Electronics > Projects, Designs, and Technical Stuff
Embedded Firmware & IP Protection from Chinese clones
(1/5) > >>
spectramax:
Hello all,

I appreciate your insight as I can't Google this stuff (I've tried). I've started developing a hardware product for a small company (3 people). We are new to the whole "Hardware-is-hard" thing and I certainly appears to be insanely daunting. Let me cut to the chase with a few burning questions that I just can't find good answers on Google.

Some background:

* We are going to be using an STM32L4 CPU
* Develop a custom firmware with RTOS
* Develop a custom bootloader for updating firmware using SDCARD or USB-DFU
* PCB, Case, etc will be manufactured by *different* suppliers in China
* Final assembly to take place in USA & England
* Low to mid-volume, est. 10000-20000/year maximum
Questions:

* How difficult is it to create a hex dump of the bootloader & firmware?
* If it is easy, is it possible for Chinese supplier to make the case, reverse engineer PCB and flash our own firmware (effectively selling "authentic" units)? There is a display on the device so we can put some copyright notice but that becomes irrelevant if the Chinese cloners are literally building replica of our device with authentic firmware and selling it under our brand in the grey market. Thus, the firmware authentication will always work because the firmware is indeed hex-dumped and flashed on the new STM32 chip.
* There are lots of discussions/threads/info about how to checksum firmware and check for its authenticity using crypto. But if the flashed firmware on a cloned hardware is indeed authentic, it is a moot point. Is there any way we can use something like a Drill Battery crypto chip such as Microchip ATSHA204?
* What are common ways to prevent cloning hardware by using the firmware as an authenticator? We don't want to go down the path of "security through obfuscation". In other words, how can we write firmware that can authenticate the serial number or some unique tamper resistant hardware feature securely?
The gist of my curiosity can be captured as "How can we make our firmware *only* run on our hardware."
Thank you :) I am a mechanical engineer but I also do systems programming. However, not much experience in embedded programming so please pardon me for asking if there is an obvious answer.

ataradov:
This was discussed a few times here. Short answer - if someone really wants to clone your design - they will.

There are rumors about companies dumping almost any MCU with prices starting at $500. Obviously there is no page with happy customer feedback, so it is hard to verify those rumors.

If device is standalone and does not have connectivity to some of your servers, then ATSHA204 will not help, only slow down a bit, since clonners will have to figure out where the communication happens. After that they will be saving on BOM not including that chip. It will help however if you think that MCU protection is reliable.

But this is really only a problem if your device is very popular and your margin on it is high. Are you sure you will get there?

If the device fills a new need that is not covered by other devices like this, and yours will show the demand, others will just clone the idea. Often times it is much easier than conning the original.
amyk:

--- Quote from: ataradov on January 22, 2019, 01:53:43 am ---There are rumors about companies dumping almost any MCU with prices starting at $500. Obviously there is no page with happy customer feedback, so it is hard to verify those rumors.

--- End quote ---
https://russiansemiresearch.com/en/service/

PIC10F is $500. STM32 is $2000.
ataradov:

--- Quote from: amyk on January 22, 2019, 02:36:42 am ---https://russiansemiresearch.com/en/service/

--- End quote ---
Yes, this is one of the most commonly linked places. There are a couple of others.

But I have not heard a definitive feedback. Nor have I seen any independent testing. You would think that it will make a good video for someone's channels. Program a few devices with a known pattern and send it to them to see what happens.
spectramax:
Thanks, the russian sites look dubious and I found some more information on stackexchange:

https://reverseengineering.stackexchange.com/questions/1698/bypassing-copy-protection-in-microcontrollers-using-glitching
https://reverseengineering.stackexchange.com/questions/3526/how-do-i-extract-a-copy-of-an-unknown-firmware-from-a-hardware-device
https://reverseengineering.stackexchange.com/questions/13013/reverse-engineer-stm32l151s-firmware

Someone tried to ask the Russian company if they would return the chip undamaged without a response.

However, I realized that the hex-dump question that I asked earlier is moot because we are most likely going to provide the binary firmware image as we upgrade the firmware.

@ataradov- regarding your questions about the demand - we have a unique product with a potential large exposure but it is difficult to estimate the demand. At peak, we are thinking 20k / year. One of my partners has written the code for several years so it is not easy to just roll your own code by the Chinese cloners. They'll need to know substantial information, know how and tribal knowledge to be able to write our software. But you're asking the right question - it may be not worth securing anything. That brings up another question - Electronics such as Cameras (Sony's Alpha Mirrorless cameras have the firmware publicly available for update), Synths, Bluetooth Headsets, etc. have firmware publicly available. So, I am wondering if A) Do they encrypt the firmware somehow with in-chip decryptor? B) They don't bother?

Navigation
Message Index
Next page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod