Can an AVR erase its own code

Go To Last Post
25 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi guys

 

Just wondering, can an AVR erase its own codes? I mean the codes in its own flash, not eeprom.

 

Thanks guys!

Zhuhua Wu - Electronic Engineering Student

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Yes, but the code that performs the erase operation mus reside in the bootloader section.

NOTE: I no longer actively read this forum. Please ask your question on www.eevblog.com/forum if you want my answer.

Last Edited: Mon. Dec 1, 2014 - 07:06 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Yes.     Place the SPM commands in the Boot section of memory.    (or enable the SELFPROGRAM fuse on a Tiny)

 

Execute a loop that erases each page of Flash.    Finally erase the page that contains your SPM command.

 

You don't have to shoot your own foot.   There are always alternatives.    You can jump in front of a bus,   leap off a tall building,    ...

 

Most people do not have a death wish.

A bootloader normally has the lockbits set to protect it from writing to the boot section.

 

David.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Not only would I set the bootloader lockbits I think in my boot_program_page() routine or equivalent I would also include a "belts and braces" check for "if (page_address > end_of_app_section) return;" just in case I accidentally run the code without the lockbits set and the data might span the reprogramming code.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

It's possible, but why bother? Oh, you think you can protect your intellectual property by detecting somebody trying to read the program from the chip.

 

Just make a "Bootloader" that fills the flash with gibberish, like all 0xff, instead of a real program.

The largest known prime number: 282589933-1

In my humble opinion, I'm always right. 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

This isn't about protecting intellectual property. It's about protecting bootloader code against self erasure as it's the only software that has to remain intact and work.

 

Or do you think OP was asking about a program that self-destructs when it spots tampering? I suppose he might have meant that but it's a dangerous strategy if there's any chance of false-positives!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

As far as I can see,  the OP simply wants to know how to shoot her own foot.

 

I don't think that there is any requirement for protection or security.

 

David.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Or do you think OP was asking about a program that self-destructs ... [whenever] ...

That's the way I read it.  IIRC there was an extensive thread on just this a few months ago--try to search it out.

You can put lipstick on a pig, but it is still a pig.

I've never met a pig I didn't like, as long as you have some salt and pepper.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

 

Hahaha, indeed, I was thinking something like that (erase its own code when tempering is detected). But I don't think I am smart enough to develop something quite unique or patentable anyway.

 

So, please forget my naiveness and/or stupidity, and put that aside. What is the best way to protect the data stored in a mcu.

 

Thanks guys!

 

 

Zhuhua Wu - Electronic Engineering Student

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

bug13avr wrote:
What is the best way to protect the data stored in a mcu.
Protect from what?  Prying eyes?  Lock bits, and boot lock bits.  What modes to use depends on which device, and whether or not you use a bootloader.

 

Tell more about your specific application requirements and someone can make a recommendation.

"Experience is what enables you to recognise a mistake the second time you make it."

"Good judgement comes from experience.  Experience comes from bad judgement."

"Wisdom is always wont to arrive late, and to be a little approximate on first possession."

"When you hear hoofbeats, think horses, not unicorns."

"Fast.  Cheap.  Good.  Pick two."

"We see a lot of arses on handlebars around here." - [J Ekdahl]

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

IIRC there was an extensive thread on just this a few months ago--try to search it out.

SSDD?

https://www.avrfreaks.net/forum/a...

You can put lipstick on a pig, but it is still a pig.

I've never met a pig I didn't like, as long as you have some salt and pepper.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi joeymorin

 

My question wasn't for a specific application, it's just cool for me to be able to do something like this (self-destructive device/code), and learn something along the way.  I know it may sound naive/stupid, but it motivates me. 

 

For answering your questions, I want to protect my data from whoever want to read it (through a programmer or whatever other method possible). Sounds like erasing its own code is not a good choice, so what are my other options? Sorry it's not for a specific application, just something I thought it was fun/cool to do.

 

But I think your solution on here has already answered my question. (as theusch pointed out)

 

THANK YOU ALL for taking your time to help me here, it's much appreciated!

Zhuhua Wu - Electronic Engineering Student

Last Edited: Tue. Dec 2, 2014 - 07:03 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Oh, I see. Erase your code just because you can, but not for any good reason. An important part of learning. I've done things for sillier reasons, but never wanted my project to STOP working

 

Just put in a fake bootloader that doesn't get a program to load from anywhere, just erases the memory.

