Searching \ for 'PIC Code Protection Security' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: techref.massmind.org/techref/microchip/devices.htm?key=pic
Search entire site for: 'PIC Code Protection Security'.

Truncated match.
PICList Thread
'PIC Code Protection Security'
1997\01\09@150607 by Kelly Marquardt

flavicon
face
Hi,

I'm new to this list (and female for whoever was keeping track :)).  I've used
the 16C57 on a previous project and I'm looking into using the 17C44 on a new
project.

I'm concerned about the security of the PIC's code protection feature.  From
what I understand, after the code protect fuse is blown, a scrambled version
of the code can still be read from the part.  The scramble is an exclusive-nor
of the most and least significant bytes of the opcode (16 bit program words).

The question is, just how much information would this give to an adversary
who wanted to reverse engineer the algorithm that was implemented by the code?
Clearly it would be a difficult problem.  I more or less believe that it is
difficult enough to provide for adequate security, but its difficult to
quantify this in any meaningful way.

Has anyone else struggled with this?  Any thoughts?  I'm trying to get a
response from Microchip, but wondered if this group had any ideas for me.

Thanks,

Kelly Marquardt

1997\01\09@155507 by Brian Boles

flavicon
face
    Kelly, I can comment on this, but given your sc.comm.mot.com return
    address; I probably shouldn't.......

    Suffice to say that each scrambled output has 1 of nearly 256 valid
    sources and that there is no interrelation between various words to
    exploit.  Depends a lot on your data structures.

    Rgds, Brian.                                     spam_OUTbbolesTakeThisOuTspammicrochip.com


______________________________ Reply Separator _________________________________
Subject: PIC Code Protection Security
Author:  Kelly Marquardt <.....kellymKILLspamspam@spam@SC.COMM.MOT.COM> at Internet_Exchange
Date:    1/9/97 2:04 PM


Hi,

I'm new to this list (and female for whoever was keeping track :)).  I've used
the 16C57 on a previous project and I'm looking into using the 17C44 on a new
project.

I'm concerned about the security of the PIC's code protection feature.  From
what I understand, after the code protect fuse is blown, a scrambled version of
the code can still be read from the part.  The scramble is an exclusive-nor of
the most and least significant bytes of the opcode (16 bit program words).

The question is, just how much information would this give to an adversary
who wanted to reverse engineer the algorithm that was implemented by the code?
Clearly it would be a difficult problem.  I more or less believe that it is
difficult enough to provide for adequate security, but its difficult to
quantify this in any meaningful way.

Has anyone else struggled with this?  Any thoughts?  I'm trying to get a
response from Microchip, but wondered if this group had any ideas for me.

Thanks,

Kelly Marquardt

1997\01\09@233325 by tjaart

flavicon
face
Kelly Marquardt wrote:
{Quote hidden}

The first thing to do is to fill the unused memory with code snippets
from
old projects, or random junk. This way, your code cannot be discovered
by XORing with retlw 255.

--
Friendly Regards

Tjaart van der Walt
______________________________________________________________
|  Another sun-deprived R&D Engineer slaving away in a dungeon |
|WASP International GSM vehicle tracking and datacomm solutions|
|+27-(0)11-622-8686 |  http://wasp.co.za   | tjaartspamKILLspamwasp.co.za |
|______________________________________________________________|

1997\01\09@234842 by Jim Robertson

flavicon
face
At 12:51 AM 1/10/97 +0200, you wrote:
>Kelly Marquardt wrote:
>>
>> Hi,
>>
>> I'm new to this list (and female for whoever was keeping track :)).
I've used
>> the 16C57 on a previous project and I'm looking into using the 17C44 on
a new
>> project.
>>
>> I'm concerned about the security of the PIC's code protection feature.
From
>> what I understand, after the code protect fuse is blown, a scrambled
version
>> of the code can still be read from the part.  The scramble is an
exclusive-nor
>> of the most and least significant bytes of the opcode (16 bit program
words).
>>
>> The question is, just how much information would this give to an adversary
>> who wanted to reverse engineer the algorithm that was implemented by the
code?
{Quote hidden}

And keep in mind the locations from 0 to 3Fh inclusive are not secure as
they can be determined via "incremental programming."

If you are really concerned about code security, use a 16Cxx"A" part or
("A-type" 16c63/66/67, 16C72/76/770, any 16Cxxx part) and not a 16C57.

Jim

--------------------------------------------------------
Jim Robertson
NEWFOUND ELECTRONICS
Email: .....newfoundKILLspamspam.....ne.com.au
http://www.labyrinth.net.au/~newfound

PHOENIX Shareware Picstart 16B upgrade coming.
For more details, send email to EraseMEnewfoundspam_OUTspamTakeThisOuTne.com.au with
"subscribe phoenix mail list" in the BODY of the message.
--------------------------------------------------------

More... (looser matching)
- Last day of these posts
- In 1997 , 1998 only
- Today
- New search...