Hide and Seek: Key Serial-Number Chips for PIC Microcontroller Code Protection
One of my favorite games, when I was young, was hide and seek. I would play with my friends and it was always fun to try and find a good hiding place. As an older brother, I played the same game with my younger brothers, but with a twist. Instead of hiding myself, I had to hide my stuff from them. If I picked good hiding places, my stuff was safe. However, if I was lackadaisical and chose poor hiding places they were sure to find my toys or clothes and sometimes damage or lose them.
For those of us who design and develop PCBs protecting your firmware from hackers can seem like a game of hide and seek. Firmware or microcontroller code protection is critical for preserving the fidelity of your product and protecting the investment of time and capital expenditures that go into product design development. There are several good methods of microcontroller code protection that will keep your firmware safe from most hackers. But, just like my stubborn brother Jeff, some hackers are determined to steal your hard work and your profits along with it by flooding the market with duplicates at a cheaper price or selling inferior products pretending they were manufactured by you. For these hackers, keying serial-number chips is an effective hide and seek strategy for microcontroller code protection.
Count to Ten-Thousand: PIC Microcontroller Code Protection
Typically, processors are programmed by downloading the machine code into local memory. This may be by flashing, where the code is erasable and the processor can be reprogrammed or hard-wired (burned) into memory where no future changes can be made. In these cases, the location of the program code is well-known by even inexperienced hackers, which makes it very insecure.
PIC microcontrollers are one of the most popular controllers available and they come in a wide range of architectures and with varying capabilities. Irrespective of variance, the controller code structure for these processors is similar. Most firmware development is accomplished by using development boards, which are invaluable for debugging code. Yet, these boards provide simple access to the controller memory over a serial cable.
Hide and Seek for Your Code Security
The use of serial-number keys is a form of encryption, similar to what is used for password protection. Each manufactured microcontroller is assigned a unique code, which may range from 8-bit to 80-bit or longer. The idea is to prevent access to the controller code unless the code is matched by the accessing device or program. This prevents the program code from being read by prying eyes. As with password protection, hackers have developed key generators that attempt to create the appropriate code for access. Given enough time, these are pretty effective at arriving at the correct code. To thwart this, I advise you store the key in a location that the hacker cannot access or may not know to look in.
The unique key must be in a location that can be read prior to executing the program. Although this may sound limiting, there are a number of options. For example:
- Flash Memory: This is the most place for storing program code and keys that may be erased and rewritten. This is used during the debugging process and for in- testing and development.
- Program Memory: This a usually a dedicated block of memory reserved for the program. It is a good place to hide the key, as well. Unless the encryption method for the key is known, it is difficult to separate actual program code from the key code.
- Microprocessor Memory (EEPROM): The key is hard-wired or burned into a ROM device and cannot be changed. This relies upon the system’s ability to prevent read access from intruders. Usually done during the manufacturing process or just prior to shipping.
As shown above, there are several memory locations where the key can be stored within the microcontroller and is not directly accessible by an external reading device. In addition, an external security storage component may be added to the PCB that is accessed directly by the microcontroller via a dedicated port location.
You can create an external memory unit by implementing a dedicated secure storage device to the PCB to serve as a that is inaccessible except by the microcontroller. As most PCBs contain many devices connected to the microcontroller, this ambiguous device can go undetected by a potential hacker. Instead, it is assumed to be a system critical component.
By providing several different locations to “hide” the key code forces a potential hacker to “seek” the correct storage location. This strategy makes PIC microcontroller code theft much more difficult. When you need to access an easy-to-use PCB layout tool that includes everything needed to build high-quality manufacturable circuit boards, look no further than CircuitMaker. In addition to easy-to-use PCB design software, all CircuitMaker users have access to a personal workspace on the Altium 365 platform. You can upload and store your design data in the cloud, and you can easily view your projects via your web browser in a secure platform.