Searching \ for '[OT] Unlocking protected microcontrollers' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: techref.massmind.org/techref/index.htm?key=unlocking+protected
Search entire site for: 'Unlocking protected microcontrollers'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Unlocking protected microcontrollers'
2011\06\27@183813 by V G

picon face
I didn't really look into this before, but it seems interesting:

http://hackaday.com/2011/06/27/bunnies-archives-unlocking-protected-microcontrollers

2011\06\27@191858 by Bob Blick

face
flavicon
face
On Mon, 27 Jun 2011 18:37 -0400, "V G" wrote:
> I didn't really look into this before, but it seems interesting:

Dangerous work. One could say that code protection only keeps honest
people honest.

In my opinion this is a more useful application of acid:

http://www.sparkfun.com/news/364

Bob

-- http://www.fastmail.fm - Accessible with your email software
                         or over the web

2011\06\27@192205 by V G

picon face
On Mon, Jun 27, 2011 at 7:18 PM, Bob Blick <spam_OUTbobblickTakeThisOuTspamftml.net> wrote:

> On Mon, 27 Jun 2011 18:37 -0400, "V G" wrote:
> > I didn't really look into this before, but it seems interesting:
>
> Dangerous work. One could say that code protection only keeps honest
> people honest.
>

What do you mean

2011\06\27@193123 by Jerry James

picon face
On Mon, Jun 27, 2011 at 4:21 PM, V G <.....x.solarwind.xKILLspamspam@spam@gmail.com> wrote:

> On Mon, Jun 27, 2011 at 7:18 PM, Bob Blick <bobblickspamKILLspamftml.net> wrote:
>
> > On Mon, 27 Jun 2011 18:37 -0400, "V G" wrote:
> > > I didn't really look into this before, but it seems interesting:
> >
> > Dangerous work. One could say that code protection only keeps honest
> > people honest.
> >
>
> What do you mean?
>

I'm not speaking for Bob, but I believe their are few legal reasons to
extract code from an MCU, aside from academic interest. :

2011\06\27@193252 by Chris McSweeny

picon face
On Tue, Jun 28, 2011 at 12:21 AM, V G <.....x.solarwind.xKILLspamspam.....gmail.com> wrote:
> On Mon, Jun 27, 2011 at 7:18 PM, Bob Blick <EraseMEbobblickspam_OUTspamTakeThisOuTftml.net> wrote:
>
>> On Mon, 27 Jun 2011 18:37 -0400, "V G" wrote:
>> > I didn't really look into this before, but it seems interesting:
>>
>> Dangerous work. One could say that code protection only keeps honest
>> people honest.
>>
>
> What do you mean?

I presume his point is that you can't hide your code from the
unscrupulous (and that only the unscrupulous would resort to such
activities).

The thing is, this is only new in so far as the details are now out on
the net for any punter to try (if they have the facilities to
decapsulate the chip). I'm sure this sort of thing has been going on
in the commercial world (where it's worth them bothering) for ages.
The trick then is setting up the separate teams to analyse the
existing code and write a complete spec, and to rewrite the code to
the spec, thus circumventing any copyright issues.

Chri

2011\06\27@194843 by Bob Blick

face
flavicon
face
On Mon, 27 Jun 2011 16:31 -0700, "Jerry James" wrote:

> I'm not speaking for Bob, but I believe their are few legal reasons to
> extract code from an MCU, aside from academic interest. :)

The one that springs to mind is the scenario where you think someone has
copied your code and you need to extract theirs to find out if it is
identical.

Code protecting microcontrollers, even if not 100% secure, is effective
on a non-technical basis. You are showing due diligence by "protecting
your intellectual property".

It doesn't need to be perfect, just like software copy protection
methods are not perfect yet still continue to be used. Thankfully
microcontroller protection doesn't have the side-effects to the user
that software copy protection often has.

