Nowadays, soon after a new product is launched, counterfeit products often appear on the market, causing intellectual property infringement and economic damage to the companies and individuals who have conducted early research and development. As an engineer, you should try to consider the possibility of product plagiarism in the early stage of product design, choose a microcontroller with good confidentiality and encrypt the microcontroller system to prevent competitors from plagiarizing.
Methods for cracking microcontroller programs
There are two main methods to steal programs in microcontrollers: invasive and non-invasive. The invasive method is to destroy the chip package, and use semiconductor testing equipment, microscopes, micropositioners and other instruments to find the location of the protection fuse in the chip and erase it, making it an unencrypted chip, and then use a programmer to read out the program, or directly place a probe on the chip's internal bus to read out the program in the memory. The non-invasive method is to use certain loopholes in the chip design or chip programming timing to decrypt the chip. For example, for the loopholes in the erase operation timing design of the early AT89C series chips, a self-compiled program is used to stop the next step of erasing the program memory data in the chip after erasing the encryption lock bit, thereby making the encrypted microcontroller look like it is not encrypted, and then the program in the chip can be read out using an ordinary programmer.
It can be seen that the use of invasive decryption methods requires expensive equipment and takes a long time, and the decryption cost is high; while the equipment required for the non-invasive decryption method is relatively cheap, and decryption is possible as long as the loopholes in the chip design can be found, but it requires the decryptor to have deep professional knowledge.
Figure 1: Confidentiality features of NEC 78K series microcontrollers.
The Confidential Design of NEC Single Chip Microcomputer
Theoretically, it is impossible to keep the program of the MCU 100% confidential. Encrypting the program of the MCU is just to increase the cost of cracking. When the cost of cracking a product is as high as the cost of designing an identical product independently, no one will be interested in cracking the product.
In product design, in order to avoid adding peripheral hardware and thus increasing product costs, the confidentiality of product software is usually mainly guaranteed by the confidentiality of the selected single-chip microcomputer. Therefore, it is particularly important to choose a single-chip microcomputer with good confidentiality to increase the cost of cracking by plagiarists. NEC (NEC Electronics) has designed sufficient protection measures in its FLASH-type 78K series single-chip microcomputer to ensure the security of the single-chip microcomputer program code.
In addition to the developer's reasons, there are usually three reasons for the leakage of microcontroller program target files: 1. The target file is stolen during the program burning process in mass production; 2. The product is obtained by the spies after it is on the market, and the target file in the microcontroller is obtained by intrusive or non-intrusive methods; 3. The application target file is stolen when the product is upgraded on-site using the BootLoader program through the serial port, CAN interface, etc.
Figure 2: Encryption settings for the production programmer.
Program confidentiality during mass production programming
The mass production programmer FL-G03 designed by a third party for NEC can support the simultaneous programming of 8 chips. The development engineer uses a 128-bit key to encrypt the original HEX file and fixes the key into the programming for decryption during programming. The engineer can also set a limit on the number of chips that can be programmed on the programmer, and then provide the programmer and the encrypted HEX file to the programmer. This prevents other personnel from accessing the original HEX file, and only a set number of chips can be programmed.
Figure 3: Even if the security bit is destroyed, the program cannot be read.
Prevents intrusive and non-intrusive program theft
Intrusive cracking methods can turn an encrypted chip into a non-encrypted chip, and then use a programmer to read out the program. Of course, a probe can also be used to read the program from the chip's internal bus, but the cost of doing so is quite high; non-invasive cracking methods generally require the programmer to read out the program in the end. NEC's 78K series microcontrollers do not have a PROGRAM READ function, so the programmer cannot be used to read out the program. (Note: The verification function when programming a chip with a programmer is not to read out the program for verification, but the programmer sends the data to the chip, and the chip core independently completes the comparison with the storage area data, and then returns the comparison result to the programmer).
Figure 4: Field upgrade using encrypted target file.
Program confidentiality during product field upgrades
If the MCU programmer uses the BootLoader function, the MCU program can be easily upgraded through the serial port and other communication ports after the product is sold. However, this also leaves an opportunity for spies to take advantage of it, and the target file of the new version of the application may be leaked. The solution is that the designer encrypts the target file of the application according to a custom algorithm and puts the decryption algorithm in the BootLoader program. When upgrading, the BootLoader program decrypts the target file and then writes it to the target FLASH area. This can prevent the original target file from being leaked.
Prevent chip program from being accidentally erased or rewritten
In addition to the measures mentioned above to prevent the program from being leaked or cracked, the 78K series microcontrollers also take a number of measures to ensure that the program will not be accidentally erased or rewritten. The 78K series microcontrollers can perform the following security settings on the FLASH through the programming software during programming:
1. Chip-erase operation is prohibited.
2. Block erase operation is disabled.
3. Disable write operation.
4. Rewriting the boot cluster0 area is prohibited.
These settings can prohibit the programmer from erasing and writing the chip, but the user program in the chip can still erase and write the FLASH area. Once the "Prohibit full chip erase operation" is set, the program in the chip can no longer be erased and rewritten, and this setting cannot be canceled.
The relationship between various security settings and operation commands is shown in Table 1.
Table 1: Relationship between various security settings and operation commands.
Conclusion
NEC's 78K series microcontrollers take measures from multiple aspects to enhance the confidentiality of microcontroller programs. In particular, the lack of a READ command and the inability to read program data out of the chip greatly increase the cost of cracking it, effectively protecting the designer's intellectual property rights.
Previous article:Creating and using custom C library files
Next article:Learning several difficult concepts of microcontrollers
Recommended ReadingLatest update time:2024-11-16 17:42
- Popular Resources
- Popular amplifiers
Professor at Beihang University, dedicated to promoting microcontrollers and embedded systems for over 20 years.
- Innolux's intelligent steer-by-wire solution makes cars smarter and safer
- 8051 MCU - Parity Check
- How to efficiently balance the sensitivity of tactile sensing interfaces
- What should I do if the servo motor shakes? What causes the servo motor to shake quickly?
- 【Brushless Motor】Analysis of three-phase BLDC motor and sharing of two popular development boards
- Midea Industrial Technology's subsidiaries Clou Electronics and Hekang New Energy jointly appeared at the Munich Battery Energy Storage Exhibition and Solar Energy Exhibition
- Guoxin Sichen | Application of ferroelectric memory PB85RS2MC in power battery management, with a capacity of 2M
- Analysis of common faults of frequency converter
- In a head-on competition with Qualcomm, what kind of cockpit products has Intel come up with?
- Dalian Rongke's all-vanadium liquid flow battery energy storage equipment industrialization project has entered the sprint stage before production
- Allegro MicroSystems Introduces Advanced Magnetic and Inductive Position Sensing Solutions at Electronica 2024
- Car key in the left hand, liveness detection radar in the right hand, UWB is imperative for cars!
- After a decade of rapid development, domestic CIS has entered the market
- Aegis Dagger Battery + Thor EM-i Super Hybrid, Geely New Energy has thrown out two "king bombs"
- A brief discussion on functional safety - fault, error, and failure
- In the smart car 2.0 cycle, these core industry chains are facing major opportunities!
- The United States and Japan are developing new batteries. CATL faces challenges? How should China's new energy battery industry respond?
- Murata launches high-precision 6-axis inertial sensor for automobiles
- Ford patents pre-charge alarm to help save costs and respond to emergencies
- New real-time microcontroller system from Texas Instruments enables smarter processing in automotive and industrial applications
- NRK3301 speech recognition chip schematic
- Microchip Live Today: How to Build a Car Charger
- Share some of my experiences as a part-time communication designer
- TI application note: Wi-Fi built-in security
- EEWORLD University Hall----Live Replay: Energy Saving and Carbon Reduction-Omron Relay, Switch, and Connector Solutions for Photovoltaic Inverter/Energy Storage Systems
- Nonlinear Compensation Method for Sensor Bridge Circuit
- DIY_boostxl-k350qvg under the recent proofing storm
- Today is 520, another beautiful day for confession. What actions will you take?
- Design and Implementation of Digital Video Conversion Interface Based on FPGA
- CR Micro's 8-bit microcontroller CS98P154 with OTP ROM