Martin wrote:
-------------------------------
Aka, how could they have ever overlooked a vulnerbility like that?

- - - - - - - - - - - - - - - -
Easily, to them the process of programming had long been sticking a uC into a programming socket and manipulating the IO pins to load or read the program in parallel. You work in a mindset long enough and its hard to see alternatives. I have a lot of respect for the manufacturer not named and I find nothing wrong with their actions. More honorable than most.

I believe that the problem came from the EPROM/ROM/OTP mindset. They considered FLASH the same initially, and then realized they could add new features like page erasing in the FLASH so that the uC could add code modules in the field. Sounds wonderful until someone thinks about the vulnerabilities. You can have the feature, but you sacrifice IP Protection features if you don't do it right.

In big corporations its often hard to sway the inertia that gets rolling due to office politics and power. Sometimes its wiser to cash your paychecks than to become a thorn in the side of some VP's pet-project. That's just business.

Martin wrote:
-------------------------------
Maybee, they were aware of it and accepted it, as a way of being able to get something into the chip once lock bits were set.

- - - - - - - - - - - - - - - -
As strange as it sounds, chip designers are not the best assembly language programmers and therefore might not have thought about using the MOVC to extract machine code. After all the MOVC says its for reading tables... if you don't think beyond those words, its an easy thing to overlook. I've seen situations in engineering when a problem is discovered that you have to make a decision to clean it up later and sell what you have, relying upon no outsiders to realize the problem. Again, that's just business.

Its quite possible someone down the process later changed the initial design specification to allow BOTH the security code to protect code and the other highly desirable new FLASH feature of being able to block erase and add code later. That sounds like a decision from marketing as they like features but don't understand any tradeoffs.

Martin wrote:
-------------------------------
If corporations were inocent it would be diabolical to try to break in. But, unfortunatly it seems that manafactures have about the same level of ethics as the top hackers.

- - - - - - - - - - - - - - - -
I don't see any fault with the manufacturer, in fact it appears to me that they made a very tough decision to obsolete the part before the replacement was even ready. That's a hard business decision and I rate them with integrity for doing that.

We kidded ourselves in the office that we might be subcontracted in order to impose standard protective covenances against public disclosures which would have also covered our recent observations. However the manufacturer didn't do that. While picturing a couple of Porsches in the parking lot was fun, we didn't have our own scruples tested.

:)

Martin wrote:
-------------------------------
What the hell is intellectual property?

- - - - - - - - - - - - - - - -
Intellectual Property is the mind-power that gives you a competitive edge over the competition. If its not protected, other companies can easily compete against you many times without even investing in the research required by you. Since boards and circuitry can easily be copied, about the only safe harbor is our code which has our secret algorithms buried inside. Protecting these secrets are vital to business profits and thus IP protection in a uC is important to us.


Martin wrote:
-------------------------------
It seems to me somewhat unnatatural to lock up information.

- - - - - - - - - - - - - - - -
I don't agree. I spent most of a lifetime making corporations wealthy without sharing much in that success. Now I have my own company and I protect our competitive advantage very seriously. If I don't, then me, my company and employees suffer. I'm definately a capitalist.

Martin wrote:
-------------------------------
Aka, damm it..., its unfortunate to see you on the other side.

- - - - - - - - - - - - - - - -
heheheh, There are an infinite set of money making deals available in the world. No need to take shortcuts that injure others in the process. Stealing IP or cloning designs injures others.

Of course, nothing also prevents anyone from using their brains to come up with an even better solution. That is what capitalism promotes. Survival of the fittest by forcing others to improve a product in order to win market share.

That is good for everyone.

aka j