Duplicate a PIC16F628A I/P ?

[Antony N. Lord]

I've managed to kill a PIC in an expensive piece of electronics.

Luckily I have a spare (from another identical hardware device).

a) Do all the 16F628A use code locking automatically / by default?

If yes to above

b) Anyone out there recommend someone who can clone the working
16F628A so I can get the other unit back in to service?

Cheers, Antony.

 

[Phil Allison]

"Antony N. Lord"

I've managed to kill a PIC in an expensive piece of electronics.

Luckily I have a spare (from another identical hardware device).

a) Do all the 16F628A use code locking automatically / by default?

If yes to above

b) Anyone out there recommend someone who can clone the working
16F628A so I can get the other unit back in to service?

** The folk who made the item ought to have spares available.

Have you tried to contact them ?

Odds on, the PIC is not clonable.




....... Phil

 

[John Tserkezis]

Antony N. Lord wrote:

a) Do all the 16F628A use code locking automatically / by default?

There's no "default" as such, it's just a flag that set or not set depending
on what the producers want. Speculating on what gets done more often is
pointless in your case, because if if it isn't enabled, you can copy it, if it
is, you're stuffed. Statistics won't matter much if you're stuffed...

If yes to above

b) Anyone out there recommend someone who can clone the working
16F628A so I can get the other unit back in to service?

Can't be done.


You say you have a spare from an identical box, can't you just swap them and
be done with it? Or does it contain different code?
--
Linux Registered User # 302622
<http://counter.li.org>

 

[Antony N. Lord]

You say you have a spare from an identical box, can't you just swap them and
be done with it? Or does it contain different code?

I want both devices back up and working (i.e use the spare to clone,
then put it back on its board and put the copy on the other board).

Getting a replacement from the manufacturer isn't going to happen -
they're not around anymore.

Cheers, Antony.

 

[John Tserkezis]

Antony N. Lord wrote:

You say you have a spare from an identical box, can't you just swap them and
be done with it? Or does it contain different code?

I want both devices back up and working (i.e use the spare to clone,
then put it back on its board and put the copy on the other board).

Oh, ok. I thought you had implied the other spare was a "spare" in the
sense that it was otherwise gutted but had the chip in question still functional.

Getting a replacement from the manufacturer isn't going to happen -
they're not around anymore.

You could try loading it into a programmer and see if it's readable. You'll
find out soon enough if it isn't.

If it isn't, it was pretty much said before: You're stuffed. There is no
way to get the code out once the code protect flag has been set.

The only other option is to recode from scratch. But I'm guessing this
isn't an option- as it would barely be an option within an manufacturing
standpoint.
--
Linux Registered User # 302622
<http://counter.li.org>

 

[JimW52]

On Fri, 28 Sep 2007 13:39:00 +1000, John Tserkezis wrote:

Antony N. Lord wrote:

You say you have a spare from an identical box, can't you just swap them and
be done with it? Or does it contain different code?

I want both devices back up and working (i.e use the spare to clone,
then put it back on its board and put the copy on the other board).

Oh, ok. I thought you had implied the other spare was a "spare" in the
sense that it was otherwise gutted but had the chip in question still functional.

Getting a replacement from the manufacturer isn't going to happen -
they're not around anymore.

You could try loading it into a programmer and see if it's readable. You'll
find out soon enough if it isn't.

If it isn't, it was pretty much said before: You're stuffed. There is no
way to get the code out once the code protect flag has been set.

The only other option is to recode from scratch. But I'm guessing this
isn't an option- as it would barely be an option within an manufacturing
standpoint.

There are companies who specialise in extracting the program from locked
PICs (and others). Be warned it will be expensive, and is illegal.

Jim

 

[David L. Jones]

On Sep 27, 6:11 pm, Antony N. Lord <antony.l...@empresa.kom.au> wrote:

I've managed to kill a PIC in an expensive piece of electronics.

Luckily I have a spare (from another identical hardware device).

a) Do all the 16F628A use code locking automatically / by default?

No, depends entirely on the options used in the programmer.
In a commercial product it would most likely have the protection bit
enabled though, but you could get lucky.

