Assume I spent many days creating, debugging, and testing new code with the intent to sell the finished product. The finished product would have stand alone ATMega328p using internal 8MHz clock and some basic support component to do things.
I checked around, I could use fuse to prevent regular code dumping but there’s a small percentage of people who has high voltage programmer that can reset fuses and dump the code, then burn dumped codes to new chips and sell it cheap.
What if I were to rip out a few pins? I am not using all pins, so if a chip tested OK after programming, can I just rip out pin “digital 1” (RX) and “digital 13” (SCK). Provided I don’t damage the chip internally, it should be very hard for anyone to dump the code without having to crack open the DIP chip, risking permanent damage to the chip.
Would that work for all but the most determined code thieves? I just wanted a way to really discourage any Tom, Dick, or Harry from reading the code off source chip, burning them onto new chip, and sell them for a few dollars each.
I suggest that worrying about the tiny few that would/could hack the code protection - pales by comparison of what you have to do to create an organization that can sell and support a product.
The code thieves would have to have a motive.
PS: You said you spent many days developing code. Lots of/most products have engineering investments 10 or 100-fold larger.
lmao, I highly doubt anybody would “hack” your device to get your code. If I knew what your device does, I could write the code for it. That’s all I need.
What they said. However, if you really wanted to go down this path…
A
-
sure, break off some pins… at least that’ll make a nice physical barrier. It will make series production more difficult/expensive, of course. It will also make people more curious about just what it is you’re trying to hide so desperately.
-
add an easter egg to the code that doesn’t get optimized out, perhaps a discount code. Depending on whether you can program these per-chip, you could make these unique or else you’d have to revoke the code if the hacking person decides to run with it anyway. The casual hacker may be more interested, and appreciative, of getting this reward rather than running with it. ( The for-profit hacker probably wouldn’t care. )
-
obfuscate your code - I’m sure there’s obfuscation tips out there.
B.
-
Step away from the ATmega328p and go for more robust offerings that aren’t so easily dumped.
-
Encrypt any portions of your code that may vary over time (updates for end-users, for example).
-
Put your decryption routines in the bootloader.
-
Never ever, ever, ever hand out your bootloader. Like, ever.
But, again… what they said… and keep in mind that these steps all take time and effort as well and may cause (unanticipated) headaches down the line.
Good luck with your product either way 