Is it possible for someone else to "see" my code once it's been programmed onto a chip?
Gaix2 
reverse engineering
Author
Message
Gaix2 ka7ehk
It all depends on how you have the fuse bits set. There are some who will tell you that they can extract code from any processor, but that is an expensive and slow process and not one that most of us need worry about. If you are the CIA or such, maybe, but not most of "normal" folks.
Jim
groenhen 
Quote:
There are some who will tell you that they can extract code from any processor, but that is an expensive and slow process and not one that most of us need worry about. If you are the CIA or such, maybe, but not most of "normal" folks.
CIA :? ... Not really! Just visit a "copy factory" in China and you'll be amazed how fast they can "pull-out" the program from inside your (protected) AVR ! :twisted:
zbaird
Level: Raving Lunatic
Joined: Sun. Aug 13, 2006
Posts: 7438 View posts
Location: Bellingham, WA - USA
Quote:
Just visit a "copy factory" in China and you'll be amazed how fast they can "pull-out" the program from inside your (protected) AVR !
Out of curiosity - have any idea what sort of process this entails?
Gwen 
I heard that a laser is used to alter some bits somehow.
I read that somewhere on another forum.
js 
Level: Moderator
Joined: Wed. Mar 28, 2001
Posts: 31336 View posts
Location: Sydney, Australia (Gum trees, Koalas and Kangaroos, No Edelweis, but plenty of Corona beer)
Quote:
visit a "copy factory" in China
I Chinese friend of mine says that China has "Copyrights"...or the Rights to Copy anything... :)
stevech read it on the Internet so it must be true!
mneary How much is a machine-language copy of your code really worth?
In many products the code could be reproduced just by observation, and possibly even improved upon.
c_oflynn
Quote:
Not really! Just visit a "copy factory" in China and you'll be amazed how fast they can "pull-out" the program from inside your (protected) AVR !
There was a fellow on this forum who had done some research into it, and claimed he could easily recover the code from a locked AVR. At the time this was the older processors, AT90S2313 or similar.
Anyway I put it to the test - and mailed him a locked AVR. He e-mailed me a perfect copy of the code in the AVR.
There is a very interesting article at http://www.cl.cam.ac.uk/~sps32/m... and check out his Phd as wel.
Regards,
-Colin
Gwen Hi c_oflynn :)
That article was interesting....indeed, they do use lasers to assist in the compromising of chips.
dmonn Reminded me of an article on bunnie's blog, about reseting security fuses on PICS:
Gwen Hi dmonn :)
Great article!
I wonder how that guy got the chip out of the package?
If he sent them off and payed that 50$ each then that is really expensive.
Dingo_aus 
Google around and you'll find some info, like grinding the top off the chip to get at the security bits.
DaveEvans
you can get his thesis here
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
abcminiuser 
Level: Raving Lunatic
Joined: Fri. Jan 23, 2004
Posts: 9845 View posts
Location: Melbourne, Australia
Personally I've always wondered why they don't coat the die in an oxidizing layer (or photosensitive layer). While the vacuum or dark room would add minimally to the cost of the device, it would add an extra physical layer of security - once opened, the die would either corrode or blacken to the point of being irretrievable.
Who knows - perhaps the secure AVRs have a system just like that?
- Dean :twisted:
EDIT: Or a coating that emits UV photons when struck by other wavelengths. Put that over the flash section and its bye-bye data if the case is opened!
dksmall
Like what they use to do in Mission Impossible, tapes, pictures, even PCB's would go up in smoke after they were used.
Gwen Quote:
PCB's would go up in smoke after they were used.
That's what usually happens to mine when I first turn on the power :)
Kartman
Gwen - didn't your parents tell you that smoking is bad - mmmkay. Drugs are bad mmkay.
ka7ehk
If it really only costs USD50 to copy flash from a micro, that is dirt cheeeeep for a commercial project. For a US engineer, you could hardly pay for a couple of hours time, if even that.
There are times I might have "killed" for that.
Jim
JulianHigginson I like the idea of an oxidising layer inside a chip, and the UV idea is cool too... though wonder if a uv emitting cover would convert enough UV from abient light to make it worthwhile?
Also, whatever the coating property you had, if you stripped the part in darkness (or vacuum, as necessary!) and then washed to destructive coating off, you'd be set.
How about a photocell hooked up to something that will cause an erase cysle on the flash? though that requires light and power to be applied at the same time.
The other thing you could do, is a smaller version of what they do in things like ATMs... have a cage of very fine, easily breakable wires around the processor core (perhaps printed inside the IC cavity!) and continually shoot random patterns into them, and read checksums.... though the complexity of that makes your chip a heap bigger and more expensive, and less efficient.....
I think that whatever process gets used, though, reverse engineers will find out a way to get around it. And once that's done, no code in that device would be safe, again.