Go Down

Topic: Can I secure my code from being copied on arduino boards? (Read 2708 times) previous topic - next topic

jnui

Am brand new to arduino boards, just want to see if it will ba applicable for me to use them.

I want to know if the code that is uploaded to the board can be secured from copying. Perhaps locked to the particular board that it is installed on.

My ideal scenario is that I get some sort of unique board number from the board, then insert that serial number into the code somewhere, and the code checks the board's unique id on boot, if the board does not match then it does not run. This is of course dependant on whether the code within the board can also be protected from view.

thanks


CrossRoads

1. See section 28 of the datasheet for a discussion of the Lock Bits that are provided.  You can make it difficult to copy the flash memory.
2. I imagine you will need some sort of external PROM to hold the unique number to be checked. I would think that faking the input to provide that wouldn't be all that difficult. Or even just pulliing the part off and reading all the memory locations out the same way the arduino does.
Designing & building electrical circuits for over 25 years.  Screw Shield for Mega/Due/Uno,  Bobuino with ATMega1284P, & other '328P & '1284P creations & offerings at  my website.

PaulS

Quote
This is of course dependant on whether the code within the board can also be protected from view.

Your code is compiler and linked, and the hex file that the linker produces is uploaded to the board. That binary file can not be converted back into C++ code.

What is your real fear?

The arduino board is open source. Your project is not unless you make it so. As long as you don't share your files with anyone no one can see your code. And if someone really really wanted to go to some trouble they could maybe duplicate your chip. If that is a concern then CrossRoads' suggestion of Lock Bits would be of use to you.

You can protect yourself from "kid sister" type attacks.  But, if you need military-grade protection, forget it.  Also, keep in mind that just about any protection scheme can be broken with enough time and computer power.

I design military and hipaa-level security systems with the full knowledge that all *can* be hacked.  The goal being, that while it can be hacked, it would take as long as the universe is old to it.  We consider this length of time "infinite".  Basically, while possible, it's not really possible within the age of the universe (since the big bang).

Basically, if you need "kid sister" protection, you can do it.  But, if you need military-level protection, I think you need to look elsewhere.

Tim
Arduino - Teensy - Raspberry Pi
My libraries: NewPing - LCDBitmap - toneAC - NewTone - TimerFreeTone

jnui

thanks all,

I did not know if anyone could just plugin and copy the code.

My application is not complicated, but the industry is competitive, I just want basic protection from someone casually copying my solution. If someone wants to copy my solution, then I want them to at least do their own coding.

thanks again. Looks like Arduino is a good choice for me.

jnui

thanks to PaulS

the info about compiler and code being linked is key for me, and I hope I understand that correctly.... it means that only the same compiler install can open the code on the chip correct?


GoForSmoke

No. If the flash contents can be read then they can be copied to another chip or disassembled.

But what I read about lock bits says you can keep the flash from being read and that to break the lock bits wipes the flash. Perhaps someone has a way to get the flash out of the chip and read it but I have to wonder at the tools and time that would take and if the effort would be worth the reward as opposed to reverse-engineering or writing a better program or just buying the original.


Nick Gammon on multitasking Arduinos:
1) http://gammon.com.au/blink
2) http://gammon.com.au/serial
3) http://gammon.com.au/interrupts

BillHo

Atmel AVR231: AES Bootloader
Download software
Quote
This application note describes how firmware can be updated securely on AVR
microcontrollers with bootloader capabilities. The method uses the Advanced
Encryption Standard (AES) to encrypt the firmware.

This application note presents techniques that can be used when securing a design
from outside access. Although no design can ever be fully secured it can be
constructed such that the effort required to break the security is as high as possible.
There is a significant difference between an unsecured design that a person with
basic engineering skills can duplicate and a design that only few, highly skilled
intruders can break. In the unsecured case, the design is easily copied and even
reverse engineered, violating the intellectual property of the manufacturer and
jeopardizing the market potential for the design. In the secured case, the effort
required to break the design is so high that most intruders simply focus on developing
their own products.

DuaneB

Quote
that most intruders simply focus on developing their own products.


Quicker and easier - unless your idea is so staggeringly brilliant that no-one could copy the outcome.

Duane B
Read this
http://rcarduino.blogspot.com/2012/04/servo-problems-with-arduino-part-1.html
then watch this
http://rcarduino.blogspot.com/2012/04/servo-problems-part-2-demonstration.html

Rcarduino.blogspot.com

GoForSmoke

Doesn't using a bootloader keep you from using all the locks?
Nick Gammon on multitasking Arduinos:
1) http://gammon.com.au/blink
2) http://gammon.com.au/serial
3) http://gammon.com.au/interrupts

liudr


Doesn't using a bootloader keep you from using all the locks?


I was guessing a yes so once you enable the lock bit, you can no longer upload code with bootloader.

retrolefty


Doesn't using a bootloader keep you from using all the locks?



Yes, the standard arduino lock bit values of 0x0F (for locked) and 0x3F (for unlocked) used in most standard boards prevents protection of the flash contents by being read via ICSP, serial bootloader, or even a parallel programmer. Not sure it's possible to be able to lock down the flash contents from being read by a programmer and still be able to utilize a serial bootloader.

The locked value of 0x0F just protects the bootloader from being erased when a new upload request from the IDE/AVRDUDE erases the old sketch before writing the new sketch to flash memory.

Lefty

GoForSmoke

I wonder if it's possible to get into a fully locked AVR. Can the chip be planed down and somehow read with an electron microscope or like or would it be simpler than that?

Nick Gammon on multitasking Arduinos:
1) http://gammon.com.au/blink
2) http://gammon.com.au/serial
3) http://gammon.com.au/interrupts

DuaneB

I think that was done to read the key on an EMV Chip card a few years back.

Duane B
Read this
http://rcarduino.blogspot.com/2012/04/servo-problems-with-arduino-part-1.html
then watch this
http://rcarduino.blogspot.com/2012/04/servo-problems-part-2-demonstration.html

Rcarduino.blogspot.com

Go Up