver for that product.

It's obviously the chip manufacturer's responsibility. Re-using proprietary USB IDs that you don't own or have been granted authorization of use (such as if you buy from FTDI AND use their standard IDs, which FTDI permits, but obviously doesn't if you use pirate copies of their chips) is wrong, deceitful and probably illegal. It's just pirating.

[C]

A look back and you will find,
Mouse with switches that selected the com mode
Keyboards with switches selecting mode.
Printers, disk drive controllers and more.

The FTDI chip it's self allows changing USB ID's.

And there are valid legal reasons for these to exist.

From what I have seen the chip is a work-a-like.
Did the chip maker create software?
Most assume chip maker did not, but I have seen nothing valid ether way.
If initial design was for linux which does NOT use FTDI driver, did they need to create a driver?

Was it the Chip Maker that set the ID or someone else?
Again I think this is unknown.

FTDI original driver did not set the ID of the chip. A different FTDI program did that.

Many replies make the bad assumption that Windows is the only USB HOST in the world.
Open your eyes, it's NOT.
There are many devices that are USB Hosts and do Not allow a change of drivers. That pick a default standard for connected devices.
For these the user has only one choice, buy what works.

EULA's are often not legal or not enforcible.
Again a lot of assuming.

A chip maker does not get to decide what becomes the default standard.

Their are two sides to each coin.

A lot here are arduino users here, Would it be all right for makers of arduino IDE and some boards to make a software change making all the arduino work-a-likes stop functioning?


C




 

[Koen]

"STM32 - can cloning be prevented?" was an interesting topic. Could we get back to it ?

[helius]

"STM32 - can cloning be prevented?" was an interesting topic. Could we get back to it ?

Excellent suggestion.

This paper presented at last year's USENIX details three approaches to overcome the firmware protections in the STM32. RDP Level 2 can be downgraded to Level 1 after decapsulating the chip and exposing it to UV light. In RDP Level 1 the debug interface is active and exploits against it can be used.

[MrAureliusR]

Quote from: Peabody on 06-05-2018, 08:24:51

I've been helping as an alpha tester for a new electronics test gear product.  The company's previous product was very widely copied, including their company and product names. So not just cloned, but counterfeited.  The new product will likely use an STM32F303, and the crypto chip ATSHA204A is also available in the design.  The product has to be firmware upgradeable.

From my research, it appears the read protect function for the STM32 parts, as well as for processors of almost all brands, presents only a temporary stumbing block for the cloner.  There appear to be multiple vulnerabilities, and there's even a Youtube video showing a guy reading out the firmware from a STM32F0xxx part that has the level 1 option set.  And even if that worked, the cloner could just download the first firmware update and be in like Flynn.  By the way, do people younger than me even know who Flynn was?

Anyway, it seems to me there is no solution to this problem if that solution requires keeping the firmware secret.  Is there any other kind of solution that might make use of the ATSHA204A?  I'm thinking of some kind of crypto function that would have to work before the firmware would run.  Or possibly a major portion of the firmware would have to be decrypted on each boot, and run from RAM.   That would require that the firmware updates would have to individualized to each device so as to match the unique innards of each ATSHA204A, but that could be done.

Is there any guidance online on how to actually prevent cloning/counterfeiting of products using microcontrollers?
Or is this really just hopeless?

Tell them to use the movfuscator XD https://github.com/xoreaxeaxeax/movfuscator
It's a compiler which turns any code into just MOV instructions. It's only written for x86 but I bet it could be adapted to any architecture... the guy who wrote it also did this insane project that would turn the code flow diagrams in IDA into images like "Nice try" etc... absolutely hilarious!

(No, this isn't a fully serious suggestion, but extreme obfuscation could actually work in delaying them enough for the company to turn a profit. China WILL clone it if it's worth cloning, all you can do is delay it. Their court system is a joke. If the company doesn't have trusted vendors like the huge OEMs do, then the firmware and stuff will leak if it's assembled there.)

[luiHS]

 
Any microcontroller that stores the program without encryption can be cloned. No matter what technique you use, someone can always dump that flash, normally deactivating the reading protection fuse, once the encapsulation with acid has been eliminated and the chip put under the microscope.

One solution would be to work with microcontrollers that store the encrypted program, and decrypt it at runtime. I think that the new series i.MX RT1020 / 1050/ 1060 of NXP can store the encrypted program, in fact it is almost mandatory for a commercial product, since these microcontrollers do not have internal flash, it has to store the boot system and program in external memories (QSPI, Hyperflash), or SD card, and these can be encrypted.

Some time ago I also saw some MAXIM microcontrollers that stored the encrypted program, and they decrypted it at runtime.
https://www.maximintegrated.com/en/products/embedded-security/secure-microcontrollers.html

[Marco]

Looks like another NDA only chip.

[amyk]

One solution would be to work with microcontrollers that store the encrypted program, and decrypt it at runtime. I think that the new series i.MX RT1020 / 1050/ 1060 of NXP can store the encrypted program, in fact it is almost mandatory for a commercial product, since these microcontrollers do not have internal flash, it has to store the boot system and program in external memories (QSPI, Hyperflash), or SD card, and these can be encrypted.

Some time ago I also saw some MAXIM microcontrollers that stored the encrypted program, and they decrypted it at runtime.
https://www.maximintegrated.com/en/products/embedded-security/secure-microcontrollers.html

Extracting the key might be hard for "young players" but if your product is worth enough, people will do it.

Ultimately, if the bulk of the functionality in your product is contained inside it, no matter how obfuscated or protected it is, you can crack it. This is like the "axiom of software cracking" --- you have the whole environment that can run it, you can also analyse it to your heart's content. This also explains the whole move to "cloud services" --- the software isn't available to the user anymore.