Copy Protection?
COlsen
Posts: 8
Ok, I searched the forum, and couldn't find anything on this topic.· Is there any way to prevent your code from being read and "Decompiled"? ·It looks like the code is stored externally in the flash memory, and then read·by the Propeller at boot up.· It would seem impossible to copy protect your code for commercial applications!
Comments
-Phil
A process I came across when I needed to add structural integrity to a circuit I made was Gooping. As it turns out if someone tried to reverse engineer my product they would first have to do X-rays to determine where to probe for a serial line let alone not destroy the device in the process.(especially if a ground plane where laid directly above and below it.
Gooping = is a non-conductive cement poured over a circuit that has been laid in a cast. (not extremly expensive either).
I have an address somewhere if you need it!
Where there is a will, there is a way. No way around it, if someone wants it, they can get it, if they try hard enough.
You can make it hard, real hard, but in the end, with enough time, money and desire, it's a lost battle.
PROM's, dongles, SW keys, encryption and mis-direction, all of which are what hackers strive to survive, can and will be broken.
And hackers, both hard and soft, will take every means needed to ensure they will succeed.
With the open nature of the propeller, is harder still to protect the investment.
If the investment in the program is so valuable, where as others are wont to take it without paying for it your only options are:
Make it hard to get into the hardware (like the Goop idea, which can and has been broken), and at the same time, make it cheap for someone to buy.
If it's so cheap, it's much simplier for them to purchase then to burn time getting into it.
Lastly, if the code does something super, make the code purchable. THis will defer all but the most stuborne hackers, and you will likely make more $$$.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Just tossing my two bits worth into the bit bucket
KK
·
In the end Kaos Kidd is right, given enough time and resources, anything can be broken. I learned this back in the 80's in high school. Software companies would spend all kinds of money on copy protection schemes, but there were an infinite number of teenagers with an equally infinite amount of spare time on their hands. It usually only took a couple of days before the games were hacked.
Carl
This message will self destruct in zzzzzzzzz!
Could I get that URL from you, That is an interesting issue?
Seems it's not that foolproof.
If you want securiy, feel free to use Gooping, but remember that afterwards, the Propeller(well, the EEPROM connected to it) can no longer be updated, so you'll have to replace the entire unit if a bug is found that necessitates an upgrade.
About software protection in general...
In the earliy 90s, we got a lot of specialized software at the office, that needed a 'software key', usually a file in a specific location on the HDD. (It contained information on where it was placed, so any attempt to move it to another computer would invalidate it) To transfer the license we used a special license diskette, with a program to read the file, update the diskette and place/remove the file on the HDD.
Unfortunately, particularly on our CAD machines we sometimes needed to run Norton Speedisk or similar tools...
Or a HDD would Smile out and be replaced, with no way of getting the file off the HDD...
Luckily, the worst of those programs was phased out by 1998(it wasn't windows compatible)
Did I mention that the company was not very sympathetic to that, or to unreadable diskettes?
As for the dongles connected to the Parallell port on PCs... They weren't much better, with the drivers often making it impossible to print... And the ones that was placed on a central server... AAARGH!
(Having one was a pain in the posterior, having two was... usually a nightmare if they didn't come from the same third-party 'security' wendor)
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Don't visit my new website...
That said, if anyone needs a Propeller disassembler, drop me a line.
A little background first: someone once told me about a system that our government had developed and·installed around the world (probably in the late 1980's)·that tracked ALL terrestrial radio communications. It did so by recognizing key-up signatures when transmitters were turned on. Say in some part of the world there were 1,000 identical walkie-talkies in use. Even though they may all be from the same manufacturer, they all have slight component differences due to manufacturing tolerances. Each walkie-talkie has a unique fingerprint in RF/Time. This system would identify all different transmitters, track them, and monitor their communications. I've wondered if it still works today when radio traffic has increased 1,000's of fold and perhaps millions of identical cell-phones are in confined areas. It seems like it's been outmoded and the monitoring would be much better done from within the cell-phone infrastructure.
Anyway, every transistor within a Propeller chip varies slightly from all its (otherwise-) identical twins. Think about the I/O pads. They all have slightly different input·thresholds due to ever-undulating oxide thicknesses and dopant concentrations at fabrication time. No two are identical. Say you connected an I/O pin to a resistor, and that resistor to a cap to ground. Then you connected three other I/O pins to the resistor-capacitor junction. When you toggle the first pin up and down, the other three pins will see slightly different·toggle delays due to their threshold differences. You could use the CTRs to track these differences in 12.5ns increments. You could have your program profile the relative differences the first time it runs, store this data back to the EEPROM, and then check for these relative differences every time thereafter. You would have to do a little R&D to make sure that temperature and voltage extremes wouldn't break your profile. It might work just fine. The point is that if they tried to copy the EEPROM data and run it on another Propeller chip, it wouldn't work. For someone to figure out what was going on, they would have to reverse-engineer your program from the data in the EEPROM. This could be a very difficult thing to do, especially if they didn't even know what they were looking for. Perhaps some kinds of subtle tricks like this could be pulled, maybe even with phenomena that·are entirely internal to the chip.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chip Gracey
Parallax, Inc.
Post Edited (Chip Gracey (Parallax)) : 6/28/2006 7:23:56 AM GMT
1. Extract code from EEPROM.
2. Disassemble.
3. Bypass with jumps.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chip Gracey
Parallax, Inc.
No matter how you protect the hardware, obscure the code, the bottom line is this: Once it's off the eeprom, it's simply a matter of time before it's broken.
Sorry to say this, but securing the code in the propeller is highly unlikely.
Locks don't keep criminals out, they keep honest people out; there's no such thing as an honest criminal.
The best you can hope for is to make it REAL hard to get illegailly, AND real EASY legaly.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Just tossing my two bits worth into the bit bucket
KK
·
·· Even doing this, Chip's last point is still valid...You would still be tasked with having to decompile and track all instances of protection woven through the code or it wouldn't run on target systems (If looking for the profile)...In many cases it simply wouldn't be worth it (time-wise).
·· In a system implementing the FTDI FT232R chips, you could easily make use of Chip's idea to utilize the FTDIChip-ID feature where the FTDI chips have a unique number assigned.· The woven security code could periodically check for this ID and cease function when not found.· Again, not foolproof but they would have to work for it.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chris Savage
Parallax Tech Support
csavage@parallax.com
It's the resulting mix [noparse][[/noparse]of methods used], and the determination of the devloper that's going to determin how hard it's going to be to get the data.
The harder the better. Mixing hardware and software, in a "ballanced" form, coded not to use too much of the propellers resources, is going to be the only way.
Just remember, what ever we discuss here, someone will be reading to find out how it's done, thus mooting the entire discussion!
I'm really enjoying this conversation. It brings back the happy years of hacking C64 and Tandy games [noparse]:)[/noparse]
I do have ideas on how to secure the data, but at the end, it's still able to be cracked.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Just tossing my two bits worth into the bit bucket
KK
·
Everything in the tale after that is a cautionary fable playing on our natural paranoia of eavesdroppers with government level resources. A good attitude to have, but not to overdo.
Your point is correct however. If you really must copy protect something, those characteristics outside the intended signal content are an excellent place to start, and they are exceptionally difficult to mimic, almost to the point of a practical impossibility.
Harbor - an old crow
Nonetheless, idealism can collide with reality, and some form of protection agains the real scumbags is often called for. So along these lines I would recommend a copyright accompanied by the GPL (general public license). By publishing the source code in this way, you at least drive a stake in the ground, hopefully preventing others from co-opting your work — by whatever means — and claiming it as their own.
It's a big market that will only grow bigger by the free exchange of ideas. Sure, like anyone in this business, I've written firmware that's protected. But I'm willing to give this more open business model a good run for the money. And I'm betting it will work out to my advantage in the long run.
-Phil
So a scheme is needed to make the PROPELLER chip unique. I wonder if you could purposely destroy the driver for one (or more) pins, (for example tie the pin high without a resistor then program the propeller to make the pin low). Then if you could somehow test for this mal-function in the code (in a non-obvious way). I think that would work.
The "scumbag" (to use Phil's term) could copy the EEPROM, but the code wouldn't work on a properly functioning propeller chip.
Just an idea...
Bean.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Cheap 4-digit LED display with driver IC·www.hc4led.com
Low power SD Data Logger www.sddatalogger.com
"I reject my reality, and substitute yours." NOT Mythbusters
·
You are still faced with the same scenario... If you can "fuse blow" your Propeller pins why couldn't the would be hacker do the same thing?
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Beau Schwabe
IC Layout Engineer
Parallax, Inc.
I mean how would he know that's what you did ? With self-modifying code you could get very sneaky about detecting the fault.
It's just a thought, but that's how I would go about it, if I wanted to protect a device.
Bean.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Cheap 4-digit LED display with driver IC·www.hc4led.com
Low power SD Data Logger www.sddatalogger.com
"I reject my reality, and substitute yours." NOT Mythbusters
·
Open Source with GPL is the only way to truly create a product that will endure the hard/software cycles of growth and expansion.
If your product is of such immence value, it can only grow using open source and GPL.
Just trademark or copyright the "method of how you do it" to protect you from the real schmum bags.
The whole idea of Open source is someone might have a better way of doing somthing you are doing, and thus can impliment and improve on it.
Bean: LOL @ your sig line...
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Just tossing my two bits worth into the bit bucket
KK
·
The device that I am rebuilding the electronics for is already patented. The guy that owns it(boss) looks at it this way. Don't go out of the way to make it super secure. He feels, as mentioned earlier,·thieves are·only going to make some quick cash and if they get caught he stands to make more on the deal than the sale of the product!
Just don't let them make a better product!!!!!!!!!!!!!!
But I'm sure Parallax would NEVER let the PIC firmware for the Basic Stamps to be so easily read from a BS2.
Have you ever tried to get money out of someone using your code ?
Damn near impossible. And what if he is not in the USA ? Even if he is, you will spend so much money on lawyers. And the courts still don't look at piracy as "stealing" (unless someone wants to make an example of them).
And if someone is stealing your code and selling it, chances are he doesn't have a ton of money.
From being in the retail software business, I can tell you that you will never protect your IP from someone really determined to steal it, but you can protect it from the casual pirate. 99% of the program coping we saw was the old "you like this game, here let me make a copy for ya". Very rarely was it someone trying to make a profit from copying.
I would dare say, that the propeller MAY be excluding itself from production products if there is no way to protect the firmware.
Just my opinion...
Bean.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Cheap 4-digit LED display with driver IC·www.hc4led.com
Low power SD Data Logger www.sddatalogger.com
"I reject my reality, and substitute yours." NOT Mythbusters
·
One of the reasons the BASIC Stamp continues to prosper is because the product was properly designed and well-supported.
Ken Gracey
Parallax, Inc.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Just tossing my two bits worth into the bit bucket
KK
·
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Life is one giant teacup ride.