Author Topic: Copy PIC soldered on board?  (Read 10413 times)

0 Members and 1 Guest are viewing this topic.

Offline ddsTopic starter

  • Contributor
  • Posts: 47
  • Country: 00
Copy PIC soldered on board?
« on: October 18, 2010, 01:45:35 pm »
Hi,

Is it possible to copy firmware from PIC (say PIC16F873A) which is already soldered on the board, if yes how? Just curious :)

Thanks.
 

Offline dimlow

  • Frequent Contributor
  • **
  • Posts: 301
  • Country: gb
  • Likes to be thought of as
    • Dimlow Ponders
Re: Copy PIC soldered on board?
« Reply #1 on: October 18, 2010, 01:57:42 pm »
I was going to answer this, then i thought, but what if dds was going to copy my work? Would i be happy with this ? So i didnt
 

Offline migsantiago

  • Frequent Contributor
  • **
  • Posts: 381
  • Country: 00
    • MigSantiago's Web Site
Re: Copy PIC soldered on board?
« Reply #2 on: October 18, 2010, 02:22:15 pm »
Hi,

Is it possible to copy firmware from PIC (say PIC16F873A) which is already soldered on the board, if yes how? Just curious :)

Thanks.

You have to unsolder it if there are no visible ICSP pins.

And the people who wrote the code for that PIC might have copy-protected it. So... it's a long shot.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #3 on: October 18, 2010, 04:55:42 pm »
You have to unsolder it if there are no visible ICSP pins.
And the people who wrote the code for that PIC might have copy-protected it. So... it's a long shot.
you can possibly tap the ICSP pins, but only if the circuit allows it and designed accordingly. but if its copy protected, then you'll have to use x-ray machine that nobody here could possibly afford it.
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

alm

  • Guest
Re: Copy PIC soldered on board?
« Reply #4 on: October 18, 2010, 05:17:27 pm »
you can possibly tap the ICSP pins, but only if the circuit allows it and designed accordingly. but if its copy protected, then you'll have to use x-ray machine that nobody here could possibly afford it.
Or you can pay some company to etch open the IC and disable the protection fuses for (a little over) a few bucks.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #5 on: October 18, 2010, 05:32:35 pm »
Or you can pay some company to etch open the IC and disable the protection fuses for (a little over) a few bucks.
but i believe that kind of company (or more precisely... service) is not available in western or near our region country. perharps in China. so i should add, you have to buy 2way ticket to China to pay to the company ;D ... with condition.... you are not in China! :P
« Last Edit: October 18, 2010, 05:37:55 pm by shafri »
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline ddsTopic starter

  • Contributor
  • Posts: 47
  • Country: 00
Re: Copy PIC soldered on board?
« Reply #6 on: October 18, 2010, 05:53:40 pm »
Could be a possibility to connect PickIt 3 programmer/debugger to PIC16F873A soldered on board and  copy contents of it?

 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18017
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Copy PIC soldered on board?
« Reply #7 on: October 18, 2010, 05:59:45 pm »
it will depend on the circuitry around the pic, to much capacitance or too low resistance will upset the signals integrity
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #8 on: October 18, 2010, 06:13:15 pm »
Could be a possibility to connect PickIt 3 programmer/debugger to PIC16F873A soldered on board and  copy contents of it?
yes, there is possibility, but as i and Simon said, it depends. the only thing for sure is you can do what ppl have suggested here, click the "Read" button. if its succesfull or not, then i'll be glad to hear from you and see the picture of your circuit. if its not success then perharps we all will be glad to analyze your picture why its cant. Cheers ;)
if you have dismantled it from the circuit and still no success, then you can refer to the above posts indicating you have to buy 2way ticket ;)
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline ddsTopic starter

  • Contributor
  • Posts: 47
  • Country: 00
Re: Copy PIC soldered on board?
« Reply #9 on: October 18, 2010, 06:25:54 pm »
I always wanted to see Shenzhen ;)
 

alm

  • Guest
Re: Copy PIC soldered on board?
« Reply #10 on: October 18, 2010, 06:33:50 pm »
but i believe that kind of company (or more precisely... service) is not available in western or near our region country.
I believe it is also available within Silicon Valley.

perharps in China. so i should add, you have to buy 2way ticket to China to pay to the company ;D ... with condition.... you are not in China! :P
Either that, or a stamp, whichever is cheaper ;).
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #11 on: October 18, 2010, 06:37:04 pm »
I always wanted to see Shenzhen ;)
I always wanted to see Shenzhen girls ;D. (the real one, not in the net) :D

I believe it is also available within Silicon Valley.
and the silicon girls :P
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline marianoapp

  • Regular Contributor
  • *
  • Posts: 67
Re: Copy PIC soldered on board?
« Reply #12 on: October 18, 2010, 08:12:00 pm »
I remember reading about a method to read the contents of a protected pic, it involved erasing the pic and measuring the current consumption change during the process. The idea is that when the pic is changing a bit from 1 to 0 (or the other way around, I can't remember) it uses more power than if the bit is already a 0.

The downside is that you have only one chance to do it right.


[if you're trying to steal someone else's work, don't]
 

Offline JohnS_AZ

  • Frequent Contributor
  • **
  • Posts: 499
  • Country: us
    • About.me
Re: Copy PIC soldered on board?
« Reply #13 on: October 18, 2010, 08:25:35 pm »
I'm trying to think of a reason to do this that doesn't involve stealing someone else's software.

Step 1- Learn PIC programming.
Step 2- Write your own code.
I'm either at my bench, here, or on PokerStars.
 

Offline ddsTopic starter

  • Contributor
  • Posts: 47
  • Country: 00
Re: Copy PIC soldered on board?
« Reply #14 on: October 18, 2010, 08:30:26 pm »
I remember reading about a method to read the contents of a protected pic, it involved erasing the pic and measuring the current consumption change during the process. The idea is that when the pic is changing a bit from 1 to 0 (or the other way around, I can't remember) it uses more power than if the bit is already a 0.



Do you think of this: http://en.wikipedia.org/wiki/Power_analysis

?

 

Offline ddsTopic starter

  • Contributor
  • Posts: 47
  • Country: 00
Re: Copy PIC soldered on board?
« Reply #15 on: October 18, 2010, 08:38:25 pm »
I'm trying to think of a reason to do this that doesn't involve stealing someone else's software.

Step 1- Learn PIC programming.
Step 2- Write your own code.


Nothing will be stealed or used commercially or published ..actually lot of *very* similar products are open sourced with blueprints flying all over Internet :) But you're right..I should go first through steps 1 and two :)
 

Offline migsantiago

  • Frequent Contributor
  • **
  • Posts: 381
  • Country: 00
    • MigSantiago's Web Site
Re: Copy PIC soldered on board?
« Reply #16 on: October 19, 2010, 02:08:43 am »
I remember reading about a method to read the contents of a protected pic, it involved erasing the pic and measuring the current consumption change during the process. The idea is that when the pic is changing a bit from 1 to 0 (or the other way around, I can't remember) it uses more power than if the bit is already a 0.

The downside is that you have only one chance to do it right.


[if you're trying to steal someone else's work, don't]

That's an interesting theory.

What I'm not so sure of is... in order to erase a PIC, a single command is sent, so you can't actually have an exact timing or clock source to sample the current consumption.

I mean, every PIC must have a different erasing time. So, how would you know when a 1 is being erased or a 0?

A neat theory... any one interested in working it out?  ;)
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #17 on: October 19, 2010, 03:51:41 am »
That's an interesting theory.
What I'm not so sure of is... in order to erase a PIC, a single command is sent, so you can't actually have an exact timing or clock source to sample the current consumption.
I mean, every PIC must have a different erasing time. So, how would you know when a 1 is being erased or a 0?
A neat theory... any one interested in working it out?  ;)
or maybe we make a device to sense the electromagnet around it. who knows, when erasing 0,1... there will be some electromagnet signature for it?
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline joelby

  • Frequent Contributor
  • **
  • Posts: 634
Re: Copy PIC soldered on board?
« Reply #18 on: October 19, 2010, 04:36:09 am »
There's some good introductory information on reverse engineering at http://www.cl.cam.ac.uk/~sps32/mcu_lock.html . The invasive PIC attacks sound incredibly straightforward!

The remainder of this researcher's pages talk about more sophisticated attacks such as timing and power analysis.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #19 on: October 19, 2010, 10:13:19 am »
good info! for criminal and soldiers in war i think.
« Last Edit: October 19, 2010, 10:29:41 am by shafri »
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline Zero999

  • Super Contributor
  • ***
  • Posts: 19895
  • Country: gb
  • 0999
Re: Copy PIC soldered on board?
« Reply #20 on: October 19, 2010, 11:37:21 am »
Bah, I don't like copy protection and will never use it myself, unless I have to do something for a company which pays me a lot. ;) I see deliberatively stopping the customer from seeing how a product works is kind of deceitful in itself.

As far as so called code theft is concerned, you're not really stealing anything, yes it's breaking the law but it's classed as copyright violation not theft. Code protection doesn't actually stop big companies from using code written by others because they can afford to get the code protection circumvented. Code protection just makes it harder for hobbyists to learn and repair devices, like any other form of DRM it inconveniences the honest majority more than those who want to commit software piracy.
 

Offline cybergibbons

  • Frequent Contributor
  • **
  • Posts: 400
Re: Copy PIC soldered on board?
« Reply #21 on: October 19, 2010, 09:28:59 pm »
I've attempted to use differential power analysis to look into what was going on inside a PIC clone. Hmm. It's not very easy to do really, especially with hobbyist level equipment.

You stick a small value resistor in the ground line of the processor and measure the voltage. Too low a resistance and you lose the data in the noise, too high and the processor drops out.

The memory depth (2Msamples) on my scope is very limiting, as well as the speed at which I can shift it out to my computer (10-15mins). I can't capture an entire sequence from start to finish (as I could really be doing simple power analysis if I could), so I need to carefully trigger the capture at several different points. Then I need to do this many times, and perform autocorrelation in both time and sample direction.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11710
  • Country: my
  • reassessing directives...
Re: Copy PIC soldered on board?
« Reply #22 on: October 19, 2010, 11:18:08 pm »
@cyber: so meaning, you are close... and there is possibility to observe the data, given a bit of higher spec'ed gear?
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline Murphy

  • Regular Contributor
  • *
  • Posts: 54
Re: Copy PIC soldered on board?
« Reply #23 on: October 24, 2010, 07:22:48 pm »
Interesting!
What about using a comparator circuit and a logic analyzer (or bus pirate?)?
 

Offline cybergibbons

  • Frequent Contributor
  • **
  • Posts: 400
Re: Copy PIC soldered on board?
« Reply #24 on: October 31, 2010, 09:20:58 pm »
It's not so much that you can work out the code inside the chip - really it is useful when you suspect the chip is using a certain algorithm. You can tell the difference between reading from registers, RAM, and flash. You can also identify different mathematical functions.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf