Program Protection

Hi, this is my first AVR project, and I'm using some Arduino Duemilanove ATmega328 boards with the Arduino-0018 IDE.

What is needed to prevent my code from being read? Can the lock bits be set by just altering some settings in boards.txt and re-uploading the code via the IDE & bootloader?

If so, can the boards be re-programmed at a later stage?

Thanks for any tips, Cheers

What is needed to prevent my code from being read

Well this is meant to be an open source platform.

However, all that can be read is the machine code, that can't be translated back into C so even if you wanted to your code is quite safe.

But the IP that I add (for a commercial product) is not open-source and I'd like to guard that against copying.....

I'm sure I can't be the only one using the Arduino as a quick means of getting a product to market, where the market is small. :)

Can it be done, or do I have to use something more complicated, like AVR Studio. I'm coming from a PIC background, so the AVR way is new to me yet.

Thanks.

that can't be translated back into C so even if you wanted to your code is quite safe

Well - that isn't completely true. In theory, you could pull the hex code off, run it thru a disassembler, then run a translator on that to a C source...

But it is unlikely (actually, impossible) that what you got back out would look anything like the original code put into it. For all intents and purposes, it would be worthless to all but the most hardcore developer. In fact, it would likely be easier to reverse engineer the logic by a black-box, or "over the wall" approach, if you had to.

Saying it can't be done, though, is bending a truth a little.

I think, though, there is a way by setting fuses or something (?) to make it much more difficult to pull the hex code off, right? Even so, I think there is a way with an AVR-ISP programmer to reset those fuses; I don't think you can permanently set them...?

Does Atmel even offer a version of the ATMega that has a way to "program once" like the PIC line of microcontrollers? I've never looked...

Or - do they offer a way to use encryption via a serial EPROM or something? I personally don't care one way or another, but I do wonder if they offer something like that in their product line - even if it isn't an ATMega (or even part of the supported Arduino-capable microprocessors)...

:)

I think the Flash can be made inaccessible to an external program by... - Removing the bootloader - Disabling Reset

Bear in mind that my opinion is based on no experience and a vague recollection of how an AVR ICSP works.

Warning: I believe that doing the things above has the side-affect of making it impossible to reprogram the processor without a high-voltage programmer.

In fact, it would likely be easier to reverse engineer the logic by a black-box …

True, but the typical concern is that you can copy the firmware and then upload to another chip. This way you duplicate the gadget and don’t really care about the source.

If people actually invest the time and effort to duplicate your gadget however it may not be all bad. Rather this would be a recognition of value and a great opportunity for marketing. :wink:

1) The source code is not stored in the controller 2) You can set the fuses to protect reading the compiled code from the controller. In order to do so consult the datasheet section 27.1 "Program And Data Memory Lock Bits".

This is not 100% bullet proof http://www.cl.cam.ac.uk/~sps32/mcu_lock.html. However the bullets will become much more expensive ;)

Udo

it may not be all bad. Rather this would be a recognition of value and a great opportunity for marketing.

Unfortunately the greatest opportunity would be for the copier, not me! :P

You can set the fuses to protect reading the compiled code from the controller. In order to do so consult the datasheet section 27.1 "Program And Data Memory Lock Bits".

Yes, but.....the main question for me is....

Can the lock bits be set by just altering some settings in boards.txt and re-uploading the code via the (Arduino) IDE & bootloader?

I don't want to brick a Duemilanove unnecessarily by just trying it.

The XMega (and maybe some ATMega) supports hardware encryption for this (I think for this, what else?).

Setting the fuses requires an ISP (or a second Arduino using an ISP sketch). If you "brick" this way, you can "unbrick" it this way as well. Unless of course you disable the reset pin or set the clock frequency to low for the ISP. This is something that usually does not happen accidentally. No need to be afraid.

Anyway: if you want software protection you are doing it commerically. In this case you should be prepared to spend more then just 20 or 30 bucks on prototyping equipment. So if you would brick it, no big deal anyway.

And while we are at it: if you do this commercially you might want to get rid of the Arduino boards because they are to expensive. If you do enough boards you can get the same stuff much cheaper.

Udo

And while we are at it: if you do this commercially you might want to get rid of the Arduino boards because they are to expensive. If you do enough boards you can get the same stuff much cheaper.

