Searching \ for '[PIC] Code protection for 3V operation' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: techref.massmind.org/techref/microchip/devices.htm?key=pic
Search entire site for: 'Code protection for 3V operation'.

Exact match. Not showing close matches.
PICList Thread
'[PIC] Code protection for 3V operation'
2006\12\30@152745 by David

flavicon
face
Many of my applications run solely from 3V supply. Some circuits are
very simple and most of the work has gone into the code development.

I would like to provide a level of protection to each application to at
least prevent someone directly reading the code via ICSP and then
programming their own copy of my unit.

First I was considering placing a code in the serial number part of each
micro controller and have my code read and validate the correct code
before running the application. (Have not tried it yet).

For the 5V supply projects I could easily just set all the code
protection bits and if I needed to reprogram the device I just did a
bulk erase and reprogrammed it.
The problem is that the bulk erase requires 4.5V.

Can I partially protect the code that would prevent all the code being
read but still enable me to reprogram the chip if I needed to.

Thanks in advance.

Regards

David

Oh yeah, happy New Year to you all.

2006\12\30@204043 by Bob Axtell

face picon face
David wrote:
> Many of my applications run solely from 3V supply. Some circuits are
> very simple and most of the work has gone into the code development.
>
> I would like to provide a level of protection to each application to at
> least prevent someone directly reading the code via ICSP and then
> programming their own copy of my unit.
>
> First I was considering placing a code in the serial number part of each
> micro controller and have my code read and validate the correct code
> before running the application. (Have not tried it yet).
>
> For the 5V supply projects I could easily just set all the code
> protection bits and if I needed to reprogram the device I just did a
> bulk erase and reprogrammed it.
> The problem is that the bulk erase requires 4.5V.
>
> Can I partially protect the code that would prevent all the code being
> read but still enable me to reprogram the chip if I needed to.
>
>  
You didn't say which chip.

The answer is to go ahead and install raw firmware (with security bit
set) BEFORE the chip is
installed, NOT via ICSP. Then install new firmware after this through
the serial port, using a
"bootloader" program. You CAN replace most of the internal firmware
WITHOUT allowing
someone to see it  at all, but this is not available on all devices. You
can self-program (erase and
install new firmware) at 3V all day long on some devices, and an
external programmer cannot read
the data at all. No real need for an ICSP connection at all.

To further make things harder for a potential hacker, you can encrypt
the data being loaded from
the bootloader; to do this, you might need to write your own bootloader
rather than use someone's
published design (bootloaders are trivial to write, don't worry).
Usually, this means that the bits are
sent out of order, or a table of values is added to each word, giving
each word 65K chances to be
something else entirely. You can also install new firmware into the
device in a random order, not from
start to end; that makes it inordinately hard to hack when intercepting
the bootloader string.

The scheme of installing a secret code and reading the firmware  to see
if it matches is a good idea,
but you must be very careful to  flash  then verify each word  as the
firmware is changed; sometimes
a word gets corrupted then everything grinds to a halt from which
recovery is not possible.

Having said all this, you must know that Microchip's security scheme is
not foolproof, and there are
people that, for a fee, can extract the firmware. But it is destructive
and usually requires several devices
to be  certain of recovery. In my opinion, unless you are hacking a
military device, it is not worth the
effort, so most designs are quite secure.

--Bob

2006\12\30@224502 by David

flavicon
face
Bob,

Thanks for the info.

The main chips I use are PIC18LF6720, PIC18LF2520 and PIC18LF1320. I do
not have a programmer suitable for programming any of these SMD IC's
before being placed into the target application.

I do have a version of the Hi-Tech C Bootloader that does accept
encrypted files (I encrypt the files with a VB program I wrote and use
my updater software to enable users to update code).
The problem was that if they read the entire chip with the bootloader
then they will get a working copy of the code.
The bootloader resides in memory from 0000 to 02ff and the application
code is offset to 0x300.

I suppose that once the bootloader is installed then I can set the code
protect bits and rely on internal programming via the bootloader to get
the application program on board. I am a little confused regarding which
combination of bits to set in config to do this. Do I enable the Code
Protect BOOT ? If so, will this still allow the bootloader to write to
memory above 0x300 ?

This morning I also added another mechanism (mainly for the PIC18LF1320
that I have not yet managed to get the bootloader to work with).
I simply program the ID locations in Config area and the application
checks that the correct ID code is their or it will not run the application.
What I did was create an Array in code that was used to decode the
8-digit ID entered into the config ID area into a string that
was compared against what represents a valid ID.

The thing I am not sure of though is that if they read the micro via the
ICSP, does MPLAB also read the ID from the config area ?
I see there is a way to prevent writing to this area but cannot see that
you can prevent reading from it.


I am sure when someone really wants to copy the code they will find
means and ways around security measures. My main objective is to make it
a little more difficult than simply reading a chip and writing it to an
imitation of my device or if the effort to use my code on other hardware
is extensive enough then there is not mush more benefit in copying my
code as them rewriting their own code.

Most of my applications are wireless communications devices and it has
taken quite a bit of effort to get reliable over-air communications
running. Some of the applications are not much more than a micro and a
small low powered RF module.

The users generally have very little radio communication experience but
some companies are so interested in their bottom line that they see the
hardware does not appear to be very intricate and can easily copy the
PCB. If they can also simply read my code and program it into copies
then they have no need to purchase my devices. I suppose this is the
type of thing that musicians go through with copying of their IP.

Thanks

Regards

David



Bob Axtell wrote:
{Quote hidden}

2006\12\31@005618 by Bob Axtell

face picon face
David wrote:
> Bob,
>
> Thanks for the info.
>
> The main chips I use are PIC18LF6720, PIC18LF2520 and PIC18LF1320. I do
> not have a programmer suitable for programming any of these SMD IC's
> before being placed into the target application.
>  
Emulation Technology makes these adaptors. You can then buy a standard
DIP programmer
and they can be programmed in their SMD form before being populated.
Cost is about $100
USD.

I am not familiar with those devices, but I believe everything I said  
below will work for these
devices, too.

--Bob
{Quote hidden}

2006\12\31@050555 by Mike Harrison

flavicon
face
On Sat, 30 Dec 2006 22:54:30 -0700, you wrote:

>David wrote:
>> Bob,
>>
>> Thanks for the info.
>>
>> The main chips I use are PIC18LF6720, PIC18LF2520 and PIC18LF1320. I do
>> not have a programmer suitable for programming any of these SMD IC's
>> before being placed into the target application.

Remember that you can program and secure a new chip at 3V, so you could solder the chips then
program in the bootloader on-board. The only thing you can't do is erase the security bit to
reprogram.




2006\12\31@080704 by Gerhard Fiedler

picon face
Mike Harrison wrote:

>>> The main chips I use are PIC18LF6720, PIC18LF2520 and PIC18LF1320. I do
>>> not have a programmer suitable for programming any of these SMD IC's
>>> before being placed into the target application.
>
> Remember that you can program and secure a new chip at 3V, so you could
> solder the chips then program in the bootloader on-board. The only thing
> you can't do is erase the security bit to reprogram.

Maybe this doesn't apply to the OP's circuit, but can't you use 5V
programming in a 3V circuit? Like making the rest of the circuit 5V
tolerant or creating some kind of separation between the micro and the rest
(maybe two solder pads that get closed only after programming). Then supply
the micro with 5V from the programmer.

Gerhard

2006\12\31@082958 by peter green

flavicon
face


{Quote hidden}

or just shove a shotkey diode in the power supply to the pic, that way the programmer can drag it up to 5V without effecting the rest of the power net (just make sure anything hanging off PGC/PGD is 5V tolerant).


2006\12\31@130125 by Harold Hallikainen

face
flavicon
face

{Quote hidden}

Do programmers hold the chip in reset prior to applying the +5V? If so, it
APPEARS that all circuitry going out to the 3V circuitry would be
floating, and not pulled up to 5V when the supply is increased for
programming. I've done the diode trick and put both the PIC Vcc and the 3V
supply on the programming header. The programmer is not connected to the
3V pin, but does drive the PIC Vcc pin. Once the system is programmed, we
put a "programming jumper" between these two pins so the PIC gets the full
3V.

Harold


--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!

2006\12\31@160003 by William Chops Westfield

face picon face

On Dec 31, 2006, at 5:06 AM, Gerhard Fiedler wrote:

> can't you use 5V programming in a 3V circuit? Like making
> the rest of the circuit 5V tolerant or creating some kind
> of separation between the micro and the rest...

Hmm.  Suppose the rest of the circuit is NOT 5V tolerant, but
you DO manage to isolate the PIC power, and the programming
pins are dedicated to the programming function (NOT also
connected to non-5V parts.)  Do any of the other PIC pins
become outputs with 5V present at any time during programming?
(that is, if your circuit is NOT 5V tolerant, how much isolation
do you really need to do?)

BillW

2006\12\31@162251 by peter green

flavicon
face


{Quote hidden}

iirc all the ordinary IO lines are hi-z when in programming mode so nothing special should be needed there.

you may need to watch out with some of the more specialist perhiperals though (for example on a USB pic make sure you connect Vusb to a supply that won't be raised to 5V).


2006\12\31@183711 by David

flavicon
face
Thanks everybody for the feedback.

Most of my projects only have 3V power supply. The idea of using the ICD
to power the 5V seems like a good idea. I suppose I would add a link to
isolate the 5V supply
of the micro from the rest of the circuit and remove this only if I need
to reprogram a protected device.

As long as I can get the bootloader running eventually on all my target
devices I should not even need to reprogram the actual IC at all and
upload all through the bootloader. (I use the B7/B6 pins both for ICSP
and bootloader so they are never connected to any external circuitry).

Thanks again, you guys have helped point me in a direction that should
provide a suitable solution.

Regards

David

peter green wrote:
>  
>> {Original Message removed}

More... (looser matching)
- Last day of these posts
- In 2006 , 2007 only
- Today
- New search...