Thanks for your generosity and my apologies for not getting back to
you sooner. Im happy to hear that my research may be of future use
Youre correct in that many questions, particularly difficult ones,
may not have simple, black and white answers. However, researchers
strive to completely answer questions (and your satisfaction is
guaranteed). Researchers choose the questions they wish to work on;
this does mean that some of the really difficult or complicated
questions may go unanswered. In many cases, the clarity of the
question phrasing, including what is sufficient as a complete answer,
is the deciding factor. Partial compensation, while desirable in many
cases, isnt a simple option at this point. (Instead, some customers
may break up their question into separate pieces and post them
separately). This service is still in Beta, and your feedback is
I enjoyed working on this question and have looked further since first
posting this answer. While lots of software disassemblers exist, so
far Ive found nothing that suggests any 'backdoor' or 'debug modes'
that would allow direct access to the protected PIC. If such exists,
I suspect its a closely guarded secret at the company, as even a
single leak of the information would negate security for the product.
And with various PIC controllers having been on the market for over 20
years, it seems unlikely that the existence such modes wouldnt have
become public knowledge.
Thanks again for your generosity, and for using Google Answers. I
hope you visit us again soon.
This is an unusual question, and one that I feel qualified to answer
with my background in Electrical Engineering. While what you propose
is legal in many cases, it is, however, a question that treads on the
edge of legality. Your assurance of non-infringement notwithstanding,
Researchers are not allowed to assist in helping customers conduct
illegal activities. I therefore have accompanied my answer with some
suggestions as to how you might proceed to carefully accomplish your
The reverse engineering of microcontrollers, which is the essence of
what youre trying to do, can be achieved through several methods,
none of which are easy or inexpensive. In many cases, programmable
controllers have built-in security (tamper-resistant hardware) to
prevent exactly what youre trying to achieve. Nevertheless, clever
tricks can be used to bypass these features. These microcontroller
reverse-engineering methods can be divided into two general
categories: invasive, and non-invasive.
The most direct route (and the one which probably requires the most
expense) is to use microprobes to examine the chip as it functions.
Generally this means taking the chip out of its packaging so that the
integrated circuit can be exposed and probed. The test equipment to
accomplish this isnt cheap, nor is this a particularly fast method.
But this type of microscopic examination can be used on any integrated
circuit and can be more straightforward than trying to attack the chip
with software programs or voltage glitches.
Non-invasive techniques can be used as well; the benefit of these are
that they dont require physically destroying the chip. Instead you
try to get the chip to reveal information by attacking it with signals
designed to generate malfunctions or exploit weaknesses in the
Ill point out here, that since you feel fairly certain that the code
you wrote was stolen and incorporated into the chip, you might want to
check your own source code for any bugs or anomalies that might have
been copied wholesale into this implementation. If you have an
unusual bug or error condition in your code, and its demonstrable in
the chip, this might be strong supporting evidence for your claim.
One non-invasive technique that is used is to simply supply the
microcontroller with incorrect voltages or clock signals. Other types
of eavesdropping on the chips input and output can also reveal the
inner workings of the chip.
You would do well to carefully read the article posted here:
Breaking copy protection in microcontrollers
This article details various reverse-engineering methods and
specifically mentions successful attacks on the PIC16F874.
Once you have an idea of whats involved, youre still going to have
to grapple with the legal side of this issue. While reverse
engineering is generally legal, particularly in academic areas, THIS
ISNT SOMETHING YOU WANT TO GUESS ABOUT. GO TALK WITH A LAWYER.
Really. Preferably one that has good experience with
reverse-engineering law and the Digital Millennium Copyright Act
(DMCA). The last thing you want to do is win your case but open
yourself up to large fines and jail time.
You may wish to inquire for a referral from the Electronic Frontier
Foundation (http://www.eff.org/ ) or get in touch with the Samuelson
Law, Technology & Public Policy Clinic at the University of
California, Berkeley, School of Law. The Samuelson Clinic got a lot
of publicity recently for assisting in a DMCA defense against Walmart.
The Samuelson Clinic can be found online at
Incidentally, Berkeley law professor Pamela Samuelson
(http://www.sims.berkeley.edu/~pam/ ) has argued in favor of reverse
engineering in the past, and wrote an interesting article on reverse
engineering and trade secret law. The article, in Adobe Acrobat
format, is available online, here:
Assuming you dont want to (or cannot) do the reverse engineering
yourself, there *are* professional options. Chipworks, a Canadian
company with offices in the US, Japan, and Poland, specializes in
reverse engineering. (http://www.chipworks.com ) Quoting from their
Is reverse engineering legal?
One of the most frequently asked questions at career fairs and
exhibits is the question regarding ethics and legality of reverse
engineering. In short, YES, Semiconductor Acts in Canada, United
States, and many other countries talk about RE as an important way to
educate engineers and promote healthy competition.
Chipworks provides a variety of services, including litigation
support. You might be able to hire them to reverse engineer the chip,
compare the implementation to your code, and then call them as expert
witnesses for your case. (http://www.chipworks.com/patent/litsup.htm
Chipworks has a competitor: Semiconductor Insights, Inc., also of
Ottawa, Canada (http://www.semiconductor.com/index.shtml ) Their
reverse engineering reporting services can provide you with different
types of reports (Design analysis, Structural Analysis, or Technology
Overview) that might be helpful to your case. Alternatively, they
might be willing to do a comparison of your code to that in the chip
in question as a customized analysis.
By hiring a company to do the comparison, you separate yourself from
the actual act of reverse engineering, which probably would help
protect you from any DMCA ramifications as well as lend additional
credence to the legal evidence you present.
I hope this answers your question. Should you need additional details
or require more information, please dont hesitate to post a request a
clarification and Ill be happy to go further.
I first searched for information specific to this controller. The
Google search for the words PIC16F874 reverse engineer produced the
copy protection article:
After several searches with terms such as microcontroller reverse
engineering company, I found Chipworks, from this search:
I found mentions of Semiconductor Insights, Inc. by searching for
Finally, I found Pamela Samuelsons paper by searching for reverse
engineering at Greplaw, a service of the Berkman Center for Internet
http://www.greplaw.org or http://grep.law.harvard.edu
There are a number of PIC-related websites on the Internet. You might
also be interested in The PICmicro ring:
The ring has a number of sites including The PIC archive
A related section in the Google Web Directory:
The PICList (resources and users devoted to the PIC microcontroller)
Useful, though not aesthetically-pleasing: