Can I secure my code from being copied on arduino boards?

Am brand new to arduino boards, just want to see if it will ba applicable for me to use them.

I want to know if the code that is uploaded to the board can be secured from copying. Perhaps locked to the particular board that it is installed on.

My ideal scenario is that I get some sort of unique board number from the board, then insert that serial number into the code somewhere, and the code checks the board’s unique id on boot, if the board does not match then it does not run. This is of course dependant on whether the code within the board can also be protected from view.

thanks

  1. See section 28 of the datasheet for a discussion of the Lock Bits that are provided. You can make it difficult to copy the flash memory.
  2. I imagine you will need some sort of external PROM to hold the unique number to be checked. I would think that faking the input to provide that wouldn't be all that difficult. Or even just pulliing the part off and reading all the memory locations out the same way the arduino does.

This is of course dependant on whether the code within the board can also be protected from view.

Your code is compiler and linked, and the hex file that the linker produces is uploaded to the board. That binary file can not be converted back into C++ code.

What is your real fear?

The arduino board is open source. Your project is not unless you make it so. As long as you don't share your files with anyone no one can see your code. And if someone really really wanted to go to some trouble they could maybe duplicate your chip. If that is a concern then CrossRoads' suggestion of Lock Bits would be of use to you.

You can protect yourself from "kid sister" type attacks. But, if you need military-grade protection, forget it. Also, keep in mind that just about any protection scheme can be broken with enough time and computer power.

I design military and hipaa-level security systems with the full knowledge that all can be hacked. The goal being, that while it can be hacked, it would take as long as the universe is old to it. We consider this length of time "infinite". Basically, while possible, it's not really possible within the age of the universe (since the big bang).

Basically, if you need "kid sister" protection, you can do it. But, if you need military-level protection, I think you need to look elsewhere.

Tim

thanks all,

I did not know if anyone could just plugin and copy the code.

My application is not complicated, but the industry is competitive, I just want basic protection from someone casually copying my solution. If someone wants to copy my solution, then I want them to at least do their own coding.

thanks again. Looks like Arduino is a good choice for me.

thanks to PaulS

the info about compiler and code being linked is key for me, and I hope I understand that correctly.... it means that only the same compiler install can open the code on the chip correct?

No. If the flash contents can be read then they can be copied to another chip or disassembled.

But what I read about lock bits says you can keep the flash from being read and that to break the lock bits wipes the flash. Perhaps someone has a way to get the flash out of the chip and read it but I have to wonder at the tools and time that would take and if the effort would be worth the reward as opposed to reverse-engineering or writing a better program or just buying the original.

Atmel AVR231: AES Bootloader Download software

This application note describes how firmware can be updated securely on AVR microcontrollers with bootloader capabilities. The method uses the Advanced Encryption Standard (AES) to encrypt the firmware.

This application note presents techniques that can be used when securing a design from outside access. Although no design can ever be fully secured it can be constructed such that the effort required to break the security is as high as possible. There is a significant difference between an unsecured design that a person with basic engineering skills can duplicate and a design that only few, highly skilled intruders can break. In the unsecured case, the design is easily copied and even reverse engineered, violating the intellectual property of the manufacturer and jeopardizing the market potential for the design. In the secured case, the effort required to break the design is so high that most intruders simply focus on developing their own products.

that most intruders simply focus on developing their own products.

Quicker and easier - unless your idea is so staggeringly brilliant that no-one could copy the outcome.

Duane B

Doesn't using a bootloader keep you from using all the locks?

GoForSmoke: Doesn't using a bootloader keep you from using all the locks?

I was guessing a yes so once you enable the lock bit, you can no longer upload code with bootloader.

GoForSmoke: Doesn't using a bootloader keep you from using all the locks?

Yes, the standard arduino lock bit values of 0x0F (for locked) and 0x3F (for unlocked) used in most standard boards prevents protection of the flash contents by being read via ICSP, serial bootloader, or even a parallel programmer. Not sure it's possible to be able to lock down the flash contents from being read by a programmer and still be able to utilize a serial bootloader.

The locked value of 0x0F just protects the bootloader from being erased when a new upload request from the IDE/AVRDUDE erases the old sketch before writing the new sketch to flash memory.

Lefty

I wonder if it's possible to get into a fully locked AVR. Can the chip be planed down and somehow read with an electron microscope or like or would it be simpler than that?

I think that was done to read the key on an EMV Chip card a few years back.

Duane B

I am with teckel on the time scale argument. Just protect your project so an average person will take a long time to steal it. They copy you, they get the binary. They don't get the source C++ code. You may update the code to stay ahead of copy cats, offer a serial code on each device and request the number when users need tech support, etc. If you have a truly brilliant idea you should prototype with arduino, lawyer up, show it to a major player in the field, and get them to purchase your idea or give you percentage. Don't try to protect it yourself on an arduino platform. You may not be able to afford it (time, money, effort etc.).

liudr: I am with teckel on the time scale argument. Just protect your project so an average person will take a long time to steal it. They copy you, they get the binary. They don't get the source C++ code. You may update the code to stay ahead of copy cats, offer a serial code on each device and request the number when users need tech support, etc. If you have a truly brilliant idea you should prototype with arduino, lawyer up, show it to a major player in the field, and get them to purchase your idea or give you percentage. Don't try to protect it yourself on an arduino platform. You may not be able to afford it (time, money, effort etc.).

A good example of this is ATmega processors used in ESCs (typically the ATmega8). They're almost always locked so you can't access the program (via conventional means) to keep competitors from copying the code and making their own copycat ESC. If you try to download the code, all you get is all zeros (I've tried). You can write over the programming with your own code even though it's locked. But, you can't "easily" get the code.

ESCs are simple devices with simple programming. So, this level of security is probably good enough to make competitors develop their own code rather than spend the time and money trying to crack into the microcontroller. A scope can tell you what the ESC is doing, so it's quite easy to copy the hardware and reverse engineer the software.

I'd consider the level of security in the ATmega (if done correctly) is above "kid sister" level. Not to a 256 bit encryption level, but I'd say plenty good for almost all purposes. For protecting your idea, it's fine. For a military project, not at all.

Lets put it this way. For even a HIPAA security system, I typically use 256 bit SHA-2 including a 320+ bit private key/salt done over 1,000 iterations to prevent rainbow table attacks as well as slowing down brute-force attempts. To date, there have been no known collisions found (even via theoretical attacks) with 256 bit SHA-2. While brute force is still possible, the time required (as in billions of years) makes it unrealistic to attempt. And this is not even to a level of military-level security. What I like to say is that it will be so secure that other means will be used to get what they want. Like, instead of hacking into the system, it would be easier to break into your office and look for passwords that people have written to a Post-It note in their desk. The same goes for an ATmega project. If your idea is really that good, it's probably easier and more rewarding for someone to break into your house and take your computer and get the source code rather than to only get the compiled code off the chip. How secure is your home's WiFi? I'd say something as simple as that is your weakest link, not the ATmega.

Tim

Wait until you see quantum computers :) They perform miracles with code cracking, or physicists say so, just to keep themselves well funded, LOL

liudr: Wait until you see quantum computers :) They perform miracles with code cracking, or physicists say so, just to keep themselves well funded, LOL

Those with pockets deep enough to build a quantum computer will probably have enough funds to break into an ATmega and read the data. Or, kidnap the programmer and hold his family hostage till he coughs up the source code. At a certain level, security doesn't really matter.

Tim

teckel: Or, kidnap the programmer and hold his family hostage till he coughs up the source code. At a certain level, security doesn't really matter.

Well I think that's just about the be-all, end-all sentence for this topic. Good luck :)