Post by thread:Code is NOT Secure with PIC

Hi to all. In July 1996 when I worked on my project for programming PICs, I discovered something interesting. There is a bug on PIC 16c71 that allows you to read contents from protected programmed PIC !!! This techniqe is destructive, so I have never used it on non windoved PICs (otp). But there is a problem, product on the end is data with 1-bit error (13 bits are ok and only 1 is unknown) so I have 2 codes per 1 instruction. This bit is usually used for high file access (movwf 89h ) so in that case it is easy to determine correct instruction.This technique maybe works on others serial programmed PICs. Is anyone inerested for this (Program can work on AN589) Ciao, Dejan Love takes a lot of time, but who cares ?! Make PICs not war(ez) ! spam_OUTdejanTakeThisOuTnet.yu http://www.net.yu/~dejan Martin R. Green wrote: {Quote hidden}> Yep, that's the one. It really opened my eyes. > > CIAO - Martin. > > On Wed, 17 Dec 1997 03:27:27 -0600, Dave Mullenix > <.....djmullenKILLspam@spam@FACSTAFF.WISC.EDU> wrote: > > >Martin R. Green writes: > > > >> There are some very sophisticated > >techniques that are "very" destructive to the device under attack. I > > >used to have a link to a site that described in detail some of the > >methods these "service" companies use, but I seem to have lost it. > >Maybe someone else out there will know the one I am talking about. > > > >You're probably thinking of: > > > >www.cl.cam.ac.uk/users/rja14/tamper.html > > > >which has an excellent article on hacking microprocessor security. I > just > >tried it and it's still there. They also list this FTP site for a > >postscript file, but I haven't tried it: > > > >ftp.cl.cam.ac.uk/users/rja14/tamper.ps.gz > > > >Dave, N9LTD > > Martin R. Green > elimarKILLspamNOSPAMbigfoot.com > > To reply, remove the NOSPAM from the return address. > Stamp out SPAM everywhere!!!

Hi to all. In July 1996 when I worked on my project for programming PICs, I discovered something interesting. There is a bug on PIC 16c71 that allows you to read contents from protected programmed PIC !!! This techniqe is destructive, so I have never used it on non windoved PICs (otp). But there is a problem, product on the end is data with 1-bit error (13 bits are ok and only 1 is unknown) so I have 2 codes per 1 instruction. This bit is usually used for high file access (movwf 89h ) so in that case it is easy to determine correct instruction.This technique maybe works on others serial programmed PICs. Is anyone inerested for this (Program can work on AN589) Ciao, Dejan Love takes a lot of time, but who cares ?! Make PICs not war(ez) ! .....dejanKILLspam.....net.yu http://www.net.yu/~dejan Martin R. Green wrote: {Quote hidden}> Yep, that's the one. It really opened my eyes. > > CIAO - Martin. > > On Wed, 17 Dec 1997 03:27:27 -0600, Dave Mullenix > <EraseMEdjmullenspam_OUTTakeThisOuTFACSTAFF.WISC.EDU> wrote: > > >Martin R. Green writes: > > > >> There are some very sophisticated > >techniques that are "very" destructive to the device under attack. I > > >used to have a link to a site that described in detail some of the > >methods these "service" companies use, but I seem to have lost it. > >Maybe someone else out there will know the one I am talking about. > > > >You're probably thinking of: > > > >www.cl.cam.ac.uk/users/rja14/tamper.html > > > >which has an excellent article on hacking microprocessor security. I > just > >tried it and it's still there. They also list this FTP site for a > >postscript file, but I haven't tried it: > > > >ftp.cl.cam.ac.uk/users/rja14/tamper.ps.gz > > > >Dave, N9LTD > > Martin R. Green > elimarspam_OUTNOSPAMbigfoot.com > > To reply, remove the NOSPAM from the return address. > Stamp out SPAM everywhere!!!

Hi to all. For all that interested about reading protected programed PIC 16c71 (16c61) on my home page: http://www.net.yu/~dejan http://www.geocities.com/SiliconValley/Horizon/6063/ You can find CrackPic.zip Crack PIC 16c71 is a program that allows reading the contest of a programmed and protected PIC 16c71! It works with a AN589 programmer connected at LPT1, and you must start it under 32-bit DPMI (Under Win95, etc.). You`ll find more info in readme.txt file when you download CrackPic.zip! My program should work with PIC 16c61 as well (I haven`t tried it yet). If you test it on PIC 16c61, or on any other PIC will you please let me know what have you done, so that we can force MICROCHIP to protect its users by REALLY protecting PIC`s!!! You may send your comments at: eMail: @spam@dejanKILLspamnet.yu Dejan

Dejan Kaljevic wrote: > Hi to all. > > For all that interested about reading protected programed PIC 16c71 > (16c61) > on my home page: > > http://www.net.yu/~dejan > http://www.geocities.com/SiliconValley/Horizon/6063/ Please don't use WEB http://www.geocities.com/SiliconValley/Horizon/6063/ Use only: http://www.net.yu/~dejan http://members.tripod.com/~dejank Thanks, Dejan