Go Down

Topic: Security of Arduino Due code (Read 420 times) previous topic - next topic

Cybertonic

Sep 20, 2019, 08:37 pm Last Edit: Sep 21, 2019, 05:14 pm by Cybertonic
I have a quick question, is there any way possible to get and read the Arduino code from an Arduino Due?

If so is there a way to prevent this?

TheMemberFormerlyKnownAsAWOL

It is very easy to read the code off an Arduino.
It is not so easy to reconstitute the original C/C++ from that code.

What is a Duo?

DrAzzy

It is trivial to "xerox" the code on an Arduino onto another board - the bootloader is capable of reading out the contents of the flash (it does this after uploading to make sure the code was uploaded successfully). But that's raw machine code - you can't get back to the C code from that, and doing anything with it other than copying it onto another chip is tedious, time-consuming work for an expert.

Depending on the board (there is no such thing as an Arduino Duo - maybe you meant due) there are various code security facilities available (lockbits on the AVRs, I don't use the SAM boards like the Due/zero so not sure how they do it); depending on the microcontroller that the specific board uses; these generally complicate the process of uploading and reprogramming. It is also not perfect - there are firms that specialize in glitching parts in order to bypass these protections.

That said, we very often get people who clearly have little experience asking this question. I don't mean offence by this, but by the time you are at a level of skill where you could write code that other people would consider worth ripping off, you will have no trouble figuring out how to use the code protection facilities from reading the relevant section of the datasheet.
ATTinyCore for x4/x5/x61/x7/x8/x41/1634/828/x313 megaTinyCore for the megaavr ATtinies - Board Manager:
http://drazzy.com/package_drazzy.com_index.json
ATtiny breakouts, mosfets, awesome prototyping board in my store http://tindie.com/stores/DrAzzy

Cybertonic

sorry about the confusion of the board name, I mistyped and I actually meant the Arduino board Due

westfw

In general, "securing" the program memory of any arduino-class board will involve removing the bootloader and programming the processor with an external programmer instead.   There are "secure bootloaders", but they tend not to be open source, and the bootloaders that arduino does use always permit the program memory to be read (for "verification" purposes after programming, mostly.)


Cybertonic

It is trivial to "xerox" the code on an Arduino onto another board - the bootloader is capable of reading out the contents of the flash (it does this after uploading to make sure the code was uploaded successfully). But that's raw machine code - you can't get back to the C code from that, and doing anything with it other than copying it onto another chip is tedious, time-consuming work for an expert.

Depending on the board (there is no such thing as an Arduino Duo - maybe you meant due) there are various code security facilities available (lockbits on the AVRs, I don't use the SAM boards like the Due/zero so not sure how they do it); depending on the microcontroller that the specific board uses; these generally complicate the process of uploading and reprogramming. It is also not perfect - there are firms that specialize in glitching parts in order to bypass these protections.

That said, we very often get people who clearly have little experience asking this question. I don't mean offence by this, but by the time you are at a level of skill where you could write code that other people would consider worth ripping off, you will have no trouble figuring out how to use the code protection facilities from reading the relevant section of the datasheet.
So my answer to this is simple, I understand where you are coming from, but the project I am working on is an external encryption/decryption system. The purpose of the project is to learn about security, both hardware security, and cybersecurity. So any help in fully securing the code is greatly appreciated.

Cybertonic

In general, "securing" the program memory of any arduino-class board will involve removing the bootloader and programming the processor with an external programmer instead.   There are "secure bootloaders", but they tend not to be open source, and the bootloaders that arduino does use always permit the program memory to be read (for "verification" purposes after programming, mostly.)


how would you run it without a bootloader, and how would I remove the bootloader.

westfw

Quote
how would you run it without a bootloader, and how would I remove the bootloader.
The bootloader isn't needed at all to run sketches, it doesn't provide any "services" other than uploading.
You can use a JTAG (or maybe SWD - they tended to be handled by the same boxes) like an "Atmel ICE", or "Segger J-Link."

ard_newbie

#8
Sep 21, 2019, 07:14 am Last Edit: Sep 21, 2019, 07:39 am by ard_newbie
It is relatvely easy to copy the code in Flash memory (I didn't try myself to copy the code in SRAM if a part of the code runs from SRAM), except when lock bits are set.

However each DUE board (in fact a Sam3x8e chip) has its own unique 128-bit ID. Using this unique ID (or parts of it) inside your code at several check points would make a copy of the machine code useless on another DUE board.


Search in the DUE sub forum for an example code to read the Unique ID.

Cybertonic

so if I understand this right if the boot loader is removed, and I use the unique ID in the code it will be hard to duplicate?

Also, that is great, but, one of my main concerns is if someone is able to get the code from the Arduino and be able to turn it into the original code. How could I prevent this?

BJHenry

How do you propose to remove the bootloader? It is permanently stored in ROM.

Cybertonic

In general, "securing" the program memory of any arduino-class board will involve removing the bootloader and programming the processor with an external programmer instead.   There are "secure bootloaders", but they tend not to be open source, and the bootloaders that arduino does use always permit the program memory to be read (for "verification" purposes after programming, mostly.)


The bootloader isn't needed at all to run sketches, it doesn't provide any "services" other than uploading.
You can use a JTAG (or maybe SWD - they tended to be handled by the same boxes) like an "Atmel ICE", or "Segger J-Link."

I know it is possible, I do not know right now

BJHenry

I know it is possible, I do not know right now
It might be worth you having a look here. It gives a pretty good rundown on the Due bootloader.

Cybertonic

Oh, okay thanks for pointing that out.

ard_newbie

... one of my main concerns is if someone is able to get the code from the Arduino and be able to turn it into the original code. How could I prevent this?
Set lock bits when you upload your code.

Go Up