Lpc2000

hi unity0724

mention a sinlge semi conductor company that does'nt
want to do a
business in china and thaiwan.

it is totally absurd  to say A company has a marketing
edge in X conutry because you can hack that company
chip 

shridhar
--- unity0724 <unity0724@...> wrote:

> Ummm...  hello, not that I'm not interested of.
> <<<Is question of
>  whether can somebody please show me some proven way
> of hacking the
>  chip and document the process properly (I would be
> very interested
>  in that)!! >>>  if want to crack chip, just crack
> it.  Philips is
>  not going to tell us chip is "CRACK-able"
> The thread had been going on for 2 weeks without any
> solid
>  findings.  All are just "PURE SPECULATIONS".
> 
> I've already listed a possible way of cracking the
> chip. Can
>  somebody please try out:
> => I think the ARM7 Core is much robust than the
> Flash memory,
>  cracking along that path might be successful..
> - Enable the CRP on a  CRP capable device (LPC2124
> or LPC2214)
> - Clock the chip at >100mhz for first few
> instructions, try to screw
>  up the bootloader attempting to disable the JTAG
> (first few
>  instruction only)
> - The ARM7 CPU core seems capable of running up to
> around 200MHz
>   but I do not think the flash+ECC circuit can take
> it.  Especially
>   the ECC.
> - Chip is cracked if ARM7 skips the first few
> instructions (whatever
>   the few instructions will be mis-interpreted as: 
> logical and, or,
>   mov, shift command).  The chip can be cracked as
> long as the
>   instruction pointer/program counter move by just
> 3-5 instructions
>   counts and PINSEL2 not written properly.
> - After that you might have enough clock cycles to
> force in your
>   JTAG control (before any bootloader tries to
> disables it again
>   after reading the 0x87654321 from 0x1fc)
> - If you cannot get it work the first few time, try
> with
>   higher/lower frequencies,
> - Or on that first few instruction cycles, drive the
> Core Voltage 
>   at 0.9V to 1.2V where the flash might not even
> work. Power back
>   to normal 1.8V after that few instructions.   You
> have full
>   control of the clock pulses and voltage.
> - Again, this is just purely speculation.   50% of
> LPC2124 are 
>   even having about 3-5% chances of reset failures
> when I drive it
>   at 50MHz.  (Hee, actually the chip does not even
> meet the 50Mhz
>   datasheet clock input spec.   I do  not know  if
> the XTALI pin
>   could take >100MHz, May be need to power core at
> 2.1V to run ARM7
>   at >100Mhz)
> - Power the Core voltage at very low voltage might
> have much better 
>   successful rate.   I believe the ARM core might
> still work if you
>   power it at 1V and few MHZ.   But can that flash
> work at 1V?? 
>   (Come to think of that, may be I better switch my
> LPC2124 to
>   LPC2136 with LDO and brown-out detect)  Guys with
> JTAG tools...
>   pls try power the chip at much lower voltage and
> crack it...
> 
> If you cannot get that working (means the chip
> cracked).   I can  
>  always think of more ideas for you....  We can try
> another 10-20
>  methods....
> But having one Big questions of:  What do we get if
> the LPC2xxx chip 
>  proven can be cracked?? Crack it and read back our
> own code?? (we
>  are supposed to be victims), or Making $$$ from
> some class action 
>  suit??   :) :)
> 
> If anybody not comfortable with philips CRP then
> better switch to
>  atmel. But I can ensure you there would be much
> more Atmel hackers
>  (than philips) in China and Taiwan as that's
> Atmel's big market.  
> Those chip hackers are REAL hackers and I'm NOT a
> chip hacker.
> 
> Happy new year to everybody...I still do not want my
> new year mood 
> vaporized due to "CRP too fragile"...
> Regards
> 
> 
> 
> 
> --- In lpc2000@yahoogroups.com, "jayasooriah"
> <jayasooriah@y...> 
> wrote:
> >
> > I dont know why are so eager to quench this
> discussion just because
> > you have no (or very simplistic) requirements in
> relation to code
> > security. It is perfectly alright for you to be
> not interested.
> > 
> > There are many people here, including myself, who
> are concerned (to
> > say the least) as to how safe IP that is loaded
> onto on-chip flash 
> is
> > when the part is in thehands of the those who know
> what they are 
> doing.
> > 
> > The ball is now in Philips' court.  Give them time
> to respond
> > credibly, or not at all as they see fit.  We all
> know how to make
> > inferences.
> > 
> > --- In lpc2000@yahoogroups.com, "unity0724"
> <unity0724@y...> wrote:
> > > Many thanks to the summary and conclusion, and
> clarifications
> > > showing "no simple way of cracking the read
> protection."
> > > ...
> > > Somebody please provide some proven way of
> cracking the chip 
> > > else this thread should be concluded.
> >
> 
> 
> 
> 
> 



		
__________________________________________ 
Yahoo! DSL \ufffd Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com