Bob

-- http://www.fastmail.fm - Choose from over 50 domains or use your own

2011\06\27@202544 by Adam Field

flavicon
face
On Mon, Jun 27, 2011 at 6:37 PM, V G <x.solarwind.xspamspam_OUTgmail.com> wrote:
> I didn't really look into this before, but it seems interesting:
>
> hackaday.com/2011/06/27/bunnies-archives-unlocking-protected-microcontrollers/
> --

Also, look around this blog:

http://www.flylogic.net/blog/?p=148

The above is a Parallax Propeller mcu

2011\06\28@105302 by Herbert Graf

picon face
On Mon, 2011-06-27 at 16:18 -0700, Bob Blick wrote:
> On Mon, 27 Jun 2011 18:37 -0400, "V G" wrote:
> > I didn't really look into this before, but it seems interesting:
>
> Dangerous work. One could say that code protection only keeps honest
> people honest.

I like that this sort of stuff is done.

Trying to break protections I believe actually serves the public
interest. We often blindly trust that whatever protection there is
actually works. When someone figures out a way to circumvent the
protection I can actually make an informed decision as to how secure the
protection is.

Consider a case where code protection is important: If one chip's
protection can be broken by a glitchy reset, while anothers can only be
broken by removing the top with acid and shining a UV light in sideways,
guess which chip I'm likely to choose?

I find this is also true with these massively publicized breaches of
companies like Sony. Until now big companies have only had to SAY they
protect their info, there was no third party confirmation that the
protections were worth anything.

Now companies are SLOWLY starting to realize that if they don't properly
secure their systems, they will be breached, and will suffer the
consequences. I like that.

Sony stored millions of user passwords in plain text. No-one knew that
until they were breached. That little tidbit of insanity has permanently
made my choice with regards to Sony products.

Just my 2 cents.

TTYL

2011\06\28@120722 by Michael Watterson

face picon face
On 28/06/2011 15:53, Herbert Graf wrote:
> Sony stored millions of user passwords in plain text. No-one knew that
> until they were breached. That little tidbit of insanity has permanently
> made my choice with regards to Sony products.
The Sony CD Audio installation of Root Kits didn't help their image either. Another reason why my always turning of autorun on anything was not paranoid after all.

Or the fact with a Mini-Disc the ONLY to read your OWN copyright live recording was to use Analogue Playback. You could WRITE to it digitally.

I remember there was a chip that even had a metal gauze above part or all of chip and a guy managed to still probe it and recover encryption key. Physical access and all security bets are off.

Beware Geeks bearing Gifts too!

http://www.theregister.co.uk/2011/06/27/mission_impossible_mouse_attack/

This is NOT using USB storage. The "doctored" mouse uses USB HID profile. So the driver on Linux, OS X, Windows will accept keypresses, not just conventional mouse movement.

You don't need to be administrator, or use sudo  to run a console window, ftp the disk to a remote server etc  ... for example.

2011\06\28@122102 by RussellMc

face picon face
NBNBNB
This post contains various hints at arcane actions. For reasons which
will be obvious these are obfuscated severely. PLEASE DO NOT discuss
these onlist. email me offlist if you wish - but I will not be handing
out any related ideas.

> > Dangerous work. One could say that code protection only keeps honest
> > people honest.

I used to tell people something along those lines.
It seems to have largely have dropped out of my auto-repeat vocab in
recent years.
I hate passwords, encryption and security systems that people and
systems insist I have.
I'm very happy to be offered a range of tools and given the options of
what to use.

I had to de-de-verify myself with Visa from mid China after my wife
and my dual carded single channelled VISA account asked her for a
V.W.V. code, which she obligingly supplied, thereby unknowingly
trashing mine. I understand why VWV is there, but so far it has caused
me a number of problems and it's not obvious that it has probably done
me any good. (ie I don't know what the black hats have been doing
unsuccessfully, but it seems likely that they would still not have
succeeded without VWV on my account.

I've had security compromised twice that I'm aware of. And N times
that I'm unaware of. ( 0 <= N < K.  K unknown)( :-) )
Once I probably had a GMail password sniffed when used on Hong Kong
airport's free WiFi. Somebody or something changed the password
between HK and wherever I was going next. If it was a person they were
not astute and/or fast enough to also reset the password restore
feature - or less fast than I. Stupid of them.
Next trip I installed Comodo's secure WiFi pipe product. Not free.
Comodo's bread and butter includes selling SSL certificates - they
should [tm] know what they are doing.

