please learn me how to lock my pic ?

[mf1364]

Hi every body
does any body how can I lock my PIC in this way that programers can't know my PIC ? and it seems burnt . I want my program have the most security . I use PIC16F877 and PICKIT2 as programer and Mikroc as compiler

 

[betwixt]

Security is built in to the IC already. Just enable code protection, it prevents the data being read back to the outside.

It isn't 100% secure, there are methods to bypass the security but they require very specialized equipment and techniques, far beyond what most people and companies have at their disposal.

Brian.

 

[mf1364]

Security is built in to the IC already. Just enable code protection, it prevents the data being read back to the outside.

Brian.

Thx brain, do you mean I enable "code protection" option from Pickit2? I tried it. but that wasn't as secure as i want. as i said : I want programmers can't identify my PIC part number too .
Mahdi.

 

[poorchava]

What do you mean by

wasn't as secure as i want

? How did you check that?

Also, a good idea is to use some sandpaper or similar thing and scrape the markings of the package. It's not like eventual reverse engineers will not discover what the chip is, but it certailny makes things harder for them (i know that from practice as I'm doing some reverse engineering at work). People generally tend to scrape markings off the packages for few reasons:
-to hide manufacturer. Especially if you found a supplier which can deliver particular part at 50% of what competitors pay.
-hide exact model of the chip. Conceal the fact that parts are not up to spec or requirements, good example might be overclocked ADCs in chinese DSOs or using cheaper 85 *C rated parts where 125 *C varieties should be used (ie. automotive electronics)
-make it harder to choose proper debugger/programmer for examining the chip (especially if the chip has unlocked jtag). Also makes it harder to find a datasheet and for example check how to connect one.

Generally design obscurity in consumer electronics is a very wide topic.

 

[betwixt]

Hiding the actual identity of most programmable ICs is difficult, the best you can do is to physically remove all traces of manufacturers markings as poorchava says.

Using code protection will make it extremely difficult to read the program inside the IC so your code is fairly safe but most devices incorporate an electronic ID number which identifies the manufacturer and part number anyway. It is easy to read the ID back and it normally isn't obscured by code protection mechanisms. The ID is used by programming hardware to ensure the correct device has been selected, otherwise the wrong algorithm might be used (Device mismatch). It is also checked prior to erasing the device so that it can be reprogrammed again.

Brian.

 

[mf1364]

What do you mean by ? How did you check that?

Thanks for your great explanation,of curse I use sandpaper and scrape the marketing number. but I want to use the most security in this way that my pic work in my circuit properly and out of my circuit it seems burnt ! like this error when I try read the burnt PIC look at the picture View attachment pickit2.bmpand I know it is possible but i don't know how???

 

[betwixt]

The picture looks like you did not have a PIC connected at all but if you turn the code protection on it will look much the same. Some PICs use a clever system of XORing the top and bottom bytes together when protected so you still see a number when you read it back but it can't be decoded back to the original code, other PICs just look as though they are empty. I think a combination of physical mutilation and enabling code protection should be enough for what you want.

When the code protection bits are on, the only way to turn them off again is to erase the whole PIC, they can't be turned off any other way so your code is quite safe.

Brian.

 

[mf1364]

... they can't be turned off any other way so your code is quite safe.

Brian.

Yah I agree with maybe my code be safe my hardware is not. and I saw PIC on some devices that have this possibility !!!! I mean they can't know by programer and programmer give this error : NO device found but when I return that PIC to it's circuit it works properly!!! so I am not the first one who want to do that

 

[mf1364]

does any body can help me ? I want to access to 100% security with following steps : 1- enable data and eeprom protects 2- cleaning the part number of IC 3 - set a fuse bit or do some thing that programers can't identify my PIC after programing . I achieved 1 and 2 parts but about part 3 I don't have any Idea please help me

 

[betwixt]

The only suggestion I have is to physically remove one of the programming pins. This isn't as silly as it sounds, many PIC devices use the -MCLR pin as the programming voltage input and also as the reset pin. In most cases the reset can be internally generated so it might be possible to snip the pin after programming and use the internal reset instead.

I would add that most PICs and indeed other MCUs have great similarity between members of their families and pin-outs are similar. This makes it difficult to work out exactly what the IC type is without removing it from circuit and plugging it into a programmer unit to electrically read it's ID.

Brian.

 

[mf1364]

Does any body can help me ?

 

[poorchava]

Bottom line: enable all possible code protect you can, apply maximum level of physical obscurity (scrape markings off, remove reset pin, encase whole thing in non-transparent epoxy etc).

If someone has resources (equipment and money) they will read your device anyway.

 

[mf1364]

Bottom line: enable all possible code protect you can, apply maximum level of physical obscurity (scrape markings off, remove reset pin, encase whole thing in non-transparent epoxy etc).
If someone has resources (equipment and money) they will read your device anyway.

Thx for your help, your helps is so appreciated. about removing reset pin I don't agree with you because reset pin should connect to VCC so if I break it how my PIC can work ?!! but about the power of I agree with you . do you think can I ask micro chip company ? from which part can I ask ? what is your idea ?

 

[betwixt]

You can remove the reset pin on most PICs after programming them. It depends on other factors in your circuit but almost all PIC allow you to connect it INSIDE the IC by setting a configuration bit. Normally it's done so the reset pin can be used as a normal input/output pin if needed. You DO need it to program the PIC but using an internal reset means you can remove the pin afterwards.

Brian.