If you have access to a PIC programmer you can find out.

If yes to above

b) Anyone out there recommend someone who can clone the working
16F628A so I can get the other unit back in to service?

Not possible if the security device is enabled.
Actually, it's technically possible, just incredibly difficult. Some
"reverse engineering" people claim to be able to do it, but they will
usually destroy your original in the process, and charge you a
fortune.

Dave.

 

[John Tserkezis]

JimW52 wrote:

There are companies who specialise in extracting the program from locked
PICs (and others). Be warned it will be expensive, and is illegal.

Another poster claims the same thing. Legalities aside, how is it done?
Appears the destruction of the original is required, but how do they do it?

I take it you can't tell the state of a flash bit just by looking at it?

Or is the silicon substrate 'probed' internally, bypassing the normal pin
access pads?

--
Linux Registered User # 302622
<http://counter.li.org>

 

[David L. Jones]

On Sep 28, 7:52 pm, John Tserkezis
<j...@techniciansyndrome.org.invalid> wrote:

JimW52 wrote:
There are companies who specialise in extracting the program from locked
PICs (and others). Be warned it will be expensive, and is illegal.

Another poster claims the same thing. Legalities aside, how is it done?
Appears the destruction of the original is required, but how do they do it?

There used to be an easy way with the old 16C84 until Microchip
replaced it with the 16F84. A particular high voltage was applied to a
certain pin for a certain time and bingo, it popped the fuse bit or
something so you could read the code back.

Similar methods may exist for some current devices.

I take it you can't tell the state of a flash bit just by looking at it?
Or is the silicon substrate 'probed' internally, bypassing the normal pin
access pads?

Yep, that's one of the techniques. The epoxy coating is etched away
revealing the die, then you can do all sorts of despicable and hideous
things. Poor PIC chip.

Dave.

 

[petrus bitbyter]

"John Tserkezis" <jt@techniciansyndrome.org.invalid> schreef in bericht
news:46fccec4$0$22253$afc38c87@news.optusnet.com.au...

JimW52 wrote:

There are companies who specialise in extracting the program from locked
PICs (and others). Be warned it will be expensive, and is illegal.

Another poster claims the same thing. Legalities aside, how is it done?
Appears the destruction of the original is required, but how do they do
it?

I take it you can't tell the state of a flash bit just by looking at it?

Or is the silicon substrate 'probed' internally, bypassing the normal pin
access pads?

--
Linux Registered User # 302622
http://counter.li.org

The methods I heard about applied to older versions of PICs and were risky.
You might damage or destroy the original program without obtaining a copy. A
well equipped lab may nevertheless be able to retrieve the program though
the costs will raise way beyond the value of the original unit. So if the
code protection bit is set, you're out of luck. Rewriting the program from
scratch may be feasible if the tasks of the PIC are not too complicated.
What unit are we talking about anyway and what's the function of the PIC in
it?

petrus bitbyter

 

[dmm]

On Fri, 28 Sep 2007 03:07:22 -0700, "David L. Jones" <altzone@gmail.com> wrote:

On Sep 28, 7:52 pm, John Tserkezis
j...@techniciansyndrome.org.invalid> wrote:
JimW52 wrote:
There are companies who specialise in extracting the program from locked
PICs (and others). Be warned it will be expensive, and is illegal.

Another poster claims the same thing. Legalities aside, how is it done?
Appears the destruction of the original is required, but how do they do it?

There used to be an easy way with the old 16C84 until Microchip
replaced it with the 16F84. A particular high voltage was applied to a
certain pin for a certain time and bingo, it popped the fuse bit or
something so you could read the code back.

Similar methods may exist for some current devices.

I take it you can't tell the state of a flash bit just by looking at it?
Or is the silicon substrate 'probed' internally, bypassing the normal pin
access pads?

Yep, that's one of the techniques. The epoxy coating is etched away
revealing the die, then you can do all sorts of despicable and hideous
things. Poor PIC chip.

Dave.

This guy describes how it's done.
http://www.cl.cam.ac.uk/~sps32/mcu_lock.html