Author Topic: Code protect (not)  (Read 20532 times)

0 Members and 1 Guest are viewing this topic.

Offline mikeselectricstuffTopic starter

  • Super Contributor
  • ***
  • Posts: 13969
  • Country: gb
    • Mike's Electric Stuff
Code protect (not)
« on: April 01, 2011, 11:05:16 am »
I'm sure most of you have heard third & fourth-hand stories about Chinese guys offering de-protect services for microcontrollers by de-capping.
I just met up with a friend who who actually had it done on a recent PIC ( for a legit reason as it happens) - I was amazed at the cost - just GBP120, shipping included.

So bear that in mind when considering what it would cost for someone to copy your product...

Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Online Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11713
  • Country: my
  • reassessing directives...
Re: Code protect (not)
« Reply #1 on: April 01, 2011, 11:56:39 am »
any mcu brands? maybe the protection should be within the software itself.
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline scrat

  • Frequent Contributor
  • **
  • Posts: 608
  • Country: it
Re: Code protect (not)
« Reply #2 on: April 01, 2011, 12:28:02 pm »
Amazing! So these are not legends, it's really possible and affordable. It must involve not so expensive instruments, I guess...
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man. - Elbert Hubbard
 

Offline Psi

  • Super Contributor
  • ***
  • Posts: 10219
  • Country: nz
Re: Code protect (not)
« Reply #3 on: April 01, 2011, 12:38:28 pm »
With all the knockoff products that appear on the market so quickly it wouldn't surprise me at all if there is equipment in china designed especially to do this. Maybe even automated to a degree.
« Last Edit: April 01, 2011, 12:40:36 pm by Psi »
Greek letter 'Psi' (not Pounds per Square Inch)
 

Online Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Code protect (not)
« Reply #4 on: April 01, 2011, 12:52:58 pm »
yep it probably happens left right and centre
 

Online Zero999

  • Super Contributor
  • ***
  • Posts: 19900
  • Country: gb
  • 0999
Re: Code protect (not)
« Reply #5 on: April 01, 2011, 04:33:15 pm »
This only adds weight to the the fact that DRM does more to inconvenience honest people more than it does who want to copy other people's ideas.

I wouldn't bother using code protection, unless I did it for a company who insisted on it.
 

Online Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Code protect (not)
« Reply #6 on: April 01, 2011, 04:36:23 pm »
well to be honest I would, if i made a simple project I'd not want anyone ripping it off. I mean they can go design their own !
 

Online Zero999

  • Super Contributor
  • ***
  • Posts: 19900
  • Country: gb
  • 0999
Re: Code protect (not)
« Reply #7 on: April 01, 2011, 07:37:07 pm »
If it's that easy to design then why bother? You've not lost much, just made someone else's life easier.

I'd actually be quite flattered if someone copied my work, especially if they learn from it.
 

Online Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Code protect (not)
« Reply #8 on: April 01, 2011, 07:54:10 pm »
yes well some poeple need to make a living and can't aford to give their work away
 

Online Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11713
  • Country: my
  • reassessing directives...
Re: Code protect (not)
« Reply #9 on: April 01, 2011, 08:34:03 pm »
one of solution. make your design ugly.
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Online Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Code protect (not)
« Reply #10 on: April 01, 2011, 08:39:01 pm »
why should I make my design "ugly" ? in electronics terms that would mean making it more complictaed than need be and poorly performing, that costs me more
 

Online Zero999

  • Super Contributor
  • ***
  • Posts: 19900
  • Country: gb
  • 0999
Re: Code protect (not)
« Reply #11 on: April 01, 2011, 09:47:22 pm »
yes well some poeple need to make a living and can't aford to give their work away
Who said anything about giving it away?

People sell software, music and films without nasty DRM all the time and aren't giving it away.

I don't knowingly buy anything with DRM and I consider code protection or going to great lengths to hide how something works from the user as dishonest in itself.
 

