As long as the microcontroller has a true unique ID, you can make encryption indestructible

Source: As long as the microcontroller has a true unique ID, you can make encryption indestructible

Http://www.amobbs.com/thread-5518980-1-1.html

First ring:
ID-->F1 (ID)---"IDX,
The ID is converted to an integer idx by a custom algorithm F1, F1 is an irreversible operation and cannot be easily analyzed, which is actually easy to implement.
Then, save the IDX to the EEPROM or flash anywhere, we can read this number by compiling a function get_idx ().

Second ring:
One more function:
int Getmy_1 ()

{

Return F1 (ID)-get_idx () +1;

}

int Getmy_0 ()

{

Return F1 (ID)-get_idx ();

}

There are also other custom functions inside: All can be used directly (F1 (ID)-get_idx ()) to replace 0; Use Directly (F1 (ID)-get_idx () +1) to replace 1;

Third Ring:
You can consider using Getmy_1 () in place of any application that requires 1.
Or even if you do not use 1, you can also come up with:
such as: x= (X+1-getmy_1 ()) *getmy_1 ();
or put

for (i=0;i<=count-1;i++) instead: for (I=getmy_0 (); I<=count-getmy_1 (); i++)
Or is it:
Pointer p++; can be changed to: P=p+getmy_1 ();
Or: When passing a variable to a function, the passing party +F1 (ID) on the variable, and the called Function--get_idx () on the variable:
Like it was supposed to be

void F1 () {int i,j; ..... j=f2 (i);}
int F2 (i) {return i*2;}

Modified to:

void F1 () {int i; .... J=F2 (I+F1 (ID));}
int F2 (i) {return (I-GET_IDX ()) * *;}

If the program is illegally copied: The IDX cannot be obtained from the ID, then the IDX and F1 (ID) are not equal,
Then GETMY_0 is no longer the 0,getmy_1 is no longer 1,
No one can predict what will happen to the program.
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

Features: Because the entire program encryption, the use of "operational encryption" of the idea, rather than the determination of encryption, and no use of any line if judgment, let the decryption to think of breaking the head.

Even if it is possible to guess that the encryption idea, but the program is not based on if judgment jump, the role of encryption naturally distributed in the program, how to change, but also very nerve-racking. Directly modify Getmy_1 and Getmy_0, the first

First you have to analyze the idea of encryption to make.

Also modify getmy_1 and getmy_0 just to kill the simple part.

And some are hard to kill:
When passing a variable to a function, the passing party +F1 (ID) on the variable, and the called Function--get_idx () on the variable:
Like it was supposed to be

void F1 () {int i,j; ..... j=f2 (i);}
int F2 (i) {return i*2;}

Modified to:

void F1 () {int i; .... J=F2 (I+F1 (ID));}
int F2 (i) {return (I-GET_IDX ()) * *;}

In addition, including some global part of the processing of variables, you can add F1 (ID) in some functions; In other places the operation of-get_idx () does not simply focus the code on a point.
Of course, this can take time to kill if you understand the encryption of the program in a precise way, but the encryption itself is rarely used at the moment.
In short, this encryption strength is much higher than the simple if comparison method. This is a new basic idea, my example is just a few simple examples, I can do more flexibility.

F1, of course, is the same. Just the ID is different.

By the way back upstairs, I have a premise: as long as the microcontroller has a true unique ID, this meaning contains: the single-chip ID can not be copied.
You said that place just how to copy the program out, if the microcontroller has a true unique ID, copy the program is useless.

Let's not shoot bricks first, the idea is very good. The complexity has increased to a certain extent. It is suggested to make compulsory in-line, otherwise it is too obvious to crack people ... Because a lot of logic points to one or two functions ... Don't underestimate the IQ of doing this-the so-called No diamond, not the porcelain live. In addition, the comparison with subtraction is also the industry common sense ... Other useful different or whether the result is 0 ... These are common features ... Yes, inline! good train of thought, must!

The code size goes up Oh ~ Execution efficiency is also affected ... But if there is internal what 1~4 cycle of the hardware CRC and so on, you can solve the efficiency problem, and completely hide the algorithm well ... The problem is ... This CRC hardware is best to be non-public only line ... Some chips also have some special matrix transpose (permutation) peripherals--and none of them are publicly available ...

Hidden encryption algorithm encryption application scope is affected, because the use of more people, naturally public, public encryption algorithm, no key but still difficult to decrypt the vitality, the landlord this idea is able to increase the difficulty of cracking, but only to the pirates to raise wages. Of course, some small products, profit and market is not big, piracy costs too high can indeed protect poor programmers

All stand-alone programs can be cracked, really to protect their results is not through encryption, but through the network services, which is like anti-virus software, as long as the Internet, the initiative is always in their hands, such software will never be encrypted. Like Microsoft's WinXP, how to encrypt will also be cracked, but as long as the Internet, you can black screen, like a stand-alone game, today do out, tomorrow is cracked, but the network game, you have seen cracked it? Unless the server is compromised, it is discovered as soon as an intrusion is taken. Therefore, the monolithic confidential want to completely protect property rights, we must provide network services.

First of all, don't be busy making bricks, I'll tidy up my thoughts. The key to using the global unique ID (each MCU has a unique ID) is to prevent the program from being read easily, and even hex ROM does not have to be encrypted at all, and it does not matter how easy it is to decipher the hex code. In fact, it only takes two steps: 1. Think of a very good algorithm, using the MCU GUID to generate another ID (variable length), and then design a download (encryption algorithm is also inside) into the EEPROM or program ROM inside. Keep the burner, do not vent. Your burner is an encryption tool! 2. In your program distributed to the burner burned in the encryption after the ID decryption. This is more important because the decryption code is too concentrated for disassembly analysis. For example, do not decrypt the correct not to enter the dead loop, do not immediately kill the function, if it is pirated you deliberately give him a few deadly bugs, let him copy after production returns, the loss of greater. The result of encryption is that the hexcode of each MCU is different, even if the hexcode of an MCU is read out, burning to another MCU cannot be verified by the decryption algorithm. The only way to decrypt it is to analyze your hexcode, analyze the encryption algorithm, and then design the same burner as you! In short, this method can only compare the larger program ROM has the effect, if it is a small MCU, such as only 1KB ROM is difficult to do, after all, the code is less, easy to analyze. To tell you the truth, if you have such an engineer to disassemble your code, maybe he is going to be faster than the design! This is only anti-theft fire and anti-villain.

Use Simlator to track the program. Then find the GUID. Replace it.

The UID of the STM32 is partly a description of the film in the XY coordinate position of the wafer, a wafer above all the video UID is different, as for the different wafer uid how to achieve the difference I do not know. is it difficult to implement a unique ID on a wafer? The laser flashes, and the wires that randomly cut 96 wafers get a unique ID of 96bit------------------------

Landlord This encryption method is really good, but the premise is the way of the inline, otherwise frequent calls to a function will soon be found, the other encrypted IDX is best to read into RAM at startup, otherwise frequent reading of a flash or EEPROM location is also easy to find, and finally, Also need to choose a higher cost of decryption microcontroller, such as a recent friend to decrypt a single-chip NEC, ROM read out the cost of nearly 200,000. The other upstairs said this method is simple, just because you have seen the landlord's encryption idea, if now is to give a way to encrypt the firmware out, I think there will be no one easy to jump to conclusions. If it is an inline function and goes up, then there is a small problem is that the amount of code is very large.

Building main research software encryption algorithm, it is recommended to first learn about the general application of Windows under the various principles of shell, the unique ID in this field is completely not a new thing, the most common is the software based on the CPU, hard disk or network card Mac to generate a so-called hardware ID to let users register. and algorithm encryption is a variety of, in addition to the encryption conditions, and the code dynamic decoding, is to use the correct key to decrypt the code of function A, and then jump past execution, the next time the decoding function B will cover the space of function A and so on. There are virtual machine encryption, a piece of x86 code into the MIPS code, run in the virtual machine, so if the crack does not know what the virtual machine simulation is what kind of assembly instructions, the anti-compilation will be very tired, the price is running speed down.

An MCU suitable for a very large ROM can add some junk code. Reading the hardware ID or software ID of these two points is the main place for blasting. For example, the firmware is the overall verification of the hardware ID, even if the programmer to change the firmware in the other key location, the entire algorithm verifies that the current MCU hardware ID is not matched with this firmware as long as the location to read this ID patch will be finished. This is actually similar to the encryption of the software that is tied to a PC machine.

Your method must ensure that you read the unique ID's behavior without being seen by the cracker. Like STM32 's standalone ID at a fixed address, just find the statement that accesses that address.

Now there are many production programmers are supported by the unique ID to transform some data to write to the specified address, and even support their own to write a transform plug-in, each microcontroller program is not the same is completely possible.

The more complex your algorithmic design, the better it is for them if it is not to protect your own interests directly.

What indestructible. The professional encryption chip can be settled. What about this stuff?

As long as the microcontroller has a true unique ID, you can make encryption indestructible (GO)