Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
December 05, 2016, 11:21:35 11:21


Login with username, password and session length


Pages: [1]
Print
Author Topic: HOW TO GET PROGRAM FROM A PIC  (Read 12136 times)
0 Members and 1 Guest are viewing this topic.
chandra2sekhar2000
Active Member
***
Offline Offline

Posts: 121

Thank You
-Given: 22
-Receive: 17


« on: February 15, 2007, 12:57:18 12:57 »

HELLO
I HAVE BROUGHT A INVERTER WHICH USES PIC16F73.THE PIC HAS BEEN CODE PROTECTED.IS THERE ANY WAY TO GETBACK THE HEX CODE FROM THE PIC.
PLEASE HELP ME
Logged
bbarney
Moderator
Hero Member
*****
Offline Offline

Posts: 2403

Thank You
-Given: 405
-Receive: 544


Uhm? where did pickit put my mute button


« Reply #1 on: February 15, 2007, 02:26:14 14:26 »

you can't
Logged

Ever wonder why Kamikaze pilot's wore helmet's ?
FriskyFerret
Hero Member
*****
Offline Offline

Posts: 564

Thank You
-Given: 513
-Receive: 358


Put it in, take it out.


WWW
« Reply #2 on: February 15, 2007, 08:38:05 20:38 »

There is at least one company that will do it for several hundred dollars US, if you really want the ROM code. They use advanced destructive techniques, laser drills, micro-probes, liquid mercury, rare highly toxic solvents etc, to bypass or remove the protection at the wafer level. Nothing that an experimenter can do at home. Other than that you're SOL.

The way I look at it, if $500 is too much to spend to extract the ROM code, you don't really need it.

Logged

Dancing pants and leotards, that's what I'm talkin' about!
gonna
Guest
« Reply #3 on: February 15, 2007, 09:18:51 21:18 »

There is at least one company that will do it for several hundred dollars US, if you really want the ROM code. They use advanced destructive techniques, laser drills, micro-probes, liquid mercury, rare highly toxic solvents etc, to bypass or remove the protection at the wafer level. Nothing that an experimenter can do at home. Other than that you're SOL.

The way I look at it, if $500 is too much to spend to extract the ROM code, you don't really need it.



What a load of piffle! Who the hell sold you that story. Anyway its a load of misinformation.
The way its done is not to remove the protection at all. It's totally unnecessary.
The IC is depth measured by x-ray. Then the plastic encapsulation is carefully ground down by computer control to within a few microns of the top of the die in a clean air-room. The last few microns of the package are disolved by a small drop of nitic acid from a pipette and a temperature controlled oven in a couple of minutes. The die is then placed under a very high magnification ion beam electron microscope with a motor speed controlled x,y axis that is focussed on the rom part of the die. A scanning image is taken of the cell structure of the silicon and the die memory is directly read/converted from the images. There is no need to unprotect the device. With a high enough magnification you can simply look at the density variations in the silicon that represent the 1's and 0's. A photo scanner resolves the binary information from the images. It IS expensive - around $1,000 - but it's being done every day in Taiwanese silicon research sites - no big deal - if you've got the money.
BTW for those that are interested, this is a parallel process to that taken by the "government" at Langley when reading directly the magnetic structure of hard disc platters. By pointing the electron microcope at the side of the magnetic track on the platter, it is possible to recover all the data from the hard drive even though the data track on the drive has been erased many times. Providing the drive has not been erased too many times and providing there is the normal track tolerance wander variation between the magnetic heads and the rotating platters, the data can be recovered. I believe all the US drive manufacturers' ensure the head / track wander tolerance is purposely manufactured to leave this window of slack, - to make the "Government's" job easier.
Don't bother asking how I know!

Laser drills, liquid mercury, toxic chemicals? Phoooey.
Logged
FriskyFerret
Hero Member
*****
Offline Offline

Posts: 564

Thank You
-Given: 513
-Receive: 358


Put it in, take it out.


WWW
« Reply #4 on: February 16, 2007, 04:22:41 04:22 »

Quote
Don't bother asking how I know!

I won't, 'cause you sound like a real weenie.

Here are some very respectable references on the subject. You will note that lasers, highly toxic chemicals,
and micro-probes are mentioned.

http://www.cl.cam.ac.uk/~sps32/mcu_lock.html
http://www.cl.cam.ac.uk/Teaching/2003/Security/guestslides/slides-tamper.pdf
http://www.cl.cam.ac.uk/~sps32/thesis_book.jpg
http://www.cl.cam.ac.uk/~sps32/

and

http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
Logged

Dancing pants and leotards, that's what I'm talkin' about!
gonna
Guest
« Reply #5 on: February 16, 2007, 06:17:19 06:17 »

Quote
Don't bother asking how I know!

I won't, 'cause you sound like a real weenie.

Here are some very respectable references on the subject. You will note that lasers, highly toxic chemicals,
and micro-probes are mentioned.

http://www.cl.cam.ac.uk/~sps32/mcu_lock.html
http://www.cl.cam.ac.uk/Teaching/2003/Security/guestslides/slides-tamper.pdf
http://www.cl.cam.ac.uk/~sps32/thesis_book.jpg
http://www.cl.cam.ac.uk/~sps32/

and

http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf


The point I was trying to make (but made badly obviously), is that the "proper" modern reverse engineering method is as I've described. It used to be done with all that clutter years ago (and probably still is by back street merchants), but what I'm trying to say is that you don't need to do it like that anymore. It's years out of date and is a load of old phooey. That information is simply way out of date even though it is presented otherwise and may be an authoritive take on the situation 10 years ago. The plastic package encapsulation (the material mix), was altered to make it simpler and cheaper to mould and a spin off value-add was the determination that the material had less abrasive resistance. There is no longer a need to burn it off with a laser. Moreover, the DSP capability of imaging has improved remarkably so this is now the cheapest, preferred method.
If I'm a weeny then you're a plain wanker that hasn't got the gumption to question whether the sources of the information you read are technically up to date. You can read a book published in February 2007 but that doesn't mean the information is up to date or that the author is quoting current technology does it? Duhhhhhhhhhhhhh!
Logged
FriskyFerret
Hero Member
*****
Offline Offline

Posts: 564

Thank You
-Given: 513
-Receive: 358


Put it in, take it out.


WWW
« Reply #6 on: February 16, 2007, 03:21:09 15:21 »

If I were a wanker, I'd be a Grand Wanker and buy myself a seat in the House of Lords.  Kiss
Logged

Dancing pants and leotards, that's what I'm talkin' about!
Rego
Senior Member
****
Offline Offline

Posts: 497

Thank You
-Given: 0
-Receive: 320


The power is back


« Reply #7 on: February 17, 2007, 04:14:20 04:14 »


NO FLAMING WAR HERE.....

just show your opinions in a respected way
Logged

Smiley ....THE POWER IS BACK.... Smiley

....REGO....
sohel
Senior Member
****
Offline Offline

Posts: 437

Thank You
-Given: 140
-Receive: 124



WWW
« Reply #8 on: February 17, 2007, 11:13:25 11:13 »

why u want to read rom. its not fair. if u want it u may talk to them who created, they also demand some US $. if they didnt reply then talk to me. i will help u. please dont go to wrong way. please send me ur scamitic diagramme.

« Last Edit: February 17, 2007, 11:15:34 11:15 by sohel » Logged

A Thousand Miles Journey Start With a Single Step<br />http://www.youtube.com/user/masud58
mustuva
Junior Member
**
Offline Offline

Posts: 55

Thank You
-Given: 167
-Receive: 109


« Reply #9 on: July 27, 2009, 01:57:28 13:57 »

Nice article about reading program code from a protected pic.

Hacking the PIC 18F1320 http://www.bunniestudios.com/?page_id=13
Logged
leosedf
Junior Member
**
 Muted
Offline Offline

Posts: 45

Thank You
-Given: 72
-Receive: 9


WWW
« Reply #10 on: July 30, 2009, 09:32:15 09:32 »

Also www.semiresearch.com does the same.
They also sell some hardware to read some protected PIC's.
Logged
9thwonder
Newbie
*
Offline Offline

Posts: 26

Thank You
-Given: 5
-Receive: 11


« Reply #11 on: August 20, 2009, 10:49:00 10:49 »

if it is 16f73 lcd based sine wave inverter i can give u hex code.
Logged
suzuki
Newbie
*
Offline Offline

Posts: 15

Thank You
-Given: 6
-Receive: 2


« Reply #12 on: August 22, 2009, 05:19:45 17:19 »

at what cost?
Logged
vanko
Newbie
*
Offline Offline

Posts: 20

Thank You
-Given: 24
-Receive: 1


« Reply #13 on: August 29, 2009, 03:11:28 03:11 »

Hi,
my frienf has some experience with unlocking  PIC16C53. His method is to freeze the chip  to wery low temperature with some dentist's chemical, temperature goes down perhaps about - 30 C or below. In this state he reads a chip with programer and have success wit one LPG fuel pump controller from Peugeot. I don't know if this will work with your PIC, but you can try with another one PIC - program, lock, freez and try to read in this state. His chip was covered with a layer of ice when reading.

I wish you success.

Vanko
Logged
ALLPIC
V.I.P
Active Member
*****
Offline Offline

Posts: 113

Thank You
-Given: 64
-Receive: 72


« Reply #14 on: August 29, 2009, 05:30:37 05:30 »

I really think this will be very wrong methode. and No one should try to do that. Because if any person has taken somuch efforts to bring that product at Product stage, and after that if some one stolen that then.... I gone through that stage my software has been stolen by my employ and you all can understand that. The Product is not just software or Hex file

Rather than this way contact me or any professional we will help you make product and be stand tall in market....
Logged
vanko
Newbie
*
Offline Offline

Posts: 20

Thank You
-Given: 24
-Receive: 1


« Reply #15 on: August 29, 2009, 09:20:18 21:20 »

This info is only for home use not for commercial.

Sorry if it concerns somebody

Regards
Logged
sudipm
Guest
« Reply #16 on: September 07, 2009, 03:11:42 15:11 »

if it is 16f73 lcd based sine wave inverter i can give u hex code.
Hi
can you please give the link to the hex code and the schematic.

Regards
Logged
medik
Newbie
*
Offline Offline

Posts: 34

Thank You
-Given: 64
-Receive: 2


« Reply #17 on: September 14, 2009, 12:54:17 12:54 »

Anyone tried the freezing and reading method for code retrieval? I know that freezing does something on the PICmicro. Used normal refrigerating occasionally to revive a bad PIC.
Logged
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC