Results 1 to 4 of 4

Thread: Can reading a code protected PIC erase it?

  1. #1
    Senior Member

    Join Date
    Jan 2008
    Location
    A rock in the ocean
    Posts
    752
    Thanks
    99
    Thanked 135 Times in 79 Posts
    Rep Power
    290
    Reputation
    3356

    Default Can reading a code protected PIC erase it?

    Been having some adventures in PIC chip copying, only with a very small 12F510, and found something odd. The datasheet says that the first 64 locations and the last location (internal clock calibration byte) can always be read, regardless of code protection status. The PIC that was attempted to be copied did appear to have code protection set, as I could only get useful code up to address 64, the rest read as 00s (NOPs).
    But after having failed to read the entire code, I decided to put the PIC back into it's circuit, and it would no longer do its function. It was trying to respond to inputs, just not doing it correctly.

    Is that normal - the PIC self erase in response to a read to prevent code from being extracted? (auto erase definitely wasn't enabled in the MPLAB software, and I can still read the first 64 locations fine)



Look Here ->
  • #2
    Senior Member
    Uncle Fester's Avatar
    Join Date
    Jan 2008
    Location
    Commonly found in a pantry or the bottom of a fridge, searching for grains, fermented or distilled
    Posts
    6,405
    Thanks
    2,289
    Thanked 4,414 Times in 2,517 Posts
    Rep Power
    2046
    Reputation
    81778

    Default

    I have attempted to read code protected PICs many times because I didn't even know they were code protected and they always worked fine in the application afterwards.

    I could imagine a whole load of lawsuits towards the supplier of the programming software if it would erase, thus destroy a protected PIC upon attempting to read it.
    As you say some areas can be openly read and also the user EEPROM (if the PIC has one) must be accessible.

    You say that it is not dead, just not performing correctly and you also mentioned you read out the clock calibration.
    It might be possible that the calibration has been reset and now the PIC is suffering timing issues.
    Update: A deletion of features that work well and ain't broke but are deemed outdated in order to add things that are up to date and broken.
    Compatibility: A word soon to be deleted from our dictionaries as it is outdated.
    Humans: Entities that are not only outdated but broken... AI-self-learning-update-error...terminate...terminate...

  • The Following User Says Thank You to Uncle Fester For This Useful Post:

    tristen (25-11-18)

  • #3
    Premium Member

    Join Date
    Jan 2010
    Posts
    1,077
    Thanks
    632
    Thanked 306 Times in 180 Posts
    Rep Power
    300
    Reputation
    4620

    Default

    Trash might have some ideas about this sort of thing...

  • #4
    Senior Member
    trash's Avatar
    Join Date
    Jan 2008
    Location
    Tamworth
    Posts
    4,088
    Thanks
    148
    Thanked 3,229 Times in 1,451 Posts
    Rep Power
    1287
    Reputation
    47674

    Default

    You can't read a code protected chip. You can read the chip status bytes.
    Attempting to read the chip with the code protect on should not erase or damage it. Though that would have stopped a lot of card sellers back in the day.

    You can however write to a code protected chip and this effectively erases the chip by overwriting the bytes.
    To recover code protected bytes, you can write to the card as if you're programming it and then stop the write process after the first couple of bytes which is usually at 0x0000.
    The first instruction is usually a Jump or goto operand with an address location. 0x0004 is usually the interupt vector.

    The PIC12F510 doesn't have interupts, so there is no reason for the first operand to be a jump instruction.
    So if you just over write the configuration and first two bytes in program memory and then stop, reset and then read, you should be able to recover all of the program except the first two bytes which you can usually guess.

    If you're reverse engineering one of my PIC's, then it's easier just to ask me for the source code. I share most of my code. I often write in an extra layer of code protection which jumps to a random location in memory.
    That make it much harder to guess where the program starts and it's easy to remove from public source code. If I've actually written in more than a default jump instruction, there will be all kinds of checks to void copied code.
    I developed those kinds of tricks because low life gimmes and sellers would copy gold or silver card code, so I made sure the cards would crash after being copied.
    Yes I am an agent of Satan, but my duties are largely ceremonial.

  • The Following User Says Thank You to trash For This Useful Post:

    enf (09-01-19)

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •