Author Topic: STM32 - can cloning be prevented?  (Read 7459 times)

0 Members and 2 Guests are viewing this topic.

Offline Peabody

  • Frequent Contributor
  • **
  • Posts: 275
  • Country: us
STM32 - can cloning be prevented?
« on: May 07, 2018, 12:24:51 am »
I've been helping as an alpha tester for a new electronics test gear product.  The company's previous product was very widely copied, including their company and product names. So not just cloned, but counterfeited.  The new product will likely use an STM32F303, and the crypto chip ATSHA204A is also available in the design.  The product has to be firmware upgradeable.

From my research, it appears the read protect function for the STM32 parts, as well as for processors of almost all brands, presents only a temporary stumbing block for the cloner.  There appear to be multiple vulnerabilities, and there's even a Youtube video showing a guy reading out the firmware from a STM32F0xxx part that has the level 1 option set.  And even if that worked, the cloner could just download the first firmware update and be in like Flynn.  By the way, do people younger than me even know who Flynn was?

Anyway, it seems to me there is no solution to this problem if that solution requires keeping the firmware secret.  Is there any other kind of solution that might make use of the ATSHA204A?  I'm thinking of some kind of crypto function that would have to work before the firmware would run.  Or possibly a major portion of the firmware would have to be decrypted on each boot, and run from RAM.   That would require that the firmware updates would have to individualized to each device so as to match the unique innards of each ATSHA204A, but that could be done.

Is there any guidance online on how to actually prevent cloning/counterfeiting of products using microcontrollers?
Or is this really just hopeless?

 

Offline sokoloff

  • Frequent Contributor
  • **
  • Posts: 701
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #1 on: May 07, 2018, 12:27:37 am »
Posting to follow.
 

Offline Rasz

  • Super Contributor
  • ***
  • Posts: 2094
  • Country: 00
    • My random blog.
Who logs in to gdm? Not I, said the duck.
My fireplace is on fire, but in all the wrong places.
 
The following users thanked this post: agehall

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4706
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #3 on: May 07, 2018, 04:38:36 am »
If you can't consider chip locking to be good enough, then there is really nothing you can do. You can encrypt firmware updates, that's not a problem at all. But decryption key will have to be stored inside the device, so once you have access to the flash contents, you will have the key. But you will also have the firmware to begin with.

You can look at ECC508 and similar chips. They can provide certain protection against clonning. But depending on what the product does, clonners can just re-implement the firmware on their own.
Alex
 

Offline mac.6

  • Regular Contributor
  • *
  • Posts: 129
  • Country: fr
Re: STM32 - can cloning be prevented?
« Reply #4 on: May 07, 2018, 05:46:45 am »
What you need is secure boot and firmware encryption. Only a few little microcontroller have this option, I recently work on romcode of one, but it's still not openly available.

In this case the firmware key is not stored in flash but fused into the device and cannot be read back (unless decaped and reverse engineered).
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 4889
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #5 on: May 07, 2018, 06:59:20 am »
As mac.6 says is correct if the uC has no special security functionality which almost none have you have an issue.
What you could do to to minimize the issue is indeed give each individual uC its own key (secret device key) and firmware updates have to be unique to some extent also.
Then when a clone shows up in the market you buy it and check the device key , then you blacklist that device, eg no longer issue a firmware for that key.
Now you think you can do this but it takes a lot from the factory and service organization to do this. Best way is to automate it and only allow online firmware updates where you can directly log the ip address of the clones if needed.
You could issue a fake firmware update for those devices that will render the device useless but be carefull with that since the famous ftdi case was clear that some buyers had no clue their device was fake.
I don't know the capabilities of your device but you could in such cases warn the user the device is fake and that they should contact their seller and revert to the simplest earliest firmware and keep the device working.

But in short no you can not prevent cloning of uC's so think of usecases how to deal with clones and blacklist them.
« Last Edit: May 07, 2018, 07:01:50 am by Kjelt »
 
The following users thanked this post: Psi

Offline Peabody

  • Frequent Contributor
  • **
  • Posts: 275
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #6 on: May 07, 2018, 07:16:10 am »
Asking you instead of hiring specialist consulting firm is a signal they dont care all that much.


They didn't ask me.  All I'm supposed to do is test the UI.  But I was aware of their previous troubles and wondered if anyone had come up with a system that is foolproof (so far).  So far as I know, they are planning to tie the STM32F303 to the ATSHA204A in some way so that the processor will not operate without it's own ATSHA204A being present.

But I don't think that solves anything.  If the cloner can get a copy of the firmware, he can modify it so the processor no longer communicates with the ATSHA204A, and he can use that modified version in his own copy of the device.  Of course it won't be updatable with genuine firmware, but the damage (the initial sale of the clone, which by the way works just like a genuine one) will have been done.

I don't know if they've hired a consultant, but I doubt it.  Anyway, I don't have a solution to the problem, and was hoping someone here knew of one.



 

Offline Yansi

  • Super Contributor
  • ***
  • Posts: 1789
  • Country: 00
  • STM32, STM8, AVR, 8051
Re: STM32 - can cloning be prevented?
« Reply #7 on: May 07, 2018, 07:31:11 am »
... a Youtube video showing a guy reading out the firmware from a STM32F0xxx part that has the level 1 option set.  And even if that worked, the cloner could just download the first firmware update and be in like Flynn.  By the way, do people younger than me even know who Flynn was?

That vulnerability is only exploitable on STM32F0 series, not others.

Not sure if younger, but Dave already explained in his vijeos on some occasions, who Flynn was.
 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 11465
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: STM32 - can cloning be prevented?
« Reply #8 on: May 07, 2018, 09:21:16 am »
Typical example of how to do that, look at cell phones, or game consoles.

At the most basic, there's a hypervisor: a CPU running from internal mask ROM, including onboard keys (and some other obfuscation features, like extra metallization layers to frustrate decapping, and supply glitch reset circuitry).  It only talks to the boot ROM.  During boot, it checks if the code is encrypted and signed.  If so, it decrypts it to RAM, and the CPU boots.  Otherwise the CPU is held in reset.  No functions are provided to control or manage the hypervisor, nor any BIOS functions are provided by it -- as these could provide a route to reading out its code.

What's an obvious problem with this?  Well, if the update goes wrong, it's bricked.  That kind of stinks.  You might use a staged bootloader process, where there's a secured Flash area, that provides BIOS functions and a recovery screen; and maybe this region can be updated as well (hence Flash versus more mask ROM), but only with signed data (maybe the hypervisor could be called upon to validate a RAM buffer), and only when provided with a separate key (so that, if the bootloader is compromised, the hypervisor is not).

And so on; there are many convenience features that can be added, but each one must be checked for security, and not just individually, but against each other, because emergent patterns can arise even from individually-secure functions.

The hypervisor, by the way, would be a chip that you carefully control the design, production and distribution of.  It's the key to making everything work.  As it verifies and decrypts the boot ROM image (at least in part -- hopefully the whole thing, so that any aberration can be detected, and a suitable fallback executed instead), it can't be bypassed (the CPU isn't running at all yet), and it can't be modified (mask ROM).  (Again, hopefully -- but every function added to it, is another risk that it can be affected somehow.)  It is a single point of failure (once the keys are uncovered, anyone can sign and encrypt their own binaries).  What you might do in production, is assemble and build the systems in China, except for the key store, or hypervisor chip, or whatever.  That way, the system is little more than a brain-dead, useless dev kit, until it is unlocked by the OEM in the final stage of manufacture.

There can be no perfect system, of course, but learning from others' mistakes can at least be helpful.  The Black Hat links above look like just such a thing.

And also in the news, Linux is now running on Switch, thanks to some boners in the hardware that didn't take very long to figure out...

Tim
« Last Edit: May 07, 2018, 09:28:35 am by T3sl4co1l »
Seven Transistor Labs, LLC
Electronic Design, from Concept to Layout.
Need engineering assistance? Drop me a message!
 

