I'm working on a project and now it is near finishing and I want to copy protect the sketch.
I know the theory but before blasting a dozen 328's I want to have my recipe confirmed.
AFAIK one has to take 2 steps:
step 1) program the Arduino by ICSP - this removes bootloader - this works like a charm (pololu progger)
step 2) set lock bits. For this I have this command
avrdude -v -v -C ..\etc\avrdude.conf -c pololu -P %COMPORT% -pATMEGA328P -U lock:w:0x00:m
If I am right with these 2 steps the code cannot be copied anymore.
Questions:
is the avrdude command the correct one?
am I missing steps?
The avrdude command is part of this .bat file
REM
ECHO OFF
CLS
ECHO.
ECHO LOCK ATMEGA328P-PU
SET AVRBIN="C:\Program Files (x86)\arduino-1.0.4\hardware\tools\avr\bin\"
SET COMPORT=COM1
SET BAUD=19200 // -b 19200
ECHO ENSURE MASTER CHIP HAS SW LOADED.
ECHO.
ECHO COMPORT = %COMPORT%
ECHO BAUD RATE = %BAUD%
ECHO.
ECHO CTRL+C to abort OR any other key to lock...
ECHO.
PAUSE > NUL
PROMPT $G
PUSHD %AVRBIN%
avrdude -v -v -C ..\etc\avrdude.conf -c pololu -P %COMPORT% -pATMEGA328P -U lock:w:0x00:m
POPD
PROMPT $P$G
I don't recall who posted this link previously, but I have the following link in my ATtiny85 links, and it calculates the fuse settings for various atmel chips: AVR® Fuse Calculator – The Engbedded Blog
thanks for the tip,
I've seen the fuse calculator and bookmarked it,
still the question is if these 2 steps are enough to prevent avrdude or any programmer to extract the data.
I know you can scrape off the plastic of the chip and shine UV light on the fuses to reset themand you can read the chip again. (unless you UV-ed the memory too :). But you need quite some extraordinary equipment to do that safely.
update: FYI - I do not have a high voltage programmer, it should be on my wishlist
Setting the lock byte to zero should make it locked. You also should be able to recover with the AVR dragon, however this would require physically inserting the chip into it (this might be practical during testing).
By "recover" I mean re-use the chip. I believe once locked you can only reset it back to a blank state, thus the user could never recover your binary data.
Personally I am a little against copy protection, but if it seemed your enemies might copy the hex data and reproduce it, that might be a reasonable step. In most cases though it is the hardware the chip is on that is valuable, rather than the code itself. Of course, they can't ever get back the C code, so it would have to be something special. Maybe if the code in question was an encryption key, yes I can see the point of that.
From the Atmel data sheet. "The Lock bits can only be erased to “1” with the Chip Erase command."
From the avrdude man page. "When the -U option with flash memory is specified, avrdude will perform a chip erase before starting any of the programming operations, since it generally is a mistake to program the flash without performing an erase first. ... This will reset the contents of the flash ROM and EEPROM to the value `0xff' , and clear all lock bits."
You can experiment all you want. No high voltage programmer needed.
I know you can scrape off the plastic of the chip and shine UV light on the fuses to reset themand you can read the chip again.
Afaik, atmel uses a metallic layer(s) over the eeprom/flash/fuse chip areas, so in order to read the protected chip you need to etch the metal just over the lock bits only, then UV it (to reset the lock fuse only), then you can read it
In most cases though it is the hardware the chip is on that is valuable, rather than the code itself
Except you are emulating the tunny with it
I am using usbasp programmer for it, its avrdude gui allows me to set lock bits to protect the stuff, you may check whether your chip is actually protected simply by reading it. By erasing the chip your lock bits get erased too, so you can reprogram it again. There is also a fuse setting to disable SPI for programming(!!), I would also deselect bootloader. Proper protecting your chip content is a science, btw..
Are you trying to protect your own IP, or do you just have a customer who wants this done??
Are there some Arduino-based products that have been cloned, violating someone's IP?