Other breach was via an internet purchase of an MP3 from a UK site for
a funeral. My card details were subsequently used illicitly in Europe.
The bank did far more damage than the thief by closing that account,
immediately wiping all online records and offering no redress. If you
want sensible risk management you may wish to avoid BNZ VISA.

I am confident that I would have a very good chance of stopping a
standard passenger inter or intra continental aerial  transport system
at any spot of my choice with me on board, including within the land
of the free, after having been checked over thoroughly by the friendly
people whose job it is to stop people doing this. Please do NOT
clarify that statement on list OR speculate on methods. Needless to
say I have absolutely no intention or desire to do this, just note
that it seems "not too hard". And no - absolutely no clues from me re
how, on list or off. The main point is, that if I THINK I could
probably achieve this there should be any number of professionals who
surely could. The great question is Fermi's paradox viz "Where are
they?"I guess the existing security weeds out the low level wannabees,
but it's hard to believe that it can stop a concerted assualt by
dedicated professionals. Or Engineers :-). [[Bonus - I reckon I could
drop GGB into SFB for 'not much'. What ARE the baddies thinking of
these days.]][[NO. No clues. But if you think you can do it I
understand that the FBI are interested in your ideas to help improve
their responsiveness. Really.]]

{Quote hidden}

Long ago Apple [tm] sponsored a university to study whether it was
possible to create an unbreakable software security system. (aka
rights management). Thy concluded that it was impossible.

To that add the proviso "... using software alone".
Long ago I considered that I had arrived at a (obvious enough)
program securing method, which used a combination of mechanical and
cryptographic means, which could virtually guarantee the security of a
programmed device from "hacking" using any reasonably conceivable
means of attack. I shared the method on an informal  NDA basis with a
few friends. One subsequently proposed that we co write a paper on it
for presentation at an overseas conference (twas only Oz :-) ). He as
lead author and me as co author. My contribution was the original
idea, the basic proof of concept descriptions etc and the name  =
Ninox. After "Ninox Novaseelandii" (Gargoyle knows)  - it sees in the
dark :-). I think he may have received funding to attend the
conference to present the paper. He subsequently told me that for
whatever reason he had decided to leave my name off the paper.  He
did.
Conclusion: Security systems need to protect you from attack from the
darndest* places.  We're still friends :-).
I think that a number of people have implemented similar schemes since
- probably wholly independently.

* Just noted that darndest and damdest look the same in this font.
ie d a r n d e s t  &  d a m d e s t
Now damdest is not a word AFAIK (ie <> damndest), but interesting


Gargoyles. Well, fancy that.
I actually get mention as "an associate" here :-)

              http://search.informit.com.au/documentSummary;dn=409980673807340;res=IELENG

1987! Wow.
Source: In: Conference on Computing Systems and Information Technology
(1987 : Brisbane, Qld.). Conference on Computing Systems and
Information Technology 1987: Preprints of Papers. Barton, ACT:
Institution of Engineers, Australia, 1987: 151-155.
Document Type: Conference Paper
ISBN: 0858253488

Abstract: This paper describes a software protection system which will
probably become widely used over the next few years in an effort to
control the software piracy problems experienced by the developers of
microcomputer software. The system described was developed by the
author and an associate. A number of other researchers have
independently come up with similar techniques, but we believe that the
work described in this paper includes some useful new developments. We
have called the system Ninox.

The system uses a serialized device in each computer system and
provides facilities so that software supplied to the user will be able
to execute only on the user's machine and it is effectively impossible
for the software to be modified to execute on another machine. Public
key cryptography is used to encrypt programs and a method of program
distribution is described. The paper also examines some of the
difficulties with the system and suggests some of the methods by which
the system might be attacked and how it stands up to these attacks.

Whatever.