Online Mechatrommer

  • Super Contributor
  • ***
  • Posts: 11713
  • Country: my
  • reassessing directives...
Re: Code protect (not)
« Reply #12 on: April 01, 2011, 10:08:26 pm »
why should I make my design "ugly" ? in electronics terms that would mean making it more complictaed than need be and poorly performing, that costs me more
i mean, so cloner will not be interested at it. yeah, a complicated design can means "ugly" as well. and about this cloning, i think only successful product will worth cloning. so if you have sold so many of your products, then pirate will start to give attention to your product. and from there, you will do more on making your design "ugly". just like what rigol did to their latest firmware.
Nature: Evolution and the Illusion of Randomness (Stephen L. Talbott): Its now indisputable that... organisms “expertise” contextualizes its genome, and its nonsense to say that these powers are under the control of the genome being contextualized - Barbara McClintock
 

Offline Lance

  • Frequent Contributor
  • **
  • Posts: 317
  • Country: 00
  • Resistance if futile if R<1Ohm
Re: Code protect (not)
« Reply #13 on: April 01, 2011, 10:51:20 pm »
Once the devices are de-capped what happens next in getting the code?
#include "main.h"
//#include <killallhumans.h>
 

Offline Psi

  • Super Contributor
  • ***
  • Posts: 10219
  • Country: nz
Re: Code protect (not)
« Reply #14 on: April 01, 2011, 11:08:37 pm »
Once the devices are de-capped what happens next in getting the code?

i was wondering that, if it's a picture taken of the nand and maybe the state of each bit can be detected from its color or something.
Or if its a matter of getting internal access to the nand data/address lines to attach some extra gold wires so the nand can be powered up and read out remotely.
Greek letter 'Psi' (not Pounds per Square Inch)
 

alm

  • Guest
Re: Code protect (not)
« Reply #15 on: April 01, 2011, 11:22:52 pm »
You could just kill the lock/protect bits and read it out via the standard JTAG/in-system programming protocol. But detecting the charge in the flash ROM with an e-beam is also an option.
 

Offline baljemmett

  • Supporter
  • ****
  • Posts: 665
  • Country: gb
Re: Code protect (not)
« Reply #16 on: April 01, 2011, 11:43:16 pm »
You could just kill the lock/protect bits and read it out via the standard JTAG/in-system programming protocol.
Yep, that's the technique bunnie described for getting around it.  More secure devices have beefier protection (Flylogic have some nice examples on their blog, I believe) but in the end anybody intent on stealing your code is probably going to find a way eventually.  Time's on their side, after all...
 

Offline Lance

  • Frequent Contributor
  • **
  • Posts: 317
  • Country: 00
  • Resistance if futile if R<1Ohm
Re: Code protect (not)
« Reply #17 on: April 02, 2011, 03:16:08 am »
That's true. I wonder if you could have a something inside the device that would destroy the die if exposed to air.
#include "main.h"
//#include <killallhumans.h>
 

Online Zero999

  • Super Contributor
  • ***
  • Posts: 19900
  • Country: gb
  • 0999
Re: Code protect (not)
« Reply #18 on: April 02, 2011, 08:43:50 am »
You could just kill the lock/protect bits and read it out via the standard JTAG/in-system programming protocol. But detecting the charge in the flash ROM with an e-beam is also an option.
Here's an interesting site which describes the process in detail.
http://www.cl.cam.ac.uk/~sps32/mcu_lock.html

You could also use a UV laser.

why should I make my design "ugly" ? in electronics terms that would mean making it more complictaed than need be and poorly performing, that costs me more
i mean, so cloner will not be interested at it. yeah, a complicated design can means "ugly" as well. and about this cloning, i think only successful product will worth cloning. so if you have sold so many of your products, then pirate will start to give attention to your product. and from there, you will do more on making your design "ugly". just like what rigol did to their latest firmware.
Don't you miss the days when 'scope manufacturers used to provide service manuals, complete with a schematic and a parts list?

I hope someone writes some open source firmware for the Rigol, that way all you do is buy a cheap Rigol, load the new firmware on to it which gives you all sorts of features you can't buy from a top of the range Rigol 'scope.

anybody intent on stealing your code
Nonsense, they're not stolen anything. Just because someone breaks the copy protection you still have the code. The only way of stealing it from you is to break into your computer and remove all copies of your hard drive.

Also don't forget when they look at the code inside the PIC, all they see is a load of assembler, no labels, comments, C source code, nothing.
 

Offline mikeselectricstuffTopic starter

  • Super Contributor
  • ***
  • Posts: 13969
  • Country: gb
    • Mike's Electric Stuff
Re: Code protect (not)
« Reply #19 on: April 02, 2011, 10:57:05 am »
My guess is the easiest way to read most parts is to disable the protect bits, either by erasing or temporarily by wafer  probing. A way to make this harder would be to blow the programming pin protection diodes.
I'm surprised more MCU makers haven't offered parts with onboard unique factory serial numbers, as this would provide a fairly simple but robust mechanism to improve security, by encoding the firmware with the unique number, so a copy of the firmware won't work in another part.
Some Xilinx FPGAs have a serial number facility to achieve this ('DigitalDNA').

A problem is that if a manufacturer starts promoting security as a feature, if it's then hacked they will get a lot of grief from customers. This is why you tend to see very vague and wooly statements about protection in most manufacturers' datasheets.
I'm surprised Microchip parts are still vulnerable to such a cheap attack, as they got burned early on with the 16C84, which could be read by simply increasing the programming voltage beyond spec.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Offline baljemmett

  • Supporter
  • ****
  • Posts: 665
  • Country: gb
Re: Code protect (not)
« Reply #20 on: April 02, 2011, 10:58:09 pm »
anybody intent on stealing your code
Nonsense, they're not stolen anything. Just because someone breaks the copy protection you still have the code. The only way of stealing it from you is to break into your computer and remove all copies of your hard drive.

OK, fair point, that was sloppy of me; got caught up and carried away in Simon's concerns, perhaps ;)  Substitute "get at" or "rip off" or whatever as appropriate, but it doesn't really change the point -- if someone wants to see what code you've got your chip running, they can work at it for as long as they please.  Once the device is in their hands you can't upgrade the protection to keep pace with their methods; not a busting lot anyone can do about that!

Quote
Also don't forget when they look at the code inside the PIC, all they see is a load of assembler, no labels, comments, C source code, nothing.

Well, of course, but if all they want to do is sell cheap knock-offs of your design the binary'll do just as well as the source code...
 

Online Zero999

  • Super Contributor
  • ***
  • Posts: 19900
  • Country: gb
  • 0999
Re: Code protect (not)
« Reply #21 on: April 03, 2011, 09:35:57 am »
if someone wants to see what code you've got your chip running, they can work at it for as long as they please.  Once the device is in their hands you can't upgrade the protection to keep pace with their methods; not a busting lot anyone can do about that!
It doesn't matter how much you invest in nasty DRM, people will always find a way to circumvent it.

Seriously, wouldn't it be better to be more honest to spend nothing on hiding the code and offer the customer a higher quality product for the same price? You'll sell more if you invest the money in quality, marketing and creating a good brand rather than on subterfuge.

Quote
Well, of course, but if all they want to do is sell cheap knock-offs of your design the binary'll do just as well as the source code...
If your project is such poor quality that no one can distinguish between the high quality original and the cheap knock-off then it's not worth much and you deserve Changhwo and co coping it and churning out a million units a day for a tenth of the price.

I think the best way to protect yourself is to build a high quality product, buy a trademark, patents if necessary (not that I completely agree with them) and make sure the code is copyrighted. Then you don't have to rely on underhand practices such as code protection. If someone copies your code and puts it in a cheaper product, they can't use your trademark because that's asking for trouble and if they put it in a cheaper no name product it won't be much competition, well only as much as shitty Mastech DVMs are a competitor to brands like Fluke.
 

Offline baljemmett

  • Supporter
  • ****
  • Posts: 665
  • Country: gb
Re: Code protect (not)
« Reply #22 on: April 03, 2011, 11:02:03 pm »
It doesn't matter how much you invest in nasty DRM, people will always find a way to circumvent it.
Precisely :)  I think we are in violent agreement here, as they say.  It was Simon's comments upthread about people cloning his work that inspired me to post, mostly just to say "you'll never win that way".

Personally I'm just in the software trade, the hardware side of things is purely a hobby (and not one I'm particularly advanced in, either) -- but the biggest products I work on are sold for large installations where customers have no incentive not to be honest.  One client did once observe to me that, although they/we wouldn't much appreciate anyone defeating the licensing system (which is there for the customer's security as much as ours), at least it's our product they wanted to use enough to go to that trouble!
« Last Edit: April 03, 2011, 11:31:55 pm by baljemmett »
 

Online Simon

  • Global Moderator
  • *****
  • Posts: 18022
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: Code protect (not)
« Reply #23 on: April 04, 2011, 06:04:47 am »
it is a vary varible issue and no I don't agree with over the top stuff like used in the media industry. But I'd take basic steps to make something harder to copy if it wasn't difficult or cost more.
 

Offline DrGeoff

  • Frequent Contributor
  • **
  • Posts: 794
  • Country: au
    • AXT Systems
Re: Code protect (not)
« Reply #24 on: April 04, 2011, 06:38:48 am »
That's true. I wonder if you could have a something inside the device that would destroy the die if exposed to air.

Doesn't all the smoke escape when they take the top off?

Was it really supposed to do that?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf