3

I have a need to read out the flash memory of a read-protected PIC16F57 (this is for legal purposes). From my basic research, there appears to be no way of doing this short of decapping it and reading it out with a microscope, or selectively resetting the security bits with UV light by somehow masking out the rest of the die.

However, I've just contacted a company who advertises themselves as capable of dumping the flash off read-protected PICs. They quoted me $100 for a hex file. They claim a 100% success rate, so assuming they're not straight up lying, they can't possibly be decapping the chip, and instead must somehow be resetting the security fuses.

Is this possible? How? Or, like I suspect, are they scammers? Any way I can do what they're doing myself? I have 2 chips with identical firmware, so that gives me a little protection against frying it by dumb mistakes.

pipe
  • 13,748
  • 5
  • 42
  • 72
willem.hill
  • 434
  • 4
  • 13
  • 1
    Hi. The PIC16F57 is a nice I/O expander chip that not a lot of people recognize as such. It's cheap, lots of pins, etc. Anyway, my guess is that your Chinese contacts have broken into the In-Circuit debugging support that was added to the F series (I think the old C series OTP didn't have it.) Docs are "hard to get" out of Microchip. But once the NDA is signed, stuff has a habit of getting copied and ... well, shared. Even then, Microchip would not doc how to break into the chip. But with ICD knowledge, and time, much more may be uncovered. It probably takes them less than 60 seconds. – jonk Feb 01 '18 at 05:35
  • 1
    http://www.cl.cam.ac.uk/~sps32/mcu_lock.html – Bruce Abbott Feb 01 '18 at 08:09
  • There may be a voltage related method to override the code protect on a PIC controller. See this [link](http://www.piclist.com/techref/microchip/crack.htm). – Dan1138 Sep 24 '18 at 02:13

0 Answers0