CCS C Software and Maintenance Offers
FAQFAQ   FAQForum Help   FAQOfficial CCS Support   SearchSearch  RegisterRegister 

ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CCS does not monitor this forum on a regular basis.

Please do not post bug reports on this forum. Send them to CCS Technical Support

Looking for a encrypted programmer?

 
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion
View previous topic :: View next topic  
Author Message
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

Looking for a encrypted programmer?
PostPosted: Tue Feb 07, 2012 12:39 pm     Reply with quote

Hi

My customer want to make update to the hardware by them self. But i don't want to give the code to them! Looking for a solution.

I'm looking for a encrypted ISP. I know CCS have one, but I normally use PIC-KIT2 programmer and this is the best tools i have used! I can load the hex file to the unit and then send it to production.
A clever one can read the program out again (ISP), therefore it is not a way for the customer.
I have only the normally pin from the ISP I/F.
On my PIC's ISP, two of the pin is RX/TX.

There must be smart and easy way?
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 12:56 pm     Reply with quote

You could install a bootloader... and the bootloader does decryption.

That's what I've done...

Via serial, USB and Ethernet.

-Ben
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 2:46 pm     Reply with quote

Hi

Yes a bootloader can be the solution, if there is a out of the box solution. Maybe a paid solution will be ok. Do you know any?
The other problem will be the software part, it may load a encrypted hex file, end first in the pic it may decrypt it (in the BL). The encryption is not a problem on the PC but in the pic it can be a problem. Therefore simple stuff will not work. A hash table will be ok! It may then be same in both ends.

Any working solution, any can come up with?
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 4:07 pm     Reply with quote

hmmpic wrote:
Hi

Yes a bootloader can be the solution, if there is a out of the box solution. Maybe a paid solution will be ok. Do you know any?
The other problem will be the software part, it may load a encrypted hex file, end first in the pic it may decrypt it (in the BL). The encryption is not a problem on the PC but in the pic it can be a problem. Therefore simple stuff will not work. A hash table will be ok! It may then be same in both ends.

Any working solution, any can come up with?



It's not a problem. The bootloader decrypting the hex file only slows it down.

Like I said, I've used MCHP's USB and Ethernet Bootloaders and just added encryption to both of them with no problem.

-Ben

p.s. There's no such thing as an "out of box" solution -- you'll 99% chance want to modify SOMETHING to suit your needs.
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
newguy



Joined: 24 Jun 2004
Posts: 1908

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 4:07 pm     Reply with quote

http://www.flexipanel.com/TEAclipper.htm

This can be configured to program once. Claims to be encrypted for security.
asmallri



Joined: 12 Aug 2004
Posts: 1635
Location: Perth, Australia

View user's profile Send private message Send e-mail Visit poster's website

PostPosted: Tue Feb 07, 2012 4:51 pm     Reply with quote

hmmpic wrote:
Hi

Yes a bootloader can be the solution, if there is a out of the box solution. Maybe a paid solution will be ok. Do you know any?
The other problem will be the software part, it may load a encrypted hex file, end first in the pic it may decrypt it (in the BL). The encryption is not a problem on the PC but in the pic it can be a problem. Therefore simple stuff will not work. A hash table will be ok! It may then be same in both ends.

Any working solution, any can come up with?


I sell the source code for a range of encrypted bootloaders that can be used.
_________________
Regards, Andrew

http://www.brushelectronics.com/software
Home of Ethernet, SD card and Encrypted Serial Bootloaders for PICs!!
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 5:08 pm     Reply with quote

newguy wrote:
http://www.flexipanel.com/TEAclipper.htm

This can be configured to program once. Claims to be encrypted for security.


That's weird.

So a user can't disassemble the TEAclipper, but they can build a sniffer for the MCHP programming lines and watch the data go by there -- unencrypted. (as it would seem)

bleah.

Using your own bootloader, the data is decrypted in the PIC... while the bootloader disallows sniffing and using a programmer yields program protection bits blocking read-backs.
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
newguy



Joined: 24 Jun 2004
Posts: 1908

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 5:50 pm     Reply with quote

bkamen wrote:
bleah.


I agree.

However, there's a chance that the first update can be "snuck in"...the customer may just be concerned about the update and extracting the code may be a secondary concern. By the time they get around to trying to extract it, the device has shut itself down and they won't be able to extract anything.

Here's the sneaky bit....rework the code in the program-once device to incorporate an encrypted bootloader. Any further updates can be completely encrypted and very secure - no worries about how to program the devices in situ anymore.
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Tue Feb 07, 2012 6:06 pm     Reply with quote

newguy wrote:
bkamen wrote:
bleah.


I agree.

However, there's a chance that the first update can be "snuck in"...the customer may just be concerned about the update and extracting the code may be a secondary concern. By the time they get around to trying to extract it, the device has shut itself down and they won't be able to extract anything.

Here's the sneaky bit....rework the code in the program-once device to incorporate an encrypted bootloader. Any further updates can be completely encrypted and very secure - no worries about how to program the devices in situ anymore.


True and True.

-Ben
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Wed Feb 08, 2012 9:12 am     Reply with quote

Hi

Thanks all for feedback:-)
Look like bootloader is the only secure solution...

The "TEAclipper" is like Pic-Kit2. OK in production, but not secure in hand of a customer ("hacker", ISP pin can be read out) I miss the max programming cycle on PicKit2 it will be nice to set max program limit to ex 500pcs. in a production line.

:-)
dpechman



Joined: 04 Dec 2007
Posts: 43

View user's profile Send private message Visit poster's website

PostPosted: Sun Feb 12, 2012 5:09 pm     Reply with quote

One solution that I found for a client that ask me the same:

http://www.fabulatech.com/usb-over-network.html

Perhaps create some web interface to interact with the programmer over command line and increase your license counter.

For me, the only negative is that if your client runs some man in the middle the code can be sniffed.

Just an idea
Display posts from previous:   
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group