 |
| 
-------------------------------------------------------------------------------
From : Alex Ershov 2:469/81 Чтв 06 Мар 97 23:36
To : All Суб 08 Мар 97 02:19
Subj : PIC 16C5X Protection
-------------------------------------------------------------------------------
Hello All!
AM>> Возник такой вопpос. Есть защишенный subj, что будет если
AM>> снять защиту - сотpется ли он? 16C84 стиpается о чем честно
AM>> сказано в доке. Пpо этого же звеpя пpо снятие защиты не сказано
AM>> ничего...
Hа суд пpофи выдаю текст найденный на каком-то ftp-шнике...
=== От сюдова ===
The security of the PIC code protection mechanism has been discussed many
times before. It has even been discussed on the Microchip BBS: in Message
61000 of the "Relablty" SIG David Wilkie of Microchip ends one such thread
with the soothing: "I assure you that the code is safe once the protection bit
is activated."
The vulnerability of the 16C84 is of particular concern. The 16C84 is
often used in smart cards issued by the satellite TV industry. These cards are
intended to permit access to encrypted TV channels, and clearly there is a lot
of interest in being able to clone the cards thereby avoiding payment to the
TV providers. This means the protection topic is endlessly discussed in
newsgroups like alt.satellite.tv.europe. Every so often this newsgroup carries
adverts for hardware which is claimed to be capable of reading protected PICs.
I have always been skeptical of these claims. I have changed my mind.
The fact that I provide information on a homebrew 16C84 programmer means
that I often get asked whether I know how to read protected PICs. Recently an
interesting situation arose. I received yet another request for this
information at exactly the same time that someone happened to send me details
of a technique claimed to unprotect PICs. I simply passed these on from one
correspondent to the other. Much to my surprise the requester later wrote back
to say the technique worked (but he destroyed 3 PICs in the attempt). The
originator of the method is happy for the information to be placed in the
public domain although he wants to remain anonymous for some reason. So for
the benefit of PICLIST readers (and I know that includes Microchip employees)
here are his instructions more or less verbatim (although the description is
tied to his programmer the other guy used a variant of mine):
1. I use the PIC16 programmer from Farnell Components (part no.
459-471).
2. The standard programming software supplied is ASLPIC from
Application Solutions Ltd.
3. Install the 16C84 into a turned pin socket with pin 14 (VDD)
cut off. Attach a flying lead to the stub of pin 14 and
connect this to a power supply (0V to +14V) sharing a common
ground with the programmer.
4. Run ASLPIC.
Insert the PIC+socket into the ZIF on the programmer board and switch
VDD to 5V.
From the menu set the CP configuration fuse to OFF.
Now set VDD to VPP-0.5V (approx 13.5 volts).
Program the configuration fuses. (Reply on screen saying
error invalid?? Ignore this error and set VDD back to 5V.)
Switch VDD supply off at the power supply.
Switch off programmer supply.
Wait 10 to 20 secs.
Switch on programmer supply.
Switch the VDD supply to 5V.
Read PIC.
What may be confusing to people is the error message displayed
when programming the configuration fuses, and next not waiting for
the charge on the cells to fall back to 5 volts after setting the
fuses. This is why I say switch off for 10 to 20 secs, but don't
forget to reset the VDD supply to 5 volts first.
I must admit it looks like a surefire way to destroy PICs to me so I
haven't tried it myself even though the originator claims that he has never
fried a 16C84 this way. I realise the fact that I have never tried it myself
means that all this is just hearsay, but although there are some points left
to the imagination, the description is explicit enough to be tested by those
worried by such things.
I have no idea whether the method is related to Bela Gebles
<100324.526@compuserve.com> technique, but if you think this info is worth
GBP1000, then like him, I'll be happy to give you my bank account details :-)
On the other hand if you think it's all hogwash, then I'm sorry to have wasted
your time.
=== До сюдова ===
Здесь был Alex Ershov (AKA E.R.Show)
* Origin: Hе по pту ложка, зато по моpде кpужка. (2:469/81)
| |
| |