Years (and Years) ago I was involved in a little fight with IBM stuffed shirts about including the PC BIOS SOURCE CODE OMG in the IBM PC Technical Reference Manual. My Big Upper Boss showed them the DISassembled and MODified source code for a competitors Operating System to prove that they couldn't stop people from knowing the BIOs eventually, and they should make it easy. They Screamed "Get That Listing Outta Here! We could be SUED!". (Even though my friend did it at home while watching football.) IBM met the Hackers. And We ( although also IBM'ers) Won!
terryking228:
Are you trying to protect your own IP, or do you just have a customer who wants this done??
Are there some Arduino-based products that have been cloned, violating someone's IP?
Years (and Years) ago I was involved in a little fight with IBM stuffed shirts about including the PC BIOS SOURCE CODE OMG in the IBM PC Technical Reference Manual. My Big Upper Boss showed them the DISassembled and MODified source code for a competitors Operating System to prove that they couldn't stop people from knowing the BIOs eventually, and they should make it easy. They Screamed "Get That Listing Outta Here! We could be SUED!". (Even though my friend did it at home while watching football.) IBM met the Hackers. And We ( although also IBM'ers) Won!
/OneATerrysStories
Cool story. However the IBM suits seemed to have gotten their way eventually, when they came out with the PS/2 system that were a lot less open as far as being clone-able, and users/competitors just ignored the much more extensive PS/2 system and IBM never recovered being the leader in PCs, Intel/Microsoft however remained the real winners.
Wikipedia:
The Personal System/2 or PS/2 was IBM's third generation of personal computers released in 1987. The PS/2 line was created by IBM in an attempt to recapture control of the PC market by introducing an advanced yet proprietary architecture. IBM's considerable market presence plus the reliability of the PS/2 ensured that the systems would sell in relatively large numbers, especially to large businesses. However the other major manufacturers balked at IBM's licensing terms to develop and sell compatible hardware, particularly as the demanded royalties were on a per machine basis. Also the evolving Wintel architecture was seeing a period of dramatic reductions in price, and so these developments prevented the PS/2 from returning control of the PC market to IBM.
and later:
Overall, the PS/2 line was largely unsuccessful with the consumer market, even though the PC based Models 30 and 25 were an attempt to address it. With what was widely seen as a technically competent but cynical attempt to gain undisputed control of the market, IBM unleashed an industry and consumer backlash. The firm suffered massive financial losses for the remainder of the decade, forfeited its previously unquestioned position as the industry leader, and eventually lost its status as the largest single manufacturer of personal computers, first to Compaq and then to Dell. After the failure of the PS/2 line to establish a new standard, IBM was forced to revert to building ISA PCs—following the industry it had once led—with the PS/1 line and later the Aptiva and PS/ValuePoint lines. Eventually, IBM sold its entire PC business to Lenovo.
Lefty, you're right and just another example of when IBM made TOO much of a Big Corporate Deal about something and smothered it. The original IBM PC development was a Wild Duck thing way outside of the IBM Mainstream. And resented in some quarters, who wanted to Get Those Guys Under Control. A year before the PC1 came out I saw the future IBM Personal Computer line in a White Room in (the Hudson Valley) Nice looking boxes. Running a respectable processor, the WoodstockII (I think). Rudimentary operating system. No real applications. No VisiCalc. After a big marketing assessment it was killed and buried. Some guys in Boca showed a protoype of a Real Simple Machine using off-the-shelf parts. It flew. There was only one IBM proprietary chip in it, that funny square aluminum capped thing on the floppy controller.
terryking228:
Are you trying to protect your own IP, or do you just have a customer who wants this done??
both,
tf68:
From the Atmel data sheet. "The Lock bits can only be erased to “1” with the Chip Erase command."
From the avrdude man page. "When the -U option with flash memory is specified, avrdude will perform a chip erase before starting any of the programming operations, since it generally is a mistake to program the flash without performing an erase first. ... This will reset the contents of the flash ROM and EEPROM to the value `0xff' , and clear all lock bits."
You can experiment all you want. No high voltage programmer needed.
tf
That is the level I want to reach, that only an erase is possible.
Next week I'll start experimenting
