HOW TO GET PROGRAM FROM A PIC

[chandra2sekhar2000]

HELLO
I HAVE BROUGHT A INVERTER WHICH USES PIC16F73.THE PIC HAS BEEN CODE PROTECTED.IS THERE ANY WAY TO GETBACK THE HEX CODE FROM THE PIC.
PLEASE HELP ME

[bbarney]

you can't

[FriskyFerret]

There is at least one company that will do it for several hundred dollars US, if you really want the ROM code. They use advanced destructive techniques, laser drills, micro-probes, liquid mercury, rare highly toxic solvents etc, to bypass or remove the protection at the wafer level. Nothing that an experimenter can do at home. Other than that you're SOL.

The way I look at it, if $500 is too much to spend to extract the ROM code, you don't really need it.

[gonna]

There is at least one company that will do it for several hundred dollars US, if you really want the ROM code. They use advanced destructive techniques, laser drills, micro-probes, liquid mercury, rare highly toxic solvents etc, to bypass or remove the protection at the wafer level. Nothing that an experimenter can do at home. Other than that you're SOL.

The way I look at it, if $500 is too much to spend to extract the ROM code, you don't really need it.

What a load of piffle! Who the hell sold you that story. Anyway its a load of misinformation.
The way its done is not to remove the protection at all. It's totally unnecessary.
The IC is depth measured by x-ray. Then the plastic encapsulation is carefully ground down by computer control to within a few microns of the top of the die in a clean air-room. The last few microns of the package are disolved by a small drop of nitic acid from a pipette and a temperature controlled oven in a couple of minutes. The die is then placed under a very high magnification ion beam electron microscope with a motor speed controlled x,y axis that is focussed on the rom part of the die. A scanning image is taken of the cell structure of the silicon and the die memory is directly read/converted from the images. There is no need to unprotect the device. With a high enough magnification you can simply look at the density variations in the silicon that represent the 1's and 0's. A photo scanner resolves the binary information from the images. It IS expensive - around $1,000 - but it's being done every day in Taiwanese silicon research sites - no big deal - if you've got the money.
BTW for those that are interested, this is a parallel process to that taken by the "government" at Langley when reading directly the magnetic structure of hard disc platters. By pointing the electron microcope at the side of the magnetic track on the platter, it is possible to recover all the data from the hard drive even though the data track on the drive has been erased many times. Providing the drive has not been erased too many times and providing there is the normal track tolerance wander variation between the magnetic heads and the rotating platters, the data can be recovered. I believe all the US drive manufacturers' ensure the head / track wander tolerance is purposely manufactured to leave this window of slack, - to make the "Government's" job easier.
Don't bother asking how I know!

Laser drills, liquid mercury, toxic chemicals? Phoooey.

[FriskyFerret]

Don't bother asking how I know!

I won't, 'cause you sound like a real weenie.

Here are some very respectable references on the subject. You will note that lasers, highly toxic chemicals,
and micro-probes are mentioned.

http://www.cl.cam.ac.uk/~sps32/mcu_lock.html
http://www.cl.cam.ac.uk/Teaching/2003/Security/guestslides/slides-tamper.pdf
http://www.cl.cam.ac.uk/~sps32/thesis_book.jpg
http://www.cl.cam.ac.uk/~sps32/

and

http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

[gonna]

Don't bother asking how I know!

I won't, 'cause you sound like a real weenie.

Here are some very respectable references on the subject. You will note that lasers, highly toxic chemicals,
and micro-probes are mentioned.

http://www.cl.cam.ac.uk/~sps32/mcu_lock.html
http://www.cl.cam.ac.uk/Teaching/2003/Security/guestslides/slides-tamper.pdf
http://www.cl.cam.ac.uk/~sps32/thesis_book.jpg
http://www.cl.cam.ac.uk/~sps32/

and

http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

The point I was trying to make (but made badly obviously), is that the "proper" modern reverse engineering method is as I've described. It used to be done with all that clutter years ago (and probably still is by back street merchants), but what I'm trying to say is that you don't need to do it like that anymore. It's years out of date and is a load of old phooey. That information is simply way out of date even though it is presented otherwise and may be an authoritive take on the situation 10 years ago. The plastic package encapsulation (the material mix), was altered to make it simpler and cheaper to mould and a spin off value-add was the determination that the material had less abrasive resistance. There is no longer a need to burn it off with a laser. Moreover, the DSP capability of imaging has improved remarkably so this is now the cheapest, preferred method.
If I'm a weeny then you're a plain wanker that hasn't got the gumption to question whether the sources of the information you read are technically up to date. You can read a book published in February 2007 but that doesn't mean the information is up to date or that the author is quoting current technology does it? Duhhhhhhhhhhhhh!

[FriskyFerret]

If I were a wanker, I'd be a Grand Wanker and buy myself a seat in the House of Lords. 

[Rego]

NO FLAMING WAR HERE.....

just show your opinions in a respected way

[sohel]

why u want to read rom. its not fair. if u want it u may talk to them who created, they also demand some US $. if they didnt reply then talk to me. i will help u. please dont go to wrong way. please send me ur scamitic diagramme.

[mustuva]

Nice article about reading program code from a protected pic.

Hacking the PIC 18F1320 http://www.bunniestudios.com/?page_id=13

[leosedf]

Also www.semiresearch.com does the same.
They also sell some hardware to read some protected PIC's.

[9thwonder]

if it is 16f73 lcd based sine wave inverter i can give u hex code.

[suzuki]

at what cost?

[vanko]

Hi,
my frienf has some experience with unlocking  PIC16C53. His method is to freeze the chip  to wery low temperature with some dentist's chemical, temperature goes down perhaps about - 30 C or below. In this state he reads a chip with programer and have success wit one LPG fuel pump controller from Peugeot. I don't know if this will work with your PIC, but you can try with another one PIC - program, lock, freez and try to read in this state. His chip was covered with a layer of ice when reading.

I wish you success.

Vanko

[ALLPIC]

I really think this will be very wrong methode. and No one should try to do that. Because if any person has taken somuch efforts to bring that product at Product stage, and after that if some one stolen that then.... I gone through that stage my software has been stolen by my employ and you all can understand that. The Product is not just software or Hex file

Rather than this way contact me or any professional we will help you make product and be stand tall in market....

[vanko]

This info is only for home use not for commercial.

Sorry if it concerns somebody

Regards

[sudipm]

if it is 16f73 lcd based sine wave inverter i can give u hex code.

Hi
can you please give the link to the hex code and the schematic.

Regards

[medik]

Anyone tried the freezing and reading method for code retrieval? I know that freezing does something on the PICmicro. Used normal refrigerating occasionally to revive a bad PIC.