I need an advice please.

elis · ‎11-30-2006

Hey fellows,

Actually i been hired by a small company which has a product based on MC68HC908JBXX MCU, the previous employee been fired recently and took with him all sources he wrote, my boss said that he don't want to invest in new developing, but we urgently need the abiliy to duplicate same MCU content for clear one (even without understanding content).

Could you please point me for a programmer instrument which able to dump MC68HC908JBXX memory content (read it byte by byte), then write it to same clear MCU one (taking on consideration that original MCU using different security methods)?, .

I will appreciate any reply.

Thanks in Advance

Elis

rocco · ‎12-01-2006

Hi, Elis:

To elaborate on what Mac said, the HC908JBxx chips are secure by default. I'm sorry to say that unless you have an .s19 file or other memory image file, it is unlikely you will be able to copy what is in the chip.

elis · ‎12-01-2006

Unfortunately no .S19 file or other memory image file exist.

-Could you please broaden about this default secutity technology behind those bits?,what is the real difficulty to read them in mirror?

-Any recommended programmer which can assist me to pass this barrier( or part of it)?.

-Any tips will be welcome

Thanks in advance

Elis

peg · ‎12-01-2006

Hi,

You cannot gain access to this device without either going through the correct procedure and transmitting the 8-byte security code to it or mass erasing it.

It will be far easier to persue legal action against the ex-employee and fix the slack/non-existant business practices of the company involved than attempt to break in!

Regards

Peg

Nevo · ‎12-10-2006

It sounds like it might be time for your boss to call the company's legal advisor.

rocco · ‎12-01-2006

Hi, Elis:

The locations that Mac mentioned are not only used as interupt vectors, but are also used as a 64-bit security-key when entering monitor-mode. It's purpose to to prevent someone from copying your firmware design.

When a device is not blank, the chip will not let you access the flash unless you supply it with those eight bytes, in order to "unlock" it, when entering monitor-mode. Once you supply those eight bytes, you can read and reprogram the flash in monitor-mode.

If the eight bytes you supply do not exactly match those eight bytes in the interrupt vector area, the only flash operation the chip will allow you to perform in monitor-mode is "mass-erase".

bigmac · ‎12-01-2006

Hello Elis,

To unlock the security feature of the HC908 device, and access the code within a programmed device using monitor mode, you will need to ascertain the values of the eight bytes from address $FFF6 to $FFFD. These are interrupt vectors, and will correspond to the address of four different interrupt service routines within the code.

These vectors are -

$FFF6 TIM Ch0 vector

$FFF8 IRQ vector

$FFFA USB vector

$FFFC SWI vector

How were the devices programmed in the first instance? If a .S19 file is still in existence, this may be used to program new devices, without the need of the other source files.

Regards,

Mac

I need an advice please.

I need an advice please.

General