How to protect my program in ATmega328?

Is there a way to protect my arduino program? I want to protect my device to be cloned. I would like to use the bootloader to can I easy upload new program into the chip, but to disable chip reading.

I read that ATmega328 has some kind of lock bits, but it's not so clear to me. I decided to ask here in this forum, because I think here is my chance to find an answer.

Sure, you need to use something like an AVRISP MKii

download AVR from and per page 14 you can set the lock bits.

AVR5.1 looks different, allows the same control.

Might be other ways to get there using the IDE as well.

See section 28. Memory Programming, in the datasheet, to see what the fuses can do.

There's "chip reading"?

How is that done?

You can use avrdude to read the flash back as a file:

avrdude -c usbtiny -p m328p -U flash:r:myfile.hex:i

Then you can disassemble it:

avr-objdump -j .sec1 -d -m avr3 myfile.hex

Just machine code (assembler) of course, but it would get you started on reverse engineering it.

If you set the lock bits appropriately you disable that. Then the only way to change the chip is to erase it first (therefore preventing you from reading the old contents).

Thank you about the information Nick. But my question is how to set the lock bits?

CrossRoads suggest AVRISP MKii, but this is hardware solution.

Is there a way to protect my code when I use only Arduino board and Arduino IDE? Can I set the lock bits from the program that I upload into the processor?

Sorry about the questions - maybe they are stupid, but I really don't have experience with these lock and protect things. Theoretically I know that I have to set the lock bits, but I don't know how to do that.

It would be something like this:

avrdude -c usbtiny -p m328p -U lock:w:0xFC:m

You could do that via the SPI interface using a USBtinyISP or similar programmer.

Be warned that after doing this you can only ever change the chip again by using a high-voltage programmer like the AVR Dragon. So if you don't have one of those to hand you have now made your chip un-programmable. Better do that when you are really confident it is right.

Is there a way to protect my code when I use only Arduino board and Arduino IDE? Can I set the lock bits from the program that I upload into the processor?

No, I don't think the bootloader has that capability.

The USBtinyISP (kit) costs $22 from Adafruit:

This is a kit, you have to assemble it.

The AVR Dragon costs $50.96 from Digi-Key.

Be warned that to use the Dragon you have to do a fair bit of jumpering of pins because it is designed for lots of different processors.

Personally I wouldn't bother. Unless you are doing production runs of lots of processors it is hardly worth the effort. If it is just for you, you need the extra expense and trouble of being able to reprogram with one of these devices.

For your customers, if you have them, they can no longer field-reprogram them, so if you find a bug they would have to be returned to you. And if the processor is soldered onto the board you will have a lot of trouble using the high-voltage programming.

I might be wrong about having to use the Dragon to reprogram it, providing you don't (accidentally) disable the "SPI enable" fuse bits. If those are disabled, then you can't use the USBtinyISP any more.

Not to put too fine a point on it, but someone who can't figure out how to set the fuses themself is probably incapable of writing an application for the ATmega 328 that can't be cloned in about that long.

Make sure the value of the time, energy and materials spent protecting the product is less than the value of lost sales, including lost sales when someone else clones the product from scratch. I had a nasty scare yesterday when I couldn't re-flash a chip through the serial interface that was soldered onto the board. Fortunately, I was just stupid, instead of out of luck to the tune of throwing away an entire board and the labor that went into it. Bad stuff happens -- don't spend money that's going to cause more bad stuff to happen until you really know you're not making matters worse.

I strongly agree with jfhaugh here.

Even commercial products like the Uno not only allow reflashing, they encourage it with headers to make it easier. And now, for the Uno Rev 3, they put in a header so you can reflash the USB driver chip.

There are a lot of talented programmers in the world, simply giving away good, reliable code, including the source.

In fact, for me, "copy protection" is a bit of a red rag. There was a gadget I was thinking of buying a while back (that compressed video clips in hardware) but when I read that you had to enter a digital key because of copy protection, I didn't buy it. After all, the "value" was in the hardware. I don't see the point of protecting the software on the chip.

If you have a brilliant idea that can be put on an Atmega328 or similar chip, then that idea must fit into around 32 Kb of program memory. And if it is so brilliant that it sells thousands of copies, someone will simply duplicate the concept (and possibly improve on the original).

I can see one possible reason for doing this, some sort of encryption "key" device. Then there might be a point to hiding on it the key that the device has stored in it.


Yup. My largest sketch is around 2KLOC and 24KB PROGMEM. I'm going to keep adding code (and functionality) until I've used all 30KB of available PROGMEM, which should be somewhere around 2.5KLOC. For a skilled programmer with nights and weekends to spare, that's a couple of months effort.

Then what?

The developer with all that money invested in a product they've meticulously designed and developed, and blown all the fuses to protect, now has a competitor who is willing to give it away for free.

-- Julie.

You can get an Arduino to behave like a programmer...

But you will have to use avrdude from the command-line to change the lock bits. The IDE is not a good choice for doing that. It may not even be possible to do from the IDE.

There is no way to simultaneously protect your code AND use the standard arduino bootloader and tools.