Protecting Intellectual Property

[ataradov]

I do agree. If I see something protected, I'd be more inclined to reverse engineer it just for the fun of it. And chances are the results would be published. So, ironically, not bringing too much attention to your security system is a much better approach. People that want to copy something, will do it no matter what. And you don't want to bring in the people doing it just for fun.

And yes, Xbox story is a REALLY good read if you have any interest in the topic at all - https://xboxdevwiki.net/17_Mistakes_Microsoft_Made_in_the_Xbox_Security_System

[james_s]

I was in some of the meetings where the hardware design and protection of the xbox was being discussed while under development. I had absolutely no part in cracking it and obviously I didn't say so at the time but I do recall being amused at how quickly it happened and I did modify my own unit. IMHO the mod chip unlocked capabilities that made it what it should have been in the first place. To this day I have all my games loaded onto a large internal hard drive, I used to take it over to friends houses and I'd just bring the unit and leave all the discs at home. Games loaded much faster too.

[dietert1]

Yes, the xbox hack is a must-read demonstrating how necessary hack resistance level depends on the product and how easy it is to make mistakes. "They thought nobody would be able to sniff hypertransport." Anyway there are thousands of hackers who think that Microsoft engineers aren't very bright and who want the credit for hacking their products. Nowadays companies contract hackers to verfy protection designs at the desired level.

Regards, Dieter

[Doctorandus_P]

@Doctorandus_P
...  and calling someones product a "cheap knockoff" is a harsh statement without even looking at the design .

You have completely misunderstood my intentions.
I never implied your product would be a "cheap knockoff".
What I meant is that someone else were to make a cheap knockoff of your product, then it is unlikely they would be able to sell in a market where quality and reliability is more important than price.
So my intentions ware nearly opposite to what you made of it, and I wish you lots of success with your product.

[onsenwombat]

Saw this and brought back some nice memories, so had to register.
As said, scrubbing off whatever markings from any and all of your parts is as effective measure as leaving your door unlocked, but leaving a note asking people kindly not to enter.
If and when any parts of your product sets their feet in the manufacturing world of China, buckle up. If anyone senses that there's some  money to be made by copying quite literally anything in your design, trust me, they'll go for it, and they'll go for it hard. Your BOMs will be known in seconds, as will any PCB gerbers be available from the neighbour's copyhouse in matter of days. Firmware binaries, if you're nuts enough to have your stuff programmed at these houses, yep, same stuff there. Anything and everything will be out.
But our legal will have fancy NDAs and whatnots. Sure they will, that won't change a thing.
In my handful of years in related industries, I've seen our products being copied, sometimes in quite interesting ways. So called "strictly confidential" FW-protections have found their ways to clever counterfeit artists to earn their honest bucks to name but a few.
I haven't quite followed what's the modern day method of securing your SoC/MCU/DSP/CPU/whatever you have as the brains of your beauty, but focus there. And this means some heavyweight enough measures to slow down the hackers. How heavy exactly, well, goes back to square one. If there's money to be made, you need to invest on this.
The professional reverse-engineer copiers are something I can't comment much as I've no first hand experience, but the manufacturing houses alone can be a serious problem if taken lightly. Trust me when I say that every single file you share with them, regardless of the legal jargon that might have been bundled with it, will one day be found from some shop floor computers. You know those with no password protection, free access to whoever technician pleases to toy around. And from there, well, who knows where, into the wide blue yonder.
In short, whatever you want to keep in house, keep in house. Not a single one of those Chinese PCBA fabs will keep your precious data within the scope you'd desire.

[Warpspeed]

Its always fascinated me how the Chinese can show incredible ingenuity and persistence to copy something else exactly, but almost zero ability to invent something truly original or new.

They even copy known weaknesses in the original design rather than think of a way to do it better.

I think most of us here can probably look back at some past project  in retrospect, and think of ways it could have been simplified or improved. 
Even if we do admit to copying someone else's successful design concept, we probably  add our own personal improvements to it.

There must be something in the Chinese culture, I really do not know.

[ataradov]

but almost zero ability to invent something truly original or new.

It is not about the ability. Getting a well accepted and widely used design and implementing it instead of inventing new stuff is the right approach. It gets you a known design fast. You will copy some inefficiencies, but usually those are known and workarounds are also known.

Improving on the design is also important, of course. But that's what GigaDevice and other are doing. Their new devices have nothing to do with any other parts, they are unique, yet still maintain a degree of similarity. And new devices have RISC-V core, which would be a tough ask for ST or other established vendors.

