Flash memory trick

Go To Last Post
2 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

In the tread
https://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&t=41091&postdays=0&postorder=asc&highlight=secure&start=20
Mikeharrison spoke of a nice hack for securing an eeprom/AVR, but this makes me wonder about a few things.

Quote:
'modify' the hardware of the AVR, so even if the hex file is extracted, it won't run on a new chip. The modification is to deliberately wear out one or more eeprom locations with huge numbers of read/write cycles. it worked OK on the old 9346 eeproms.

The questions that come to mind are:
1. Is this possible with the embedded AVR Flashrom
2. Can we control what bits get stuck?, something like a serial number by writing the same number again and again?, or does the Flashrom only degrade during 0-1 or 1-0 transisions.
3. How reliable will the bits hang?
4. How could we utilize this technique to the fullest, embed the "Serial" in the code?, use some kind of self modyfing code that uses the Serial?

Interesting......

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

You likely wont have control over what bits get burnt, however it is most likely the ones that are programmed to '0's. Also remember the flash is erased at the block level (the entire part if done by ISP) or at the page level if done via a bootloader, so you will be wearing a large chunk of Flash, instead of just a few bytes. As for reliability, the failed bits should always read consistantly, at least that has been my experience with other flash devices.

As for using this technique, assuming you did successfully get a unique serial number into the flash, you will need to personalize the hex of the program to include that serial, or some algorithm to verify it. In any case you will need to uniquely program each device with it's own personalized hex file.
Instead of burning the flash, why not use a 1wire (DS2411 perhaps, or use a 1wire eeprom, and add your own additional parts to the serial number) device, which has a unique serial. Get a 1w device which has a unique serial number, and personalize your hex to work only if that serial is present. Note don't use the serial directly in your HEX, but rather some encrypted version of it, say some sort of CRC of it. You can further enhance this by encryting the data portions in your flash using that serial, requiring that the correct serial be present, in order for the data to be properly extracted.

None of this will keep a dedicated person from stealing your code, it will only slow them down a bit.

Writing code is like having sex.... make one little mistake, and you're supporting it for life.