Can I secure my code from being copied on arduino boards?

No. If the flash contents can be read then they can be copied to another chip or disassembled.

But what I read about lock bits says you can keep the flash from being read and that to break the lock bits wipes the flash. Perhaps someone has a way to get the flash out of the chip and read it but I have to wonder at the tools and time that would take and if the effort would be worth the reward as opposed to reverse-engineering or writing a better program or just buying the original.

Atmel AVR231: AES Bootloader
Download software

This application note describes how firmware can be updated securely on AVR
microcontrollers with bootloader capabilities. The method uses the Advanced
Encryption Standard (AES) to encrypt the firmware.

This application note presents techniques that can be used when securing a design
from outside access. Although no design can ever be fully secured it can be
constructed such that the effort required to break the security is as high as possible.
There is a significant difference between an unsecured design that a person with
basic engineering skills can duplicate and a design that only few, highly skilled
intruders can break. In the unsecured case, the design is easily copied and even
reverse engineered, violating the intellectual property of the manufacturer and
jeopardizing the market potential for the design. In the secured case, the effort
required to break the design is so high that most intruders simply focus on developing
their own products.

that most intruders simply focus on developing their own products.

Quicker and easier - unless your idea is so staggeringly brilliant that no-one could copy the outcome.

Duane B

Doesn't using a bootloader keep you from using all the locks?

GoForSmoke:
Doesn't using a bootloader keep you from using all the locks?

I was guessing a yes so once you enable the lock bit, you can no longer upload code with bootloader.

GoForSmoke:
Doesn't using a bootloader keep you from using all the locks?

Yes, the standard arduino lock bit values of 0x0F (for locked) and 0x3F (for unlocked) used in most standard boards prevents protection of the flash contents by being read via ICSP, serial bootloader, or even a parallel programmer. Not sure it's possible to be able to lock down the flash contents from being read by a programmer and still be able to utilize a serial bootloader.

The locked value of 0x0F just protects the bootloader from being erased when a new upload request from the IDE/AVRDUDE erases the old sketch before writing the new sketch to flash memory.

Lefty

I wonder if it's possible to get into a fully locked AVR. Can the chip be planed down and somehow read with an electron microscope or like or would it be simpler than that?

I think that was done to read the key on an EMV Chip card a few years back.

Duane B

I am with teckel on the time scale argument. Just protect your project so an average person will take a long time to steal it. They copy you, they get the binary. They don't get the source C++ code. You may update the code to stay ahead of copy cats, offer a serial code on each device and request the number when users need tech support, etc. If you have a truly brilliant idea you should prototype with arduino, lawyer up, show it to a major player in the field, and get them to purchase your idea or give you percentage. Don't try to protect it yourself on an arduino platform. You may not be able to afford it (time, money, effort etc.).

liudr:
I am with teckel on the time scale argument. Just protect your project so an average person will take a long time to steal it. They copy you, they get the binary. They don't get the source C++ code. You may update the code to stay ahead of copy cats, offer a serial code on each device and request the number when users need tech support, etc. If you have a truly brilliant idea you should prototype with arduino, lawyer up, show it to a major player in the field, and get them to purchase your idea or give you percentage. Don't try to protect it yourself on an arduino platform. You may not be able to afford it (time, money, effort etc.).

A good example of this is ATmega processors used in ESCs (typically the ATmega8). They're almost always locked so you can't access the program (via conventional means) to keep competitors from copying the code and making their own copycat ESC. If you try to download the code, all you get is all zeros (I've tried). You can write over the programming with your own code even though it's locked. But, you can't "easily" get the code.

ESCs are simple devices with simple programming. So, this level of security is probably good enough to make competitors develop their own code rather than spend the time and money trying to crack into the microcontroller. A scope can tell you what the ESC is doing, so it's quite easy to copy the hardware and reverse engineer the software.

I'd consider the level of security in the ATmega (if done correctly) is above "kid sister" level. Not to a 256 bit encryption level, but I'd say plenty good for almost all purposes. For protecting your idea, it's fine. For a military project, not at all.

Lets put it this way. For even a HIPAA security system, I typically use 256 bit SHA-2 including a 320+ bit private key/salt done over 1,000 iterations to prevent rainbow table attacks as well as slowing down brute-force attempts. To date, there have been no known collisions found (even via theoretical attacks) with 256 bit SHA-2. While brute force is still possible, the time required (as in billions of years) makes it unrealistic to attempt. And this is not even to a level of military-level security. What I like to say is that it will be so secure that other means will be used to get what they want. Like, instead of hacking into the system, it would be easier to break into your office and look for passwords that people have written to a Post-It note in their desk. The same goes for an ATmega project. If your idea is really that good, it's probably easier and more rewarding for someone to break into your house and take your computer and get the source code rather than to only get the compiled code off the chip. How secure is your home's WiFi? I'd say something as simple as that is your weakest link, not the ATmega.

Tim

Wait until you see quantum computers :slight_smile: They perform miracles with code cracking, or physicists say so, just to keep themselves well funded, LOL

liudr:
Wait until you see quantum computers :slight_smile: They perform miracles with code cracking, or physicists say so, just to keep themselves well funded, LOL

Those with pockets deep enough to build a quantum computer will probably have enough funds to break into an ATmega and read the data. Or, kidnap the programmer and hold his family hostage till he coughs up the source code. At a certain level, security doesn't really matter.

Tim

teckel:
Or, kidnap the programmer and hold his family hostage till he coughs up the source code. At a certain level, security doesn't really matter.

Well I think that's just about the be-all, end-all sentence for this topic. Good luck :slight_smile:

Breaking keys isn't the same as copying code. Who can read a locked AVR's flash? Not deduce, Read.

