I wrote: > I'd have to agree with Joe that stealing code is unethical. However, I have > more than once wanted to hack code in a device to fix bugs or otherwise > improve the functionality. Several people have suggested that even > publishing information on how to defeat security fuses is unethical. > I strongly disagree. Byron A Jeff replied: > The problem is that information is like a handgun, in the right hands it can > do some good, in the wrong hands.... Yes. As the Firesign Theatre once said, "..., a force so powerful it can only be used for good or evil." :-) And I don't believe in banning handguns, but that's obviously a very controversial outside the scope of this discussion. I think the analogy I used in an earlier posting regarding use of a copy machine to infringe the copyright of a magazine article or book is closer to the mark, since neither copying PIC code nor magazine articles is likely to cause direct physical harm to anyone. It's well established that the manufacturer of a copy machine isn't responsible for the (ab)uses their customers may make of it. > A safer bet is to do a functional analysis of what the code protected chip > is doing, then write your own code to duplicate that functionality. Then not > only will you have the code, you'll understand how it works too so that you > can add functionality. Among other things, I have modified some of my consumer electronic devices to accept additional IR commands that force the device into a certain state, rather than performing a toggle. For instance, when my computer wants to turn my VCR on, it is useless to send an on/off toggle command if the computer doesn't know the current state. (The VCR used a mask programmed microcontroller from NEC rather than a Microchip PIC, but the principle is obviously the same.) However, I wasn't about to rewrite the whole code for the VCR from scratch, since I don't even know what all of its functions are. For instance, I haven't a clue how to control the tape tension properly. > Or even simpler, ask the author for the code, or an update. I doubt that Sony would have been willing to give me the code, or add the feature for me. But I maintain that my reverse engineering of their code is fully ethical, and to the best of my knowledge legal under current US law. (Although I've heard that there is a provision in a senate bill to change that.) Of course, I'm not building products incorporating their code, or divulging it to a third party. Where do you draw the line, anyhow? Would you claim that people should be prevented from examining the code if it doesn't happen to have the code protection bit set, or if it is in a device that doesn't have a code protect bit? And with regard to reverse engineering, should code in microcontrollers be legally treated any differently from any other kind of black box? Should I be prevented from disassembling my vacuum cleaner and figuring out how it works? If the vacuum cleaner manufacturer put some clever device inside it to prevent me from opening it and looking at the innards, should I really be prohibited from defeating that device, or telling others how to do so? > There's simply too many thieves and unethical people to have information > like that publicly and freely available. Because while it may help you, > some PIC developer out there will get burned, and burned bad by someone who > could care less about ethics. Here I'm going to have to disagree vigorously. Security through obscurity is no security at all. If there are really simple ways to defeat the code security (as is apparently the case with the PIC16C84), it is not in the best interest of product developers to have that information kept secret. The bad guys *will* get it one way or another, but by keeping it relatively secret, the product developers will not be able to make informed decisions about what alternatives they do have regarding protecting their intellectual property. Cheers, Eric