> I find this is also true with these massively publicized breaches of
> companies like Sony. Until now big companies have only had to SAY they
> protect their info, there was no third party confirmation that the
> protections were worth anything.

"Pretty good" security can be implemented in such systems with very
little cost at all. Any realistic system may not withstand brute force
attack available to people with very significant multi processor
resources, such as eg any suitably competent hacker with an internet
to hand, but would greatly slow down Joe hacker in the street.

> Now companies are SLOWLY starting to realize that if they don't properly
> secure their systems, they will be breached, and will suffer the
> consequences. I like that.

All systems break. Time is the only variable.

> Sony stored millions of user passwords in plain text. No-one knew that
> until they were breached. That little tidbit of insanity has permanently
> made my choice with regards to Sony products.

It doesn't matter which way you arrive at the decision, its ending up
making the right choice that matters. (I use a Sony DSLR :-) ).



   Russel

2011\06\28@123845 by Herbert Graf

picon face
On Wed, 2011-06-29 at 04:20 +1200, RussellMc wrote:
> > Sony stored millions of user passwords in plain text. No-one knew that
> > until they were breached. That little tidbit of insanity has permanently
> > made my choice with regards to Sony products.
>
> It doesn't matter which way you arrive at the decision, its ending up
> making the right choice that matters. (I use a Sony DSLR :-) ).

Completely unrelated: back when I was considering getting a DSLR my Sony
options were the A220 and A330 (I might have the model numbers wrong).

Both had the REALLY annoying issue of me not being ale to see the whole
frame in the viewfinder with my glasses on.

I don't know if "better" Sony DSLRs had the same problem, I was only
looking at entry level.

FWIW Sony wasn't the only one with this issue.

I ended up with a Canon.

TTYL

2011\06\28@124125 by Michael Watterson

face picon face
On 28/06/2011 17:20, RussellMc wrote:
> Once I probably had a GMail password sniffed when used on Hong Kong
> airport's free WiFi.

I use vpn to my home router and then my regular home email ISP SMTP. I set up my home email server to read the pop3 of ALL mail inc Google and send it to a Pop3 account on my own hosting (then I can reset password anytime via home network via vpn).

Access the single public "Pop3" account on my own domain via vpn to home router, use Gateway on Remote Server setting, so all unencrypted traffic is between home and internet, never at the public wifi point. I have 1Mbps upload at home so the speed penalty isn't a big issue.

My home connection to my ISP is in theory sniff-able, but not so easy as DSL (open roadside cabinet to sniff that.). It's 10.5GHz wireless link, LOS, About 3 degree beam on uplink and 60 degree beam on Downlink (standard kit for up to 10km is 10 degree beam patch antenna, I'm at 14km and I replaced the patch antennas with H & V feeds from waveguide on a 44cm cassegrain dish.. Interface is DOCSIS 2.0, though the only actual coax is between the regular indoor cable modem and outdoor 10.5GHz "radio" set.

2011\06\28@133351 by Herbert Graf

picon face
On Tue, 2011-06-28 at 17:41 +0100, Michael Watterson wrote:
> On 28/06/2011 17:20, RussellMc wrote:
> > Once I probably had a GMail password sniffed when used on Hong Kong
> > airport's free WiFi.

Always access "major" sites over https. I have a plugin for firefox that
automatically selects the https version of a website when available
(even google searches are over https for me).

> I use vpn to my home router and then my regular home email ISP SMTP. I
> set up my home email server to read the pop3 of ALL mail inc Google and
> send it to a Pop3 account on my own hosting (then I can reset password
> anytime via home network via vpn).

I do something very similar. I have a vpn server for cases where I need
to access the home network.

For everything else (mounts, mail, vnc) I use ssh tunnels.

My server at home runs an IMAP email server with a script that goes to
all my POP3 accounts and downloads mail. That way everything is on my
home server, and since I run IMAP every client accessing it is
synchronized (no deleted email on one client showing up as unread on
another).

TTYL

More... (looser matching)
- Last day of these posts
- In 2011 , 2012 only
- Today
- New search...