Copy Protection Idea
T Chap
Posts: 4,223
This is talked about already and there is no real solution from what I can tell. I made a post some time back about generating a true random number, and although it was initially discussed that there was not a good solution, but Chip finally nailed it. For this reason, I want to throw out a concept to see if the idea has merit. Keep in mind, I am not so concerned about outsiders stealing anything as I am insiders, and from past experience, this is where I have been burned the most.
This is the idea for a product that is not concerned about a few bucks for extra parts.
1. Prop boots up from basic start up program on I2C EEPROM, not a working program for the project, just an init program.
2. Prop reads from a copy protected storage like an SX or other device that contains the real code to be transferred to an I2C RAM for re-booting.
3. Once the I2C RAM chip is written with the program data from the SX or other storage, a switching system enables the I2C RAM to be read at the boot address, and disables the EEPROM that initially booted up the Prop. The Prop is reset, booted from I2C RAM.
4. RAM is immediately cleared of the program after booting.
In this case above, a great deal of work would be required to monitor each read/write between the copy protected storage and the RAM, and the permanent storage doesn't even have to have the program data in the correct order, there can be a a "key" of sorts that determines the read write process of rearranging the data. A random number could also be used to determine the loading process, so that every transfer is a different order .
The SX or other copy protected storage medium is secure.
I have no idea if an I2C RAM can be booted from [noparse]:)[/noparse]
Any thoughts?
This is the idea for a product that is not concerned about a few bucks for extra parts.
1. Prop boots up from basic start up program on I2C EEPROM, not a working program for the project, just an init program.
2. Prop reads from a copy protected storage like an SX or other device that contains the real code to be transferred to an I2C RAM for re-booting.
3. Once the I2C RAM chip is written with the program data from the SX or other storage, a switching system enables the I2C RAM to be read at the boot address, and disables the EEPROM that initially booted up the Prop. The Prop is reset, booted from I2C RAM.
4. RAM is immediately cleared of the program after booting.
In this case above, a great deal of work would be required to monitor each read/write between the copy protected storage and the RAM, and the permanent storage doesn't even have to have the program data in the correct order, there can be a a "key" of sorts that determines the read write process of rearranging the data. A random number could also be used to determine the loading process, so that every transfer is a different order .
The SX or other copy protected storage medium is secure.
I have no idea if an I2C RAM can be booted from [noparse]:)[/noparse]
Any thoughts?
Comments
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
I am 1011, so be surprised!
Advertisement sponsored by dfletch:
Come and join us on the Propeller IRC channel for fast and easy help!
Channel: #propeller
Server: irc.freenode.net or freenode.net
If you don't want to bother installing an IRC client, use Mibbit. www.mibbit.com
The only propblem is that somebody plugs an I2C EEPROM in place of your I2C RAM - so you think you're doing a secure copy, but in fact you are not. The copier takes the newly burned RAM/EEPROM and is off and running.
An easy way to crack your protection would be to modify you boot EEPROM, and replace the "chip-reset" command with a "repeat-forever" command. Another device could then hang off the I2C bus and read the chip - thats only 3 solder joints (SDA, SCL and GND).
The cracking of the spin interpreter goes some way to illustrating how hard it is to do secure copy protection.
Another example is the cracking of some of the "secure" Dallas Semiconductor micro-processors a couple of years ago.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
I am 1011, so be surprised!
Advertisement sponsored by dfletch:
Come and join us on the Propeller IRC channel for fast and easy help!
Channel: #propeller
Server: irc.freenode.net or freenode.net
If you don't want to bother installing an IRC client, use Mibbit. www.mibbit.com
Just to find out what processor it is, what the RAM and EEPROM circuit is doing, pulling out and modifying the bootloader, etc, is a heck of an undertaking from scratch.
It's just an idea anyway.
Keep in mind, I am only thinking about an in-house solution to prevent easy theft from non tech people in the loop. I understand that anything can be broken, but I want to make it a challenge at least.
Post Edited (Originator) : 8/29/2008 10:56:18 PM GMT
But I have not said anything here! Are you psychic?
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
For me, the past is not over yet.