[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fuseable Links - no guarantees??




| >I recently saw an add for a UK based group that says they can take a PIC
| >OTP micro and read the prom (for a fee, of course) - How the heck is this
| >done??

According to the FAQ for satellite piracy, whatever that is called, it is
quite simple for some models of PICs. 

Many of the OTP PICs have a wipe mode for reusal. Apply a certain voltage,
the programming voltage, and the memory is wiped and a fuse is restored so
the memory is programmable again.

Approx a year ago some people on this scene discovered that one could restore
the fuse without erasing the memory content. They applied the programming
voltage minus 0.5V (or something similar). The idea is that there is a voltage
drop across the fuse, and this modified voltage level just barely "manages
it" across the fuse. The voltage level is however not enough to spark the
memory erasure mechanism off.

So I guess one can look at the circuitry and apply non-standard voltage and
current values, or even non-standard timing values -- and do bad things
to these circuits. So this begs the question: Is there anyone who has looked
at "computer security" issues at this level? Is this just bad implementations
of these circuits or are there a fundamentally hard problem in this?

(I'd guess you'll find the FAQ if you search for the words "satellite piracy
PIC OTP" on Alta Vista.)

-Christian