There was a web page I read several years ago which went through several
layers of breaking harder and harder types of code protection.  I'm
sorry to not have it on hand now...

The bottom line was that nothing is impossible.  The better the
protection, the more someone has to pay money, time, or study into
breaking it.

You need to take a look at the cost of securing your device, the cost of
having someone else pirate it, and the cost of legal action if/when you
discover the piracy.

If those things add up to a lot of money, then you'd be wise to make
certian your chips couldn't be broken.  I suspect that perhaps $5000,
several protected chips, and a good knowledge of the code protection
mechanism would be enough to get at the code, plus some free time with a
scanning electron microscope and knowledge of semiconductor dies.

I doubt you could find a chip currently at the same price os the PIC
with as good a protection as it has.

But let's say for the sake of discussion that your nemesis has the
aformentioned resources and a desire to duplicate your code.

At this point you want to make the litigation as easy as possible, so
you hide some interesting, non-obvious easter eggs in your code -
ideally ones which, if removed or changed significantly, will affect the
rest of the device.  When their product goes to market, you simply
inspect the operation of the device.  If it exhibits your odd behavior,
then it'll be relatively easy to cause them to cease and desist and
return to you monetary damages.

But the only thing really worth protecting are universal (or global)
non-expiring (or infrequently expiring) cryptographic keys.  Ideally
cryptography, when implemented in any form, is reasonably secured and
keys change as frequently as the physical security permits and calls for.

This is because if someone wants to duplicate your device, they can
spend $5000 on many contractors on this list to duplicate the
functionality (and add some) without even reverse engineering your
device.  They don't have to have any of the special equipment, just
mpasm and a programmer.  The only real reason to get the actual code
from a chip is to obtain keys within it.

As to whether it's good enough for you application - well, that depends
on the factors above.  Judge for yourself.

-Adam

Werner Soekoe wrote:

>Hi
>
>I remember a couple of years back, there was a lot of stories/methods/speculation about Microchip PICs' code protection being crackable, and one I remember is applying a certain voltage to the program pin on one of the MCU's made the code readable.
>
>Is this still the case, or has these issues been fixed? The reason why I'm asking is to be sure code protection will actually protect the code. I've seen circuits where the manufacturers rubbed the model and other details off the surface of the chips, possibly to make it unidentifyable. The prefered method would however be onchip code protection.
>
>I would hate to market a products that could be read and copied.
>
>Cheers
>Werner
>
>
>--
>http://www.piclist.com hint: PICList Posts must start with ONE topic:
>[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads
>
>
>
>
>

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.