Lpc2000

Hi, I think you got my points all wrong...

=> It should be if a company's microcontrollers is more popular
in X country. It will attract more hackers hacking their chips.
(Hee, Atmel microcontroller traditionally is very popular in
China/Taiwan. I do not know how long can the new AT91 CRP last...)

It is definitely NOT "if chip is HACK-able, it will be more
popular/marketing edge..." :)

(Hee...  I hope you are NOT Atmel re-seller...)
==========================================

Anyway, those are beside the main topic.
=> Can somebody here please prove the Philips CRP are "HACK-able".
Before we start some discussion whether to switch to..atmel maybe...

Regards


--- In lpc2000@yahoogroups.com, shridhar joshi 
<shridharjoshi2000@y...> wrote:
>
> hi unity0724
> 
> mention a sinlge semi conductor company that does'nt
> want to do a
> business in china and thaiwan.
> 
> it is totally absurd  to say A company has a marketing
> edge in X conutry because you can hack that company
> chip 
> 
> shridhar
> --- unity0724 <unity0724@y...> wrote:
> 
> > Ummm...  hello, not that I'm not interested of.
> > <<<Is question of
> >  whether can somebody please show me some proven way
> > of hacking the
> >  chip and document the process properly (I would be
> > very interested
> >  in that)!! >>>  if want to crack chip, just crack
> > it.  Philips is
> >  not going to tell us chip is "CRACK-able"
> > The thread had been going on for 2 weeks without any
> > solid
> >  findings.  All are just "PURE SPECULATIONS".
> > 
> > I've already listed a possible way of cracking the
> > chip. Can
> >  somebody please try out:
> > => I think the ARM7 Core is much robust than the
> > Flash memory,
> >  cracking along that path might be successful..
> > - Enable the CRP on a  CRP capable device (LPC2124
> > or LPC2214)
> > - Clock the chip at >100mhz for first few
> > instructions, try to screw
> >  up the bootloader attempting to disable the JTAG
> > (first few
> >  instruction only)
> > - The ARM7 CPU core seems capable of running up to
> > around 200MHz
> >   but I do not think the flash+ECC circuit can take
> > it.  Especially
> >   the ECC.
> > - Chip is cracked if ARM7 skips the first few
> > instructions (whatever
> >   the few instructions will be mis-interpreted as: 
> > logical and, or,
> >   mov, shift command).  The chip can be cracked as
> > long as the
> >   instruction pointer/program counter move by just
> > 3-5 instructions
> >   counts and PINSEL2 not written properly.
> > - After that you might have enough clock cycles to
> > force in your
> >   JTAG control (before any bootloader tries to
> > disables it again
> >   after reading the 0x87654321 from 0x1fc)
> > - If you cannot get it work the first few time, try
> > with
> >   higher/lower frequencies,
> > - Or on that first few instruction cycles, drive the
> > Core Voltage 
> >   at 0.9V to 1.2V where the flash might not even
> > work. Power back
> >   to normal 1.8V after that few instructions.   You
> > have full
> >   control of the clock pulses and voltage.
> > - Again, this is just purely speculation.   50% of
> > LPC2124 are 
> >   even having about 3-5% chances of reset failures
> > when I drive it
> >   at 50MHz.  (Hee, actually the chip does not even
> > meet the 50Mhz
> >   datasheet clock input spec.   I do  not know  if
> > the XTALI pin
> >   could take >100MHz, May be need to power core at
> > 2.1V to run ARM7
> >   at >100Mhz)
> > - Power the Core voltage at very low voltage might
> > have much better 
> >   successful rate.   I believe the ARM core might
> > still work if you
> >   power it at 1V and few MHZ.   But can that flash
> > work at 1V?? 
> >   (Come to think of that, may be I better switch my
> > LPC2124 to
> >   LPC2136 with LDO and brown-out detect)  Guys with
> > JTAG tools...
> >   pls try power the chip at much lower voltage and
> > crack it...
> > 
> > If you cannot get that working (means the chip
> > cracked).   I can  
> >  always think of more ideas for you....  We can try
> > another 10-20
> >  methods....
> > But having one Big questions of:  What do we get if
> > the LPC2xxx chip 
> >  proven can be cracked?? Crack it and read back our
> > own code?? (we
> >  are supposed to be victims), or Making $$$ from
> > some class action 
> >  suit??   :) :)
> > 
> > If anybody not comfortable with philips CRP then
> > better switch to
> >  atmel. But I can ensure you there would be much
> > more Atmel hackers
> >  (than philips) in China and Taiwan as that's
> > Atmel's big market.  
> > Those chip hackers are REAL hackers and I'm NOT a
> > chip hacker.
> > 
> > Happy new year to everybody...I still do not want my
> > new year mood 
> > vaporized due to "CRP too fragile"...
> > Regards
> > 
> > 
> > 
> > 
> > --- In lpc2000@yahoogroups.com, "jayasooriah"
> > <jayasooriah@y...> 
> > wrote:
> > >
> > > I dont know why are so eager to quench this
> > discussion just because
> > > you have no (or very simplistic) requirements in
> > relation to code
> > > security. It is perfectly alright for you to be
> > not interested.
> > > 
> > > There are many people here, including myself, who
> > are concerned (to
> > > say the least) as to how safe IP that is loaded
> > onto on-chip flash 
> > is
> > > when the part is in thehands of the those who know
> > what they are 
> > doing.
> > > 
> > > The ball is now in Philips' court.  Give them time
> > to respond
> > > credibly, or not at all as they see fit.  We all
> > know how to make
> > > inferences.
> > > 
> > > --- In lpc2000@yahoogroups.com, "unity0724"
> > <unity0724@y...> wrote:
> > > > Many thanks to the summary and conclusion, and
> > clarifications
> > > > showing "no simple way of cracking the read
> > protection."
> > > > ...
> > > > Somebody please provide some proven way of
> > cracking the chip 
> > > > else this thread should be concluded.
> > >
> > 
> > 
> > 
> > 
> > 
> 
> 
> 
> 		
> __________________________________________ 
> Yahoo! DSL – Something to write home about. 
> Just $16.99/mo. or less. 
> dsl.yahoo.com
>