Really, you can only “brick” the ATMega on the Arduino board, and nothing else, really (not sure if you can brick the FTDI chip - you can burn it out, though). So you are talking about potentially wasting an approximately $2-3.00 (US) chip. Not really a big deal for an experiment, especially if you are planning on going commercial anyhow.

If you set all the lock bits, then you can only reset them using one high voltage programmer and doing a full flash,fuses and eeprom reset, so when you disable the lockbits you erase all your program too, so its safe to use lock bits, but I think you cant enable lock bits using a bootloader, only one isp/jtag programmer.

Great discussion here. I had this question too but didn't actually get concerned enough to raise my hand.

BTW, cr0sh, I think you were referring to a sourcer disassembler. Some sourcers could do a fairly good job but I haven't used one since 199x.

then run a translator on that to a C source.

Have you a link to something like this?

Even better would be one that restored the variable names. :o

Unfortunately the greatest opportunity would be for the copier, not me!

So you are going to something so amazing and wonderful in the few K of code in an arduino that no one is going to be able to tell what you did and wants to spend lots of time extracting your code and copying it. Quite modest aren't you? If so this is not the platform for you.

From a security perspective I'd like to add the following.

If the only reason for all this protection is to secure the IP-address and the IP-address is used to setup a connection, you'd better stop trying. Unless you're sending the IP-address over a secured channel, it is still possible to listen in on the IP-address.

If you're using an ethernet shield and I'd want to know the IP-address I could enable debugging on my switch and see it. Or I could connect the ethernet using a cross cable to my PC and see what the Arduino is trying to do (probably connect to the said IP).

If you'd use some other shield to connect to the IP it might be harder to sniff the IP, but still not impossible.

Maybe you could elaborate a little on what you'll be using it for and why it's important to keep it secure.

@qistoph: IP == Intellectual Property :P

Posted by: Udo Klein

Setting the fuses requires an ISP (or a second Arduino using an ISP sketch).

This sounds like the answer to my question. Thank you! :slight_smile:

Posted by: Grumpy_Mike

So you are going to something so amazing and wonderful in the few K of code in an arduino that no one is going to be able to tell what you did and wants to spend lots of time extracting your code and copying it. Quite modest aren’t you? If so this is not the platform for you.

What’s modesty got to do with it? We’re a small team producing something new that is selling for $10K+ (< 1/10th the cost of current solutions) in a small, but growing market. Given our tight deadlines, I thought it only prudent to take any simple steps available to protect our investment, especially if it only meant a simple edit. The Arduino was chosen to speed up the development of a small but critical part of the first few units, which have been shipped today. The next generation will probably be more integrated, when time permits. Doesn’t seem unreasonable to me. There are plenty of opportunists in the world, if you haven’t noticed!

What's modesty got to do with it?

Well you have identified a market that will allow you to sell an anduino based solution for $10K. What makes you think that if you provide a solution then any half decent engineer can't look at the problem and provide his own solution without resorting to steeling yours. By you own admission you are a small team so what makes you so special. I suspect you think you are very clever and that's where modesty comes in. If you have to ask that sort of question in this sort of forum you are not that clever. It's all in the data sheets if you want to read them.

There are plenty of opportunists in the world, if you haven't noticed!

I have, there is something called value add. Are you sure you are adding that amount of value? Or are you just a shark rip off merchant that doesn't want to be ripped off themselves?

I thought the terms of the Creative Commons license under which Arduino is released require the sharing of derivative designs?

What do you mean by open-source hardware?

Open-source hardware shares much of the principles and approach of free and open-source software. In particular, we believe that people should be able to study our hardware to understand how it works, make changes to it, and share those changes. To facilitate this, we release all of the original design files (Eagle CAD) for the Arduino hardware. These files are licensed under a Creative Commons Attribution Share-Alike license, which allows for both personal and commercial derivative works, as long as they credit Arduino and release their designs under the same license.

The Arduino software is also open-source. The source code for the Java environment is released under the GPL and the C/C++ microcontroller libraries are under the LGPL.

Protecting IP by somehow encrypting, locking, obfuscating the program in the microcontroller is a question frequently asked on avrfreaks.net. You can research there the answers given. How to lock the access to the flash memory is described in the datasheets of the microcontroller. Those are pretty basic often occurring topics.

Asking for protection of your own IP at this forum is not really nice attitude, I think.

Enjoy the success of an open platform, which strongly promotes sharing and helping others.