Is PIC code protection secure?

[ericmar]

pic24 code protection

Hi,

I would like to know how secure is the PIC code protection feature. I guess no matter how you protect the codes, there is always a way to duplicate the codes even the code protection bit is set, right?

What is the usual practice for clone prevention, be it the hardware or the codes in the MCU? How to control the production quantity if project is consigned to a contract manufacturer?

I guess some software activation can act as another layer of protection to prevent clone prevention. Right?

Any idea?

Regards,
Eric

 

[kastantin]

All PIC users ensure that, the secure is very good, you can trust it

 

[ctownsend]

What is the device? 16F????

From what I have read, there is no protection in the way you write the software. If someone is doing a straight 100% copy of you code, nothing is going to help you with that. There are lots of tricks to be used to slow down or prevent disassembly, but then again the determined hacker will always win.

As for the hardware side, make sure the lock bits are programmed (this is obvious).

When you design the circuit there are some tricks to slow the hacker down:

You can file off any chip markings.
You can also change standard pinout on the board.
3 or 4 layer board with important tracks in the middle layers.

I once burned an unused pin so that reprogramming or entering programming mode was impossible. The device still worked reliably, and may still work to this day as far as I know.
Others will tell you not to do this, but if you have no choice, then take your chances and try to burn the pin without destroying any other internal components on the micro. I used a 12VDc wall wart hooked up in reverse polarity to the pin and GND ***after it was programmed and LOCKED of course***

There are lots of good articles to read, try to google "embedded design security".

One last thing, how much $$ do you want to spend on your design or product?
IF there is no limit, then use a secure microcontroller. I believe that you get what you pay for. Some Maxim/Dallas products are just too secure for the average hacker, and would deter most people from cloning your device once they find out what the cost in reverse engineering a secure microcontroller. After all, you could just pay someone to write the code from scratch rather than pay to a reverse engineering company to read the locked device.

The determined hacker will always get it, no matter what. Whether or not you code worth the cost, is up to the designer. Making the reverse engineering process difficult can slow down or even force the hacker to give up.

Good Luck

 

[M!k]

interesting service:
**broken link removed**

 

[ericmar]

What is the device? 16F????

From what I have read, there is no protection in the way you write the software. If someone is doing a straight 100% copy of you code, nothing is going to help you with that. There are lots of tricks to be used to slow down or prevent disassembly, but then again the determined hacker will always win.

As for the hardware side, make sure the lock bits are programmed (this is obvious).

When you design the circuit there are some tricks to slow the hacker down:

You can file off any chip markings.
You can also change standard pinout on the board.
3 or 4 layer board with important tracks in the middle layers.

I once burned an unused pin so that reprogramming or entering programming mode was impossible. The device still worked reliably, and may still work to this day as far as I know.
Others will tell you not to do this, but if you have no choice, then take your chances and try to burn the pin without destroying any other internal components on the micro. I used a 12VDc wall wart hooked up in reverse polarity to the pin and GND ***after it was programmed and LOCKED of course***

There are lots of good articles to read, try to google "embedded design security".

One last thing, how much $$ do you want to spend on your design or product?
IF there is no limit, then use a secure microcontroller. I believe that you get what you pay for. Some Maxim/Dallas products are just too secure for the average hacker, and would deter most people from cloning your device once they find out what the cost in reverse engineering a secure microcontroller. After all, you could just pay someone to write the code from scratch rather than pay to a reverse engineering company to read the locked device.

The determined hacker will always get it, no matter what. Whether or not you code worth the cost, is up to the designer. Making the reverse engineering process difficult can slow down or even force the hacker to give up.

Good Luck

Hi,
Thanks for your reply. I am using the PIC18F. I did take a look on the Dallas/Maxim 1-wire secure authentication products but no sure if it is going to be great help.

Added after 1 minutes:

interesting service:
**broken link removed**

Recovery for educational purpose!? ROFL.
I think as long someone pay them money, they will help to extract the codes no matter how.

 

[ctownsend]

interesting service:
**broken link removed**
Recovery for educational purpose!? ROFL.
I think as long someone pay them money, they will help to extract the codes no matter how.

You have to pay them in advance. So how do you know they won't rip you off?
How do you know they won't give the software to others?

ANSWER:
You don't know. You have to take your chances. The best way would be to learn to write your own code, OR pay someone to write the program for you. It would be far less expensive than code extraction for "educational purposes", then you have your own source code that can be upgraded at any time.

Good Luck

 

[vsmGuy]

Secure is a very relative term...

How much do you value your IP ?

I it's in order of thousands, then yes, the PICs you buy off retail are secure.

If it's worth Millions, .. I don't think so.