GoForSmoke:
Breaking keys isn't the same as copying code. Who can read a locked AVR's flash? Not deduce, Read.

I'm just giving the example of the level of security to access the data. The ATmega can be plenty secure for most applications. The effort to read a locked ATmega is higher than getting the source code from other means, like over your home WiFi. If someone really wants the code, they will attack the weakest link. Cutting off the top of the chip and reading the flash with an electron microscope is probably more difficult than several other means, which can be used to get the source code and not just the compiled code.

Tim

Isn't the lowest link of security if the need to share object code(according to the arduino license) ?

How can cloning prevented with this limitation ?

Open Source language does not require applications to be Open Source as well.

:roll_eyes:

GoForSmoke:
Open Source language does not require applications to be Open Source as well.

:roll_eyes:

I also think (not a lawyer) that if someone is not opening the source although they are supposed to, the Arduino Team needs to sue them but the Team is busy. :wink:

The below is just about your rights to the software that you write. You can go the GPL route but make sure that you include all the necessary bits. If you want to keep your software closed then take care not to use any GPL libraries or similar parts.

I hope there's enough here and in the linked pages to show that with reasonable care you can write closed code... even if it will make someone, somewhere, enormously sad.

The AVR Lib C license is at the bottom of this page.
http://www.nongnu.org/avr-libc/user-manual/index.html

And here is an explanation of GCC runtime library exceptions, just to be clear:
http://www.gnu.org/licenses/gcc-exception-faq.html

(1st sentence is referring to the 2007 upgrade to GPLv3) The licenses for some libraries that accompany GCC have not been changed yet. These libraries are automatically used by the object code that GCC produces. Because of that, if these libraries were simply distributed only under the terms of the GPL, all the object code that GCC produces would have to be distributed under the same terms. However, the FSF decided long ago to allow developers to use GCC's libraries to compile any program, regardless of its license.

http://arduino.cc/en/Main/FAQ

Physically embedding an Arduino board inside a commercial product does not require you to disclose or open-source any information about its design.
Deriving the design of a commercial product from the Eagle files for an Arduino board requires you to release the modified files under the same Creative Commons Attribution Share-Alike license. You may manufacture and sell the resulting product.
Using the Arduino core and libraries for the firmware of a commercial product does not require you to release the source code for the firmware. The LGPL does, however, require you to make available object files that allow for the relinking of the firmware against updated versions of the Arduino core and libraries. Any modifications to the core and libraries must be released under the LGPL.
The source code for the Arduino environment is covered by the GPL, which requires any modifications to be open-sourced under the same license. It does not prevent the sale of derivative software or its inclusion in commercial products.

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

Below, the words "the program" refers in our case to the Arduino software and GCC on which it is based, NOT YOUR CODE.

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#CanIUseGPLToolsForNF

Can I use GPL-covered editors such as GNU Emacs to develop non-free programs? Can I use GPL-covered tools such as GCC to compile them?
Yes, because the copyright on the editors and tools does not cover the code you write. Using them does not place any restrictions, legally, on the license you use for your code.

Some programs copy parts of themselves into the output for technical reasons—for example, Bison copies a standard parser program into its output file. In such cases, the copied text in the output is covered by the same license that covers it in the source code. Meanwhile, the part of the output which is derived from the program's input inherits the copyright status of the input.

As it happens, Bison can also be used to develop non-free programs. This is because we decided to explicitly permit the use of the Bison standard parser program in Bison output files without restriction. We made the decision because there were other tools comparable to Bison which already permitted use for non-free programs.

In what cases is the output of a GPL program covered by the GPL too?
Only when the program copies part of itself into the output.

If a library is released under the GPL (not the LGPL), does that mean that any program which uses it has to be under the GPL?
Yes, because the program as it is actually run includes the library.

If a programming language interpreter is released under the GPL, does that mean programs written to be interpreted by it must be under GPL-compatible licenses?
When the interpreter just interprets a language, the answer is no. The interpreted program, to the interpreter, is just data; a free software license like the GPL, based on copyright law, cannot limit what data you use the interpreter on. You can run it on any data (interpreted program), any way you like, and there are no requirements about licensing that data to anyone.

However, when the interpreter is extended to provide “bindings” to other facilities (often, but not necessarily, libraries), the interpreted program is effectively linked to the facilities it uses through these bindings. So if these facilities are released under the GPL, the interpreted program that uses them must be released in a GPL-compatible way. The JNI or Java Native Interface is an example of such a binding mechanism; libraries that are accessed in this way are linked dynamically with the Java programs that call them. These libraries are also linked with the interpreter. If the interpreter is linked statically with these libraries, or if it is designed to link dynamically with these specific libraries, then it too needs to be released in a GPL-compatible way.

Another similar and very common case is to provide libraries with the interpreter which are themselves interpreted. For instance, Perl comes with many Perl modules, and a Java implementation comes with many Java classes. These libraries and the programs that call them are always dynamically linked together.

A consequence is that if you choose to use GPL'd Perl modules or Java classes in your program, you must release the program in a GPL-compatible way, regardless of the license used in the Perl or Java interpreter that the combined Perl or Java program will run on.

And for people who think they have rights that force anyone to provide them with GPL software...

I just found out that a company has a copy of a GPL'ed program, and it costs money to get it. Aren't they violating the GPL by not making it available on the Internet?
No. The GPL does not require anyone to use the Internet for distribution. It also does not require anyone in particular to redistribute the program. And (outside of one special case), even if someone does decide to redistribute the program sometimes, the GPL doesn't say he has to distribute a copy to you in particular, or any other person in particular.

What the GPL requires is that he must have the freedom to distribute a copy to you if he wishes to. Once the copyright holder does distribute a copy program to someone, that someone can then redistribute the program to you, or to anyone else, as he sees fit.

1 Like