The largest known prime number: 282589933-1

In my humble opinion, I'm always right. 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

There  is basically no way to "protect" in an absolute sense. 

 

Lock bits will protect against most of us who might want to look inside your  chip to see what you have done. For most, with a mild curiosity, the lock bits will stop that, and the effort will be finished.

 

The thing is.... there are these places, rumored to mostly be in Eastern Europe, which, for a few hundred US dollars, will take off the top of the chip, and will read out what is in there, no matter what the lock bits are set to. If you have something that is genuinely valuable or that might be used for purposes that the CIA or MI5 or whom-ever might be concerned about, your thing CAN be broken. 

 

So, get used to this fact. Most of us will never do anything that is worth that much to someone else. And, we will, in turn, be adequately protected by lock bits.

 

Thats the way the world is!

 

Jim

Jim Wagner Oregon Research Electronics, Consulting Div. Tangent, OR, USA http://www.orelectronics.net

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

ka7ehk wrote:

The thing is.... there are these places, rumored to mostly be in Eastern Europe, which, for a few hundred US dollars, will take off the top of the chip, and will read out what is in there, no matter what the lock bits are set to. If you have something that is genuinely valuable or that might be used for purposes that the CIA or MI5 or whom-ever might be concerned about, your thing CAN be broken. 

 

Can they read the data even after I have erased the data/flash with that magical little piece of code? I am guessing not because all the data will be like 0xFF, but if they still can read the code, that would be interesting to know how.

Zhuhua Wu - Electronic Engineering Student

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Possibly. According to stuff I've read, it's possible to read hard discs after they've been erased, as apparently the bits retain some memory of previous storage. It may be the same with flash, I really don't know.

 

Four legs good, two legs bad, three legs stable.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Shirley,   a hard disk that has been "quick-formatted" retains information in the data sectors.    It is only the filesystem sectors that are re-initialised.     A hard disk that has been "full-formatted" has written 0xFF or 0xAA to every data sector.

 

A similar situation arises with the AVR.    A full chip-erase will set every byte to 0xFF in every flash page.    A bootloader "erase" will only erase the application area pages.     Some bootloaders only erase the pages that they use.    So if you have been running a 30kB program in your Arduino,   uploading a 2kB Blinky will leave 28kB unchanged.

 

David.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

[RANT] Grrrr... This is the second time in two days I have submitted a post, seen it appear, only to find it gone the next time I visit the thread.  There is a glitch in the matrix... [/RANT]

 

You are talking of data remanence.  A fair amount of ongoing research on the topic.

http://en.wikipedia.org/wiki/Gutmann_method

http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf

 

Gutmann's research in the 90's has led to the stringent DOD standards for secure erasure of magnetic media (35+ passes of random and selected data patterns) and other permanent storage, despite the lack of any evidence that even a single bit of data has ever been recovered after single-pass erasure.  Nevertheless, the theoretical possibility exists.

 

The investment in time and equipment required to attempt data recovery of this nature would make it extremely unlikely that anyone would even try to do so with an AVR.  Unless you're moving (at most 32KB of) international intelligence inside your Arduino, I'd say you can sleep at night ;)

"Experience is what enables you to recognise a mistake the second time you make it."

"Good judgement comes from experience.  Experience comes from bad judgement."

"Wisdom is always wont to arrive late, and to be a little approximate on first possession."

"When you hear hoofbeats, think horses, not unicorns."

"Fast.  Cheap.  Good.  Pick two."

"We see a lot of arses on handlebars around here." - [J Ekdahl]

 

Last Edited: Wed. Dec 3, 2014 - 02:59 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

@Joey,

 

The Wikipedia article is very interesting.   It looks very much like the "Gutmann method" was concocted purely for the benefit of "senior management".

 

I am not sure that you can even get at the analog signals from the hard disk drive heads on a modern HDD.

 

Anyway,   you definitely can't get at the analog signal from a Flash memory array.

 

I suspect that when you do find the signals,  you would need to play them through solid gold loudspeaker wires on your HiFi.

 

David.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

David wrote "Shirley,   a hard disk that has been "quick-formatted" retains information in the data sectors.    It is only the filesystem sectors that are re-initialised.  "

 

I am well aware of that.

