Andy Warren wrote: >Dave Mullenix wrote: > >> I assume that anybody who wishes to compromise the security on a PIC >> chip for nefarious purposes already knows how to do it, so no cats >> will be let out of the bag by divulging the general method here. > >I don't follow your logic here, Dave... > >Your purposes are -- presumably -- educational only, but YOUR wish >to know hasn't magically given you the information, right? How do >you figure that it's any different for "nefarious" persons? Since anyones purpose for needing to know how the 16C84 security was cracked seems immediately suspect, lets consider this- A product designer is nearly finished developing a 16C84 project for a major client when it is learned that the code security may be weak. The customer insists on the best security rather than the *await theft and then sue* options. The 16c84 is otherwise the best chip for the application (some more I/O would have made it ideal...) The chip suppliers claim that Microchip verbally assure them that code security has been enhanced in more recent silicon, but can not (will not) supply any documentation to support this. Baffled and not reassured by this response, the query is re-sumitted this time clarifying that the briefest of written reassurances from a chipmaker of such superb repute would be adequate - it was _not_ intended to offend, _not_ expecting the chipmaker to divulge exact changes made to the code protection mechanism. Same vague response. Uh oh, have names been written into a "nefarious" persons list already? The designer turns to the helpful resources of the internet and the piclist in particular. SVR. (Is near-silence worse than being flamed?) The big question seems to be, if you _really_ want to use this chip or any EEPROM uC, do you _really_ have to do your own security code effectiveness tests? That could mean collecting cracking methods, trying them on earlier 16C84s such as those old prototyping chips you've been using for months and if their code protection fails, try the same methods on new chips to see if there is at least some improvement, for starters. If anyone has been down this road and can figure it OK to entrust their discoveries to others, I know a frustrated product designer who would be keen to hear from you please. -Les Les Gruebner - lesgrueb@wave.co.nz -Electronic Remedies, Tauranga, New Zealand