Shop OBEX P1 Docs P2 Docs Learn Events
Program Extraction — Parallax Forums

Program Extraction

Eric REric R Posts: 225
edited 2005-04-18 17:51 in BASIC Stamp
Anyone know how to (or remember who can) extract a BS2 program from the stamp? Lost my backup, could rewrite it but would like to explore my options. One suggestion was given by phone support but the company said they could not do it.

······················· idea.gif·Everyone think hard to about a year ago·when this was posted·idea.gif

Comments

  • allanlane5allanlane5 Posts: 3,815
    edited 2005-04-15 22:32
    Why yes, I do remember -- you can't. Please don't lose your source code.

    OK, you can, but it's not usually worth the effort. It's much easier if you are using the OEM version with a socketed EEPROM. Otherwise it's very difficult to get the EEPROM off the module.

    As I recall, there was one guy willing to do this work, for the right price. Since the only market for this is reverse-engineers, and people who've lost their source code, and the BS2 only HAS 2000 bytes of EEPROM anyway, you'd expect this would be expensive.
  • Eric REric R Posts: 225
    edited 2005-04-16 19:08
    Thanks,

    Found my code, all is good!

    Glad to see that it is a difficult task to extract the info. This way if I ever go into production on a project, at least I know it will be fairly safe. tongue.gif


    Post Edited (Eric R) : 4/16/2005 8:44:48 PM GMT
  • SPENCESPENCE Posts: 204
    edited 2005-04-16 19:24
    Next step since you found your code.

    1. Print out two copys with copyright embedded in the source as comments at the top. I.e. "copyright 2005 by yourname"

    seal one copy in a envelope and mail it to yourself. When you get it back put it "unopened" in safety deposit box with the second copy attached. Might also put a copy of floppy source with it.

    This severs as legal proof of copyright and can be used as conclusive court evedence. It you dought it, ask a copyright lawyer.

    73
    spence
  • GadgetmanGadgetman Posts: 2,436
    edited 2005-04-16 20:20
    Spence:

    1. Your Caps lock is on again....
    Yes, I know that YOU can read it as easily as lower case, but for most people it is really annoying. It is also considered SHOUTING and bad netiquette.
    http://www.wncc.edu/online/webtut/netiquette.htm

    2. There was no discussion of copyright, only how he could retrieve his own program from a stamp, after the source code had disappeared.

    3. Have you ever asked a lawyer about that 'sealed letter' method?
    No court of law will accept that as proof of when it was made or by who. It doesn't matter if it's sent as registered or not.

    Yes, I know that dishonest people could steal a program by reading the tokens from the EEPROM and reverse engineering them, but given the size of the average BS2 program, the amount of work it would take to do it, it is usually much easier, and faster, to just recreate it based on observation of how the original works...

    Now for DATA safety.

    1. Store all data files in as few places as possible on the HDD (the 'my documents' folder is one of the very few ideas M$ ever incorporated into Windows)

    2. Periodically, burn the contents onto a CD. Don't bother with CD-RW, just use CD-R's
    (Try not to burn at too high speed. For such backups I never burn at more than 4X)

    3. Store them AWAY from the PC. Preferably in another part of the building, or a garage if you have it.
    (I store my personal backups at the office)

    4. A locked safe is a good thing to own...

    5. Another idea is to get hold of a USB memory-stick of some sort. a 256 or 515MB isn't too expensive. Make a small batch file which copies all changed Data files onto the USB memory. Make a shortcut for the batch file on your desktop and make a habit of doubleclicking it every day before you switch off your computer.
  • Eric REric R Posts: 225
    edited 2005-04-16 20:54
    I see alot of "dishonesty and reverse engineering" talk going on and wonder, has anyone even run across a basic stamp embedded device out in the market that didn't come with a source code? Guess I just havn't seen any or maybe it was nothing that I really needed the code from except my own BS2. At any rate, it is interesting that it can be done even with a little work. Guess I am still stuck in the PLC world where you can just suck the program right back out.
  • Paul BakerPaul Baker Posts: 6,351
    edited 2005-04-17 00:12
    Eric R said...
    Thanks,

    Found my code, all is good!

    Glad to see that it is a difficult task to extract the info. This way if I ever go into production on a project, at least I know it will be fairly safe. tongue.gif
    Just because it is difficult for the average user·to get the token code back off, does not mean in anyway that it is secure. The token code is sitting on the EEPROM in plain code (unencrypted). It only takes desoldering the EEPROM off or using a special clip and cutting a single trace (the cut trace is to prevent powering up the microcontroller on the stamp as well). If someone has the tools they can gain access to your code in a matter of minutes.
  • allanlane5allanlane5 Posts: 3,815
    edited 2005-04-17 17:59
    There's a large difference between getting "access" to code and actually being able to do something useful with it. Sure, they could build a clone of your application -- but what is that going to buy them?
  • ForrestForrest Posts: 1,341
    edited 2005-04-17 19:13
    I can think of a couple of ways to protect your application from being stolen. How about sanding the part numbers off all the chips and encapsulating the whole board in epoxy potting compound. There are many ways to protect your application - none are 100% foolproof - it just depends how much time, money and effort you have.
  • Paul BakerPaul Baker Posts: 6,351
    edited 2005-04-17 19:25
    Actually the best way to protect data would be for Parallax to create a stamp version in which a unique ID is burned into each stamp controller's·flash·(and securely kept in the processor since Parallax locks the flash code to prevent reading the code to thier·PBASIC interpretor). This ID would be the key to a relatively simple encryption algorithm that would store encrypted token code on the EEPROM, without knowing what the ID is, the code cannot be aquired. The overhead of the encryption could be mitigated by bumping the frequency of the oscillator to compensate the additional computational burden.
  • Chris SavageChris Savage Parallax Engineering Posts: 14,406
    edited 2005-04-17 23:27
    Paul Baker said...(trimmed)
    Actually the best way to protect data would be for Parallax to create a stamp version in which a unique ID is burned into each stamp controller's·flash·(and securely kept in the processor since Parallax locks the flash code to prevent reading the code to thier·PBASIC interpretor). This ID would be the key to a relatively simple encryption algorithm that would store encrypted token code on the EEPROM, without knowing what the ID is, the code cannot be aquired. The overhead of the encryption could be mitigated by bumping the frequency of the oscillator to compensate the additional computational burden.
    Paul,

    ·· But speeding up the chip wouldn't make up for the extra code space used by the interpreter to do this.· It would certainly take some fancy thinking.· Another factor would be requiring yet another editor revision.· All things to consider.


    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    Chris Savage
    Parallax Tech Support
    csavage@parallax.com
  • Paul BakerPaul Baker Posts: 6,351
    edited 2005-04-18 00:15
    Oh Im not suggesting that it be attempted, Im just trying to pointout that as long as the data sits unencrypted in EEPROM its never really secure.
  • kelvin jameskelvin james Posts: 531
    edited 2005-04-18 05:39
    If anyone thinks that code on a eeprom is secure, just look at what happened to the satellite eeprom access cards, and that was encrypted code. If someone really wants it, they will find a way. But for the average person, i would highly doubt anyone would put that much effort into trying to hack out the code of your application.

    kelvin
  • ForrestForrest Posts: 1,341
    edited 2005-04-18 11:17
    Are you referring to the pirate DirecTV access cards that were all disabled simultaneously by DirecTV sending a signal that fried them? If so, I'd say the encryption is working fairly well.
  • Dave PatonDave Paton Posts: 285
    edited 2005-04-18 17:51
    Actually, it wasn't a direct signal that fried them, it was a very clever and tricky series of software updates over a period of many months that appeared to be innocuous, but when assembled together, the 'innocuous data' hidden in the updates turned out to be the embedded utility that diabled the hacked cards. By the time the community figured out what had happened after the last update, a lot of the hacked H cards had been fried, but there were a few that survived, and that launched the next wave of cracks for the updated cards. The method used was really quite slick, since it exploited a portion of the update code that the copying community had learned to ignore. It succeded because it was social engineering (in the hacker sense), not software engineering to a large degree. Still, it didn't kill the movement. Encryption and secrecy have been playing catch-up for decades. I dont' think that'll change any time soon. smilewinkgrin.gif

    -dave

    ▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
    This is not a sig. This is a duck. Quack.
Sign In or Register to comment.