 

Also "Anyway,   you definitely can't get at the analog signal from a Flash memory array."

 

I am well aware of that also, but it doesn't mean that somebody with special equipment might not be able to.

Four legs good, two legs bad, three legs stable.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Yes,   I am sure that you can get at anything if you try hard enough.    I can imagine magnetic remanence but would be surprised if you could extract reliable information.    I am extremely sceptical about detectable differential electrical charges on erased Flash memory cells.

 

Whereas I can believe that some people want to crack some AVR programs,    I doubt if they are prepared to crack the remnants of an AVR program that has been erased and a new pattern written.

 

Like Joey,   I doubt if many national secrets are stored on an AVR.    Mind you,  the UK and the US do seem to be fairly paranoid at the moment.

 

David.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

"Like Joey,   I doubt if many national secrets are stored on an AVR. "

 

I agree. They tend to be stored, unencrypted, on laptops which are then left on trains.

It is still interesting, though. And I can see how security agencies or law enforcement might want to read solid-state storage, such as memory cards/sticj or solid state drives.

 

Four legs good, two legs bad, three legs stable.

Last Edited: Thu. Dec 4, 2014 - 05:26 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I am extremely sceptical about detectable differential electrical charges on erased Flash memory cells.

Getting curious, I did some Google work yesterday, and certainly nothing jumped out about erased flash "memory effect".  (pun intended)

 

NB:  There was some interesting discussion about solid-state drives, and erasing deleted file sectors at leisure (garbage collection; "TRIM") to make faster write-only when next used.

You can put lipstick on a pig, but it is still a pig.

I've never met a pig I didn't like, as long as you have some salt and pepper.

Last Edited: Thu. Dec 4, 2014 - 03:48 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

35+ passes of random and selected data patterns

 

Way back, the standard, IIRC, was 7 passes.  It is important to remember that the front end for a physical, rotating platter, HDD is all analog. 

One can easily spin up the HDD and generate a "histogram" of the analog readout signals for each bit.

Usually, a simple threshold determines a logical 1 or 0, but it is easy to implement a "reverse window" with two thresholds for valid data, (i.e. be above one threshold, or below another, (think RS-232)).

 

Back in the day it wasn't uncommon for a "lab" to have one of every HDD made by the (relatively few) HDD manufacturers.

The one on the shelf was pre-modified to feed the head drive signals to a JFet (?) amp, and then on to the analysis software.

When a "erased drive" came in for recovery / analysis, one could do a "little surgery" on the drive, and then let the software works its magic.

 

JC

 

Edit:  The two level determination is for normal reading.

With a histogram of all of the individual bit signal levels, one can, in theory tell the bit state prior to its current state.

The concept is that a "1" bit, written as a "1", twice n a row, will be a "stronger" "1" than if it was a "0" bit last time, and is written as a "1" once.

 

JC

 

   

Last Edited: Sat. Dec 6, 2014 - 02:15 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

DocJC wrote:
Way back, the standard, IIRC, was 7 passes.
As I recall as well.  Even Gutmann 35 passes is excessive and unnecessary.  The Wikipedia page I linked to above has this to say:

The National Bureau of Economic Research criticized Gutmann's claim that intelligence agencies are likely to be able to read overwritten data, citing a lack of evidence for such claims.[3] Companies specializing in recovery of damaged media (e.g., media damaged by fire, water or otherwise) cannot recover completely overwritten files. No private data recovery company currently claims that it can reconstruct completely overwritten data. Nevertheless, some published government security procedures consider a disk overwritten once to still be sensitive.[4]

 

Gutmann himself has responded to some of these criticisms and also criticized how his algorithm has been abused in an epilogue to his original paper, in which he states:[1]

In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.

— Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, University of Auckland Department of Computer Science.

But you can't believe everything you read on teh interwebs ;)

 

"Experience is what enables you to recognise a mistake the second time you make it."

"Good judgement comes from experience.  Experience comes from bad judgement."

"Wisdom is always wont to arrive late, and to be a little approximate on first possession."

"When you hear hoofbeats, think horses, not unicorns."

"Fast.  Cheap.  Good.  Pick two."

"We see a lot of arses on handlebars around here." - [J Ekdahl]