Go Down

Topic: Secure/protect stored Arduino sketches/programs. (Read 3169 times) previous topic - next topic


Hello, I am working on a product which is almost complete, only need some minor changes. Anyway, the product is controlled via primarily by an Arduino Fio. This product will become available to the public. I cannot release any information of this product, I was wondering if there was any way to protect the code (not IP protection) from being downloaded? I have read into modifying the fuses which further secures it. What would I need to achieve this on an Arduino Fio?
Which fuse/setting achieves this, what hardware do I need, can I do it directly from the Fio or do I need the standalone chip? etc.

Thanks - Luke


The Fio has the common ATmega328P.


You could disable the SPI with a fuse, but perhaps with High Voltage programming the binary code can still be read.


After programming it you need to set the lock bits, and as I understand this can only be done with avrdude directly. I see lock bits mentioned in boards.txt but not sure how manipulating those would work when used via the Arduino IDE.

avrdude -v -p m328p -c something -P something -U lock:w:0xC0

The "somethings" depend on the device you're programming the chip with.

Default lock bits on a virgin chip are 0xFF and setting a bit to zero turns the lock on (logically backwards). 0xC0 would give you bits of 11000000; sometimes you'll see 0x00 recommended but as far as I'm aware the first two bits are still reserved and probably shouldn't be meddled with; it might spring up and bite you in a newer generation chip? At any rate, the lock bits are documented in the chip datasheet, but using 0xC0 is appropriate for the '328.

To verify if the chip is unreadable by attempting to read the flash:

avrdude -v -p m328p -c something -P something -U flash:r:foo.bin:r

The lock bits can only be unset in tandem with the chip erase command. This also completely fills the chip with 0xFF making it possible to reprogram the chip but impossible to ever read the previous code on it:

avrdude -v -p m328p -c something -P something -e

Go Up