- How to lock ATMEGA328p-au to disable sketch read from Arduino IDE?
- Is there a hardware way too?
- What are the chances it can go wrong?
- What will happen if it goes wrong?
Notice: I am a computer science guy and new to electronics. So please explain your answer in detail 🙂
—-More Info—-
The chip in consideration is a new commercial product.
It is being given to people, who have highly technical staff at the back, for a few days, for some purposes of business opportunity evaluation.
Best Answer
Here is my personal advice. Please note that I'm not a real expert in this kind of things (especially on Atmel), so forgive me for any mistake. Most of the knowledge here comes from this and this posts.
You can access the flash memory (and so read the binary) from the outside (with a ISP programmer) or the inside (with some code).
As for the outside "attacks", the atmega has some fuse bits (read this answer for more info). Particularly the Lock Bit Protection ones can prevent anyone from reading and writing the flash and eeprom. Just program both LB1 and LB2 (IMPORTANT: the note on the datasheet says "Program the Fuse bits and Boot Lock bits before programming the LB1 and LB2."). From the moment you program them, nobody (not even you) will be allowed to read or write a new program on the microcontroller; the only way to write it back again is to perform a Chip Erase routine, which destroys the program on the uC.
As for inside "attacks", even with this protection an internal bootloader has access to the flash contents. You cannot prevent anything which programs from reading the memory, since at least once it needs to read back what was written (also the lock bits allow you to restrict write or write+read, but not only read). For this reason there is no way to prevent it in hardware. You can modify the bootloader to reject read requests, then program BLB10 to prevent reflashing a bootloader. But, in the end, do these product really need a bootloader? Do you really think that you will need to ask your customers to reprogram them? And if the answer is yes, how will you protect the binary files you will send them to be programmed? Anyway, I think that there is a high probability that in your application you can remove the bootloader and be more safe.
IN ANY CASE:
According to my experience, nobody will ever try to "steal" your work, because 50% of times it is easier to rewrite it from scratch because it is simple (and disassembling your code will be much more difficult than rewriting it), and 50% of times it is easier to rewrite it from scratch because it is complicated (and disassembling it will be a PITA and take ages, so better to start again from scratch). Have you ever tried to read code written by someone else? Well, now increase that difficulty by 1000x because it is generated automatically, and...
Ok, don't you believe me? I wrote a program for arduino, compiled, then disassembled the binary (following the procedure here). Can you understand what it does?
Will it be easier to reverse-engineer the code above or to write from scratch a program that (spoiler alert)
?
Just to be more clear, this file is generated