Offline westfw

  • Super Contributor
  • ***
  • Posts: 2651
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #9 on: May 07, 2018, 09:34:05 am »
Quote
The company's previous product was very widely copied
What processor did the previous product use, and how was IT protected?
The "read protection" is certainly SUPPOSED to be sufficient (combined with encrypting SW-update procedure for upgrades, of course.)  If you REALLY care, you need to pay attention to which chips have "known and easy vulnerabilities."  Almost any chip can probably be hacked, but it can be a level of effort that not a lot of cloners will attempt except for REALLY VALUABLE end-markets.  Sort of like "locking my car is pointless because it has glass windows anyway" - not really true.  (OTOH, I've heard of people explicitly NOT locking their cars, because having someone break a window looking for valuables that aren't there is expensive and especially frustrating.)
 

Online blueskull

  • Supporter
  • ****
  • Posts: 10071
  • Country: cn
  • Power Electronics Guy
Re: STM32 - can cloning be prevented?
« Reply #10 on: May 07, 2018, 09:44:49 am »
Protection should only be done to a certain level. Over protection makes no purpose. If I have to spend $100k to clone your product, I can simply reverse engineer your product (from its marketing materials, PCB component configuration and from sniffing communication buses) and re-engineer my own implementation for less.
SIGSEGV is inevitable if you try to talk more than you know. If I say gibberish, keep in mind that my license plate is SIGSEGV.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 8184
  • Country: my
  • reassessing directives...
Re: STM32 - can cloning be prevented?
« Reply #11 on: May 07, 2018, 10:17:23 am »
Sell at cheaper than clone and no bloody one will be interested at cloning yours.
if something can select, how cant it be intelligent? if something is intelligent, how cant it exist?
 
The following users thanked this post: xaxaxa

Offline Peabody

  • Frequent Contributor
  • **
  • Posts: 275
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #12 on: May 07, 2018, 02:31:52 pm »
I appreciate all the comments and suggestions.  This product will probably sell for less than $50.  So I suspect there's a limit as to how much hardware and engineering time can be devoted to making it clone proof, but I'm sure they will do what they can within the limits they face.

I don't know what was done to protect the previous product.  Whatever it may have been wasn't enough.  The cloners reproduced the case, the display, the boards and silkscreens, and of course the firmware.  When people tried to return the fakes to Ebay or AliExpress sellers, the cloners produced documents to the sites showing they had been licensed to manufacture and sell the devices as genuine devices, all of which were complete fakes and forgeries.  So it was pretty much a disaster from the beginning, and Ebay and AliExpress were no help.  I believe buyers of fakes from those sites were typically offered only token refunds, if any at all.

I'm sure the manufacturer will make more of an effort this time, but I just hope they don't fall victim to the FTDI effect.  You can't go bricking something that the customer didn't know was a fake when he bought it.

I was just hoping there was an app note somewhere on how to do this protection effectively from start to finish.  But I think the problem is that so much of the security effort is devoted to prevent "hacking" the device - taking over the device or modifying what it does.  But that really isn't the problem for anti-cloning.  You just need to make the cloner write his own firmware if he wants to copy the device.
 

Offline MosherIV

  • Frequent Contributor
  • **
  • Posts: 968
  • Country: gb
Re: STM32 - can cloning be prevented?
« Reply #13 on: May 07, 2018, 07:32:05 pm »
Build in a serial number into the device, make sure it is located somewhere where it looks like parts of the binary, eg at the ned of the executable binary or in area of emulated EEPROM in flash.
The serial number may need to be encoded in some way, at least so that it is not directly obvious when looking at the raw Intel/Motorola Hex when ready out with a programmer.
(The idea is to make it look like the serial difficult to identify)
Make sure the procedure for entering the serial number is no overly complicated eg as part of the flashing process, there is a part that enters the serial number.

When the cloner come along, they will not realise and clone the serial number.

You should then be able to trace who the original was sold to.
 