[dietert1]

The ancient greek had this culture, too. Joining a discussion required being able to first reproduce arguments of others with own words. Japan has that culture, too. It has something to do with respect.
And maybe chinese engineers are influenced by the western supremacy ideology, such as "Mission impossible", "Independence day" and the like. Soon they will create their own myths.

Regards, Dieter

[CatalinaWOW]

Protection requires as much or more thought than design.  And there is no such thing as absolute protection.  If your protection causes it to take as long as a design or product cycle it may be worth it.

Different approaches work in different markets.  Self destruct schemes aren't effective for high volume products because the attacker can obtain as many samples as needed to find ways around the traps.  Products with very high margin or simple production options can set up clean facilities to avoid the various leaks at commercial production houses (not just Chinese by the way).

Thinking about your product can produces speed bumps in the reversers path.  Perhaps a critical element is heavily dependent on a devices parameters.  Mismarking that device with a similar but not quite up to snuff part number might be an example.  Depending on the reversers skill and experience this might lead to a few hours to a few weeks of delay.  Using circuits which require special fixtures and/or equipment to trim would be another example.  Anything which has an obvious and easily understood purpose, but also has a critical secondary function.

In the end you can only hope that what you have done slows people down enough to serve your purposes. 

[peter-h]

Depends on who the attacker is.

If you make a device which sells in 100k volume and makes millions of $$$, it will be copied by the chinese.

But a lot of lower volume stuff isn't going to draw so much attention. It is below the chinese radar and you just need to p*ss off a casual local (Western / 1st World) guy who wants to make a bit of money but isn't all that smart, and has a lot of other stuff to do.

I have been grinding off chip markings on thousands of £30 interface products. Sure they can guess the chip but they won't be 100% sure. A funny one, in the Z80 + EPROM days, was to randomly mix up the address and data lines. It worked; years later I met a guy who told me his boss got him to copy it but he spent day trying to work out what algorithm was used to encrypt the EPROM That was a £2M/year business, in the 1980s, and even today would be below the chinese radar.

Its always fascinated me how the Chinese can show incredible ingenuity and persistence to copy something else exactly, but almost zero ability to invent something truly original or new.

It is their mental culture, their business model, and where their tech resources are.

[james_s]

I have been grinding off chip markings on thousands of £30 interface products. Sure they can guess the chip but they won't be 100% sure. A funny one, in the Z80 + EPROM days, was to randomly mix up the address and data lines. It worked; years later I met a guy who told me his boss got him to copy it but he spent day trying to work out what algorithm was used to encrypt the EPROM That was a £2M/year business, in the 1980s, and even today would be below the chinese radar.

He didn't bother to map out the data and address bus wiring? That's the first thing I would have done if a cursory glance at the EPROM dump didn't make sense.

I'll say it again, nothing motivates me to figure out what an IC is than numbers ground off. It turns something I'd otherwise ignore into a challenge.

[peter-h]

He didn't bother to map out the data and address bus wiring?

He didn't realise that was the scheme used.

nothing motivates me to figure out what an IC is than numbers ground off. It turns something I'd otherwise ignore into a challenge.

Sure, but you are probably not the commercially relevant attacker.

[james_s]

He didn't realise that was the scheme used.

I find it very surprising that he didn't bother to check. I've seen data and address lines shuffled around many times, sometimes presumably to make routing the PCB easier, it didn't occur to me to use that technique as copy protection but I would never have made the assumption that they were connected logically in the first place. If a dump of the eprom doesn't make sense then the very first thing to suspect should be the bus wiring.

[peter-h]

Well, obviously, since there is absolutely no way to make any code run on a Z80 unless it is fed to it correctly But this shows there are just opportunists out there and you just need to p*ss them off for a day or two and they find something better to do.

Like I said, your product has to be above the chinese counterfeit radar in the first place. This applies to whole products in the same way it applies to chips. They don't bother counterfeiting obscure devices. They rip off stuff which is in good demand. I have seen fake Hitachi chips made years after Hitachi's last time buy; they were still in volume use and were being bought up from the US second tier "cowboy" disti scene.

The product in question was selling ~ 200 a month, at around $1000 each, in the 1980s. I never got rich because the company, of which I had 1/3, had 35 employees so money was p*ssing out of every orifice. But it was B2B, not retail and with a large media exposure (no internet back then!). And a lot of industrial stuff is like that. Not talking about anybody here, but I think a lot of designers have an inflated idea of their importance and in reality their product is just too damn obscure for anybody to notice.

