Andrew- What Microsoft did with X-box is interesting. They faced a similar problem -- no EEPROM on the processor itself. So they used a Flash ROM device with a small bootloader (processor) to handle decryption during boot. They did some things with JTAG also, like tying ~TRST to an internal gnd layer underneath a BGA package. Below are some links for additional information on the Xbox approach. It seems the author has actually hacked the Xbox and has some useful information for those trying to design hardware to prevent hacking. When you realize this is a grad student (ok, PhD at MIT, so ultra grad student) who has gone so far to get a hold of emulators, precision soldering equipment (e.g. replace the FLASH EEPROM with a socket), decapsulated the Celeron, Nvidia GPU and southbridge, and is maintaining a running web pages with updates based on communication with several others working on related areas, then you realize how effective reverse engineering can be if done by a talented person with energy and time. http://www.xenatera.com/bunnie/proj/anatak/xboxmod.html http://xbox-linux.sourceforge.net/articles.php?aid=1&sub=Flash%20structures Jeff Brower system engineer Signalogic -------- Original Message -------- Subject: Re: [c54x] Firmware Protection Date: Thu, 21 Aug 2003 15:52:50 -0400 From: "Andrew Xiang" <> Reply-To: "Andrew Xiang" <> Organization: Andrew Xiang To: <>, "Rodrigo Rivas" <> References: You cannot prevent it. But you can make it harder: 1. write messy code and implement messy hardware.2. put a EEPROM with a fixed value and different on each board. encode a portion of your program using the code.3. make the product dirt cheap so there is no incentive to copy. that is all I can think of. -Andrew ----- Original Message ----- From: Rodrigo Rivas To: Sent: Thursday, August 21, 2003 12:56 PM Subject: [c54x] Firmware Protection Hi , How do you protect the firmware in your custom boards ?In our custom board, there is an external Flash in which reside the firmware. The firmware can fit in the on-chip RAM of the C5416, then after bootloading, the C5416 run from on-chip RAM. Then the problem is how to protect the firmware that reside in the external Flash against copies ? any help is welcomeThanks in advance Rodrigo Rivas _____________________________________ |
[Fwd: Re: Firmware Protection]
Started by ●August 21, 2003