Security vulnerability with MAX CPLD's !!

You have the Cyclone III LS family which is more targeted on security and protection against tempering and cloning.

But nothing is bullet proof. You can make it more difficult to reverse engineer a system, but to someone with unlimited resources anything is crackable. You just need to make it hard enough so that it isn't economically viable.

As for the Max V... I didn't find in the datasheet how the configuration is transferred from the internal flash to the SRAM registers during power up. If this transfer is done serially, then in theory it could be possible to get the configuration stream back by carefully monitoring the power supply. That said I rather think that it is a parallel interface, and in that case getting the stream back is near impossible in this way. The only way to get the configuration would then be to open the chip and do a more invasive attack, which would require extensive knowledge and equipment.

--- Quote Start ---

Sorry I didn't see that you were using a Max 3000A and not a Max V. In that case it makes things a lot harder, as the Max 3000 doesn't use a separate configuration memory but has EEPROM cells directly integrated in the LABs. In this case there is no way to access the configuration by probing the power supply or trying to trigger errors that way, as there in no configuration data loading. The only solution I see to get back the data in that case is either through a magical undocumented JTAG command (which I'm not aware of, and I don't think Altera would have done this) or by opening the chip and trying to make that bit change in some way. So this doesn't change what I said, while it isn't impossible it requires lots of knowledge and equipment, and probably isn't cheap.

--- Quote End ---

Thanks for the reply

The thing is, the site I posted the link for is offering that service. These dudes in china don't care about IP protection or patents :( Is there anything in the MAX II or V parts that would make an invasive or semi-invasive attack difficult or is it just a matter of time before they can reverse engineer those ? Maybe someone from Altera can tell us.

regards

http://www.mcu-reverse.com/contact-us (http://www.mcu-reverse.com/contact-us)

--- Quote Start ---

Email: mcureverse@gmail.com

Tel: 86-0755-25895856

FAX: 86-0755-2589681

Skype: simendi0755

Address for IC samples shipping:

Room 2110, Changhong Building, No. 3013 Sun Gang East Road, Luohu District, Shenzhen, Guangdong Province, China. (Zip code: 518010)

How to get started?

A. Please send an inquiry by skype, email or call with description of protected device you have.

B. Our staff will response quickest with quotation and delivery time and conditions for service.

C. Ship us the protected device, along with at least two or more not-programmed samples.

D. Before extracting the code, you need to pay 50% deposit by Paypal.

E. After extracting the code, we will send you back two programmed devices for you to test.

F. after making sure we had done our job with success, you will need to make final payment to receive the source code( .bin file or .hex file).

--- Quote End ---

i recall similar discussions on microcontroller forums. since the MAX II/V is flash based, you might take a look at something like avrfreaks.net to see the status of reading out flash bits from the die itself

i would focus on innovation and/or customer service instead of combating cloning

--- Quote Start ---

i recall similar discussions on microcontroller forums. since the MAX II/V is flash based, you might take a look at something like avrfreaks.net to see the status of reading out flash bits from the die itself

i would focus on innovation and/or customer service instead of combating cloning

--- Quote End ---

Unfortunately innovation don't pay the bills if everyone has got access to the same innovation as yours :(

Unfortunately I have had experience with IP theft of my own software. Each time I have had to look for better licensing and security software to thwart the crackers. It's not much joy seeing your own hard work being resold for 10% of your retail price from people who contributed absolutely nothing to its development. This time I want to make sure that I plug up all of the holes ;)

I could not find anything about it on the website you posted. Do you have any specific links to that forum ?

regards

--- Quote Start ---

is Your software more expensive than software extraction from chip? If it isn't, then it's not worth, so why bother?

--- Quote End ---

You shouldn't take this issue lightly. I wrote a Windows app once and there has been 1000's of licenses sold over the years. It has been cracked twice and I have had to use better licensing and protection software each time. So far the latest protection software has held out and there are no cracks available for the last few years. IP theft is a big issue especially in a country such as china which has blatant disregard for patents and copyright. You will notice that company that cracks chips is in china and not in the US. How long would it last if it was in the US ??

I don't build or design anything unless I can protect the IP otherwise you lose your competitive edge :(

regards

Well yes, but if it's more expensive to pay a cracker to write a crack than buy a licence (or let's say 10 licenses), then it isn't worth doing that. But if a cracker can hack a software in a hour, then the problem is in the software security itself.

You know that Your software can be cracked somehow right? Except how much time would it take to do it..?

--- Quote Start ---

Well yes, but if it's more expensive to pay a cracker to write a crack than buy a licence (or let's say 10 licenses), then it isn't worth doing that. But if a cracker can hack a software in a hour, then the problem is in the software security itself.

You know that Your software can be cracked somehow right? Except how much time would it take to do it..?

--- Quote End ---

Labor is a lot cheaper in china and some of these crackers look upon cracking as a challenge rather than for remuneration ;)