Philip Pemberton wrote:

> In message <40FDB20C.3050406@ubasics.com>
>           "M. Adam Davis" <adampic@UBASICS.COM> wrote:
>
>
>>I use a baseline for my protection:  If the product is not worth $5,000
>>to break, then the PIC protrection is good enough.  If it's worth $5,000
>>to someone to get my program then I may want to look at more robust
>>protection methods.  It may cost vastly more for various chips, and it
>>may be trivial for others - it's just a simple rule of thumb I use.
>
> One of the tricks I heard was to blow out the bond wire going to RB6 or RB7.
> You can get the part into program mode, but you can't get any data in or out.
> A -12V pulse (i.e. GND = 12V, RB7 = 0V) should be enough to do that. Play
> with the voltage, play with the polarity, have fun :)
> After spending around an hour trying to get the chip to divulge its program
> with various power glitches, the attacker would be forced to resort to
> removing the IC encapsulation and microprobing the FLASH.


A quick measurement of pin resistance would save you the time of
fumbling around.
Blowing the bond wire on a plastic chip, and not hurting the
device, is not easy.

The bottom line, anything you can think of, the hacker can undo,
sometimes a LOT more readily than you think possible.
e.g. Power glitching DSS access cards to get past 'trap'
instructions.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics