wlee@csd4.csd.uwm.edu (Wan Ngai Wayne Lee) (02/25/90)
In article <2446@loral.UUCP> miller@loral.UUCP (BIG DAVE) writes: >Does anyone know a way of protecting the data that's been stored in a 2764, >8KX8, EPROM ?. Is there a way of safegarding data stored in such devices >once one gives the device to someone else ?. I read the spec sheets and found >no provisions for 'security bits', ala PALs, so I'm curious as to how one >might get around to solving such a problem. I would greately appreciate any >help in this matter. I don't think there is any protection for EPROMs. But I know both Motorola and Zilog produce MCUs with protection for on chip EPROMs. Wayne Lee wlee@csd4.csd.uwm.edu
johne@hpvcfs1.HP.COM (John Eaton) (02/27/90)
<<<< < But I know both Motorola and Zilog produce MCUs with < protection for on chip EPROMs. ---------- Some of the MCU's with on chip EPROM's are not as secure as you might think. I used one from Motorola where you placed your code in a transfer eprom that was connected to the pins of the micro.You then put the micro into bootstap mode and it would read the eprom and copy the data into its internal eprom. Afterwords you could power it up and it would execute your code. There was no instruction that could force it to dump its bits out. In playing with the programmer I discovered that if you invoke bootstrap mode with out applying the -12 Volts that it would go through a quick (2 seconds) attempt to program and then fail if the part did not match the external eprom. You could use this as a verify mode to see if the part exactly matched its transfer eprom. The verify would step through the addresses and stop if it found one that did not match the internal eprom. I thought of a interesting way that this feature could be used to "unload" the code out of the internal eprom. You build a programmer with ram instead of EPROM. Load the ram with all 00's and verify against the eprom. Read the address that fails, increment the data and repeat. I figured that with an average byte value of 128 that it would take about 6 days to extract all the bits from a 2 K eprom. Running the clock overspec and using opcode frequency analysis could cut that even lower. John Eaton !hpvcfs1!johne