- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
I need an advice please.
11-30-2006
04:56 PM
3,313 次查看
Hey fellows,
Actually i been hired by a small company which has a product based on MC68HC908JBXX MCU, the previous employee been fired recently and took with him all sources he wrote, my boss said that he don't want to invest in new developing, but we urgently need the abiliy to duplicate same MCU content for clear one (even without understanding content).
Could you please point me for a programmer instrument which able to dump MC68HC908JBXX memory content (read it byte by byte), then write it to same clear MCU one (taking on consideration that original MCU using different security methods)?, .
I will appreciate any reply.
Thanks in Advance
Elis
6 回复数
12-01-2006
06:35 AM
1,572 次查看
Hi, Elis:
To elaborate on what Mac said, the HC908JBxx chips are secure by default. I'm sorry to say that unless you have an .s19 file or other memory image file, it is unlikely you will be able to copy what is in the chip.
To elaborate on what Mac said, the HC908JBxx chips are secure by default. I'm sorry to say that unless you have an .s19 file or other memory image file, it is unlikely you will be able to copy what is in the chip.
12-01-2006
07:20 PM
1,572 次查看
Unfortunately no .S19 file or other memory image file exist.
-Could you please broaden about this default secutity technology behind those bits?,what is the real difficulty to read them in mirror?
-Any recommended programmer which can assist me to pass this barrier( or part of it)?.
-Any tips will be welcome
Thanks in advance
Elis
12-01-2006
10:36 PM
1,572 次查看
Hi,
You cannot gain access to this device without either going through the correct procedure and transmitting the 8-byte security code to it or mass erasing it.
It will be far easier to persue legal action against the ex-employee and fix the slack/non-existant business practices of the company involved than attempt to break in!
Regards
Peg
12-01-2006
10:33 PM
1,572 次查看
Hi, Elis:
The locations that Mac mentioned are not only used as interupt vectors, but are also used as a 64-bit security-key when entering monitor-mode. It's purpose to to prevent someone from copying your firmware design.
When a device is not blank, the chip will not let you access the flash unless you supply it with those eight bytes, in order to "unlock" it, when entering monitor-mode. Once you supply those eight bytes, you can read and reprogram the flash in monitor-mode.
If the eight bytes you supply do not exactly match those eight bytes in the interrupt vector area, the only flash operation the chip will allow you to perform in monitor-mode is "mass-erase".
The locations that Mac mentioned are not only used as interupt vectors, but are also used as a 64-bit security-key when entering monitor-mode. It's purpose to to prevent someone from copying your firmware design.
When a device is not blank, the chip will not let you access the flash unless you supply it with those eight bytes, in order to "unlock" it, when entering monitor-mode. Once you supply those eight bytes, you can read and reprogram the flash in monitor-mode.
If the eight bytes you supply do not exactly match those eight bytes in the interrupt vector area, the only flash operation the chip will allow you to perform in monitor-mode is "mass-erase".
12-01-2006
04:33 AM
1,572 次查看
Hello Elis,
To unlock the security feature of the HC908 device, and access the code within a programmed device using monitor mode, you will need to ascertain the values of the eight bytes from address $FFF6 to $FFFD. These are interrupt vectors, and will correspond to the address of four different interrupt service routines within the code.
These vectors are -
$FFF6 TIM Ch0 vector
$FFF8 IRQ vector
$FFFA USB vector
$FFFC SWI vector
How were the devices programmed in the first instance? If a .S19 file is still in existence, this may be used to program new devices, without the need of the other source files.
Regards,
Mac