You can also p*ss people off if you use BGA packages, buried vias, tracks between planes, etc. But then you make your own life hard, and basically anything which fails the factory test has to be scrapped.

Another old technique is to file a patent. You can file a patent on anything, and put Patent Pending xxxxxx on your product. That will discourage some. The patent may get chucked out on prior art grounds but that doesn't matter because few will check. I used to have a competitor who filed patents on everything and plastered the numbers all over their box. I looked them up and they were either bogus or just weird (irrelevant) ways of doing something.

[mikeselectricstuff]

You really need to start by analysing who your adversary might be, in order to evaluate the cost/benefit of any particular measure.
 If I see equipment, especially something big and expensive, with part numbers removed that makes me think the manufacturers are a bunch of amateurs who are dumb enough to think that makes a difference, while making repairs harder.

Something cheap and easy I'd suggest is to include some  hidden software functionality that can prove that it's your software if it did get copied. e.g. an obfuscated copyright text string that can be made to appear with an obscure key combination. If you don't have a display, morse code or binary on a LED or beeper would do.
That way if a manufacturer/importer did a straight copy you'd have a sure-fire legal win, probably before even getting to court.

[rsjsouza]

You really need to start by analysing who your adversary might be, in order to evaluate the cost/benefit of any particular measure.
 If I see equipment, especially something big and expensive, with part numbers removed that makes me think the manufacturers are a bunch of amateurs who are dumb enough to think that makes a difference, while making repairs harder.

Something cheap and easy I'd suggest is to include some  hidden software functionality that can prove that it's your software if it did get copied. e.g. an obfuscated copyright text string that can be made to appear with an obscure key combination. If you don't have a display, morse code or binary on a LED or beeper would do.
That way if a manufacturer/importer did a straight copy you'd have a sure-fire legal win, probably before even getting to court.

In the SW industry these are the famous "easter eggs", which (as I was told) enabled Apple to battle and win against clone manufacturers in foreign markets (Brazil being one of them). This was back in the 1980s.

[mikeselectricstuff]

You really need to start by analysing who your adversary might be, in order to evaluate the cost/benefit of any particular measure.
 If I see equipment, especially something big and expensive, with part numbers removed that makes me think the manufacturers are a bunch of amateurs who are dumb enough to think that makes a difference, while making repairs harder.

Something cheap and easy I'd suggest is to include some  hidden software functionality that can prove that it's your software if it did get copied. e.g. an obfuscated copyright text string that can be made to appear with an obscure key combination. If you don't have a display, morse code or binary on a LED or beeper would do.
That way if a manufacturer/importer did a straight copy you'd have a sure-fire legal win, probably before even getting to court.

In the SW industry these are the famous "easter eggs", which (as I was told) enabled Apple to battle and win against clone manufacturers in foreign markets (Brazil being one of them). This was back in the 1980s.

I know someone who got a substantial out-of-court settlement against a company who copied their software and thought they'd removed the original copright messages due to having the foresight to include an additional obfuscated message, though this was in an industry where piracy was very common.

[peter-h]

you'd have a sure-fire legal win

Only after spending the entry level competent-lawyer figure, 5 digits for 1-2 days' work

Apple etc can do it. "You" can't.

The only other way you can win is if a large company unwittingly ended up incorporating your code (perhaps due to a rogue engineer or contractor). Then, upon presentation of the evidence, they are fairly likely to give you some money in a settlement. A large company, in the 1st World, is not likely to knowingly use bootleg code.

And if a chinese company does anything, you can't sue them anyway. I managed to extract a $4k injection moulding tool from china by threatening the company with a) reporting them for theft to the chinese embassy in London and b) doing the same to their local police station. But had they called my bluff, I would have never got that tool back. Previous 3 versions of that tool were "stolen" when the companies vanished (over a 20 year period). The cost of using chinese suppliers...

In the old days, executing the copyright message was a fun trick. ASCII chars were mostly reg-reg moves and you could make it do something. So on "PC" software this was ok because a counterfeiter patched the copyright message right away.

In embedded systems, an attacker needs to be better equipped to start with.

I would not use BGA-anything. One cannot do any hardware development with it (not if one also obscures the interconnections) so one has to develop on some other board and then spin off the "real" board and hope it works. And then scrap some % of production; with luck it should be not more than 1%.