PIC code protection and security

PIC Code Protection & Security

One of the most important features of PIC microcontrollers (and many other types of microcontrollers) is the ability to protect the programme within the device from being copied. This is done by setting the code protection bits in the configuration memory. If a code protected PIC is read the data is shown as all zeros and if the configuration is reset to be without code protection the whole programme memory is erased.

The importance of being able to code protect the programme data cannot be over emphasised. It means that unlike when programmes are stored on floppy disc or CD small business owners can sleep soundly at night knowing their hard work is not being stolen.

At Brunning Software we take this a stage further. All our text files which contain programme data are stored in encrypted format. Encryption is a standard features of all our programmes which create text. Use ESC Z to set an encryption code, use ESC U to change the file type to BW, then every time the current work is saved it will be encrypted. Our system ensures that unprotected data is never saved to disc.

This encryption feature is included in our PIC assembler programme and our PC assembler programme. Our encryption system uses dynamic encoding so that even if the exact content of an encrypted file is known there is no simple way to find the encryption code.

Reading a Code protected PIC (Updated 13th April 2004)

The very first PICs with flash memory, the PIC16C84, have a weak code protection system. With these old PICs if the programme voltage is juggled to a critical point the code protection can be removed without the programme within the PIC being erased. I have not experimented with this but it is so well documented that we must assume it to be true.

The PIC16C84 was designed more than ten years ago and since then the flash memory PICs have been completely redesigned. We can be certain that Microchip have improved the protection system with each update but all protection systems can be broken. The better the protection the greater the cost of breaking it in terms of man hours or specialised equipment. For obvious reasons Microchip are not going to tell us if their system has known weaknesses. My research suggests that the protection is now very good across the F range of PICs but that they are still vulnerable using invasive techniques with the right (expensive) equipment.

Latest Information (Updated 9th May 2005)

Over the last few years 'chip and PIN' credit/debit cards have become standard. We can be sure that inside each one is a microcontroller. We can also be sure that unofficial access to the data in these chips is virtually impossible. All this is common sense, and over the same period Microchip have bought out 'A' versions of several of their most important PICs.

The latest 'A' versions and all the recent new PICs use a substantially different programming system to write the data into these PICs. We can be sure that this is no coincidence. So if you intend to use code protection and you want the greatest security use the very latest versions of the PICs.

For example.... PIC16F877A, PIC16F876A, PIC16F874A, PIC16F873A, PIC16F628A, PIC16F627A, PIC16F88. The PIC16F84A is an exception as that was bought out before this latest wave of code protection improvements - for best code protection adjust the programme so that you can use a PIC16F627A or PIC16F88 in place of the PIC16F84A.