Offline agehall

  • Regular Contributor
  • *
  • Posts: 177
  • Country: se
Re: STM32 - can cloning be prevented?
« Reply #14 on: May 07, 2018, 08:24:45 pm »
Build in a serial number into the device, make sure it is located somewhere where it looks like parts of the binary, eg at the ned of the executable binary or in area of emulated EEPROM in flash.
The serial number may need to be encoded in some way, at least so that it is not directly obvious when looking at the raw Intel/Motorola Hex when ready out with a programmer.
(The idea is to make it look like the serial difficult to identify)
Make sure the procedure for entering the serial number is no overly complicated eg as part of the flashing process, there is a part that enters the serial number.

When the cloner come along, they will not realise and clone the serial number.

You should then be able to trace who the original was sold to.

And how does that prevent the cloning?
 

Offline MosherIV

  • Frequent Contributor
  • **
  • Posts: 968
  • Country: gb
Re: STM32 - can cloning be prevented?
« Reply #15 on: May 07, 2018, 09:00:00 pm »
Quote
And how does that prevent the cloning?

It does not directly stop the cloning.

You are all trying to find a technology driven approach, I suggest a businese driven approach.
Try and track down who is doing the cloning, you can then try leagal means or just stop selling to them in future.
It does at very least present a means to detect clonned deviced ebause they will all have the same serial number.
 

Offline sokoloff

  • Frequent Contributor
  • **
  • Posts: 701
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #16 on: May 07, 2018, 09:10:59 pm »
Without a fair bit of effort to have the serial number change change lots of the binary, a cloner can buy two units, dump the firmware, and diff the dumps to find the serial number. For a $50 device, this is no hurdle whatsoever.
 

Offline Psi

  • Super Contributor
  • ***
  • Posts: 6413
  • Country: nz
Re: STM32 - can cloning be prevented?
« Reply #17 on: May 07, 2018, 10:29:16 pm »
i've heard you can deliberately burn out a flash/eeprom pattern into the IC before shipping via excessive writes, then have the firmware confirm this at startup.

Unless they think to check for this anyone copying your IC will copy it onto a new IC with good flash/eeprom and your code can detect it is running on copied hardware.

However i've never looked into implementing this sort of system myself.




Greek letter 'Psi' (not Pounds per Square Inch)
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 3635
  • Country: nl
Re: STM32 - can cloning be prevented?
« Reply #18 on: May 07, 2018, 11:14:28 pm »
In this case the firmware key is not stored in flash but fused into the device and cannot be read back (unless decaped and reverse engineered).

Ignoring hardware bugs you can't directly read back protected flash either, only the running firmware has direct access (on some microcontrollers not even the firmware for code only sections). Bugs and side channel attacks can reveal data in ROM as easily as flash.

IMO the ATSHA204A is only useful as a defense at the the firmware update process. Have the firmware update software check the authenticity of the product through the ATSHA204A.
« Last Edit: May 08, 2018, 12:00:47 am by Marco »
 

Offline MT

  • Frequent Contributor
  • **
  • Posts: 807
  • Country: fo
Re: STM32 - can cloning be prevented?
« Reply #19 on: May 07, 2018, 11:33:47 pm »
Another way for 50 dollar mass volume products is simply go the other route, use courts and sue for counterfeit.
Also as a US based company you have the luxury of direct legal channel to ask for ,dont remember whats its called, homeland patriotism or so to block foreign imports if it hurts domestic manufacturing.There is a known case of a US TV manufacturer who used this and won. Or just bribe your legislator.
 

Offline MosherIV

  • Frequent Contributor
  • **
  • Posts: 968
  • Country: gb
Re: STM32 - can cloning be prevented?
« Reply #20 on: May 07, 2018, 11:45:52 pm »
So another solution based on technology.....

Similar to what I said before but this time have a 3 part CRC/checsum for the binary, stored just after the binary in flash.
The first part is the actual CRC or checksumming of the binary
Second part, use 32/64 bit epoch time stamp, which must be written prior to the checksum. The timestamp may be the date the unit was programmed or commission (but must be different for every unit)
Third part is to used the ATSHA device to generate a hash number based on both the CRC/checksum and the timestamp.

The code must check at startup the CRC/checksum, take the epoch timestamp and pass both into the ATSHA to re-generate the hash number, if this does not match the one stored then stop the unit from working.

Many companies do something similar for software enabled features

Edit. For some additional security, add some checks on the epoch time stored to make sure the time is valid, ie after the product is released but before something stupid like next century
« Last Edit: May 07, 2018, 11:50:36 pm by MosherIV »
 

Offline ajb

  • Super Contributor
  • ***
  • Posts: 1399
  • Country: us
Re: STM32 - can cloning be prevented?
« Reply #21 on: May 08, 2018, 12:39:37 am »
Just got this in an email from ST this morning, apparently Cube now has a secure firmware update module: http://www.st.com/en/embedded-software/x-cube-sbsfu.html

Of course it's cube, so it will have the usual tradeoffs--the compiled size of the bootloader is will be of particular concern here, since that eats into available application space.
 

Offline agehall

  • Regular Contributor
  • *
  • Posts: 177
  • Country: se
Re: STM32 - can cloning be prevented?
« Reply #22 on: May 08, 2018, 12:51:40 am »
Quote
And how does that prevent the cloning?

It does not directly stop the cloning.

You are all trying to find a technology driven approach, I suggest a businese driven approach.
Try and track down who is doing the cloning, you can then try leagal means or just stop selling to them in future.
It does at very least present a means to detect clonned deviced ebause they will all have the same serial number.

But it's a really crappy solution which also punishes your actual customers. Just like those damn FBI warnings on movies that they insisted on putting on on all DVDs - you only got to see them and get annoyed by them if you paid for the DVD...
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 4706
  • Country: us
    • Personal site
Re: STM32 - can cloning be prevented?
« Reply #23 on: May 08, 2018, 02:25:27 am »
Of course it's cube, so it will have the usual tradeoffs--the compiled size of the bootloader is will be of particular concern here, since that eats into available application space.
How does this protect against flash dump? There is nothing you can do without underlying hardware support.

Quote
i've heard you can deliberately burn out a flash/eeprom pattern into the IC before shipping via excessive writes, then have the firmware confirm this at startup.
This is an urban legend, which is probably a modern interpretation of damaging tracks on diskettes and mapping the damage for copy protection. This will not work with Flash/EEPROM. And even if it did, it would take forever to achieve.
Alex
 

Offline JS

  • Frequent Contributor
  • **
  • Posts: 941
  • Country: ar
Re: STM32 - can cloning be prevented?
« Reply #24 on: May 08, 2018, 02:52:53 am »
...
The code must check at startup the CRC/checksum, take the epoch timestamp and pass both into the ATSHA to re-generate the hash number, if this does not match the one stored then stop the unit from working.
...

  Please, don't go the FTDI route, nobody likes that, customers who bought the item thinking it was genuine and get them bricked won't be happy with the company, it might hurt the company more than it helps by protecting it. Also they already bought it, so the counterfeit was already sold, the money is already loss.

  The other thing to consider is the market cycle of the product, if it will be obsolete or replaced with a better one in the next year counterfeiting it isn't as rentable as it is if the product would be selling for 10 years, in which case a bit more effort could be putted into protecting it.

  Hardware protection is also possible by making it harder to clone with ancient techniques of scraping part numbers, using custom part codes or potting the thing. Harder to service, specially with potting, but does work to some extent. That over some firmware protection and maybe using some custom parts if possible could make it hard enough to clone.

  A last option I could think is to make something as high security stuff is done, some case open detection which will brick the device, if it's battery powered might be even easier than if it hasn't a battery. When it detects the case is open it corrupts it's internal data and you can't clone it anymore. With the case closed you can't access the jtag/swd port, just some usb connection that's able to write the firmware update but not reading.

JS
If I don't know how it works, I prefer not to turn it on.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf