Arduino / Atmega in the wild - security?

Discussion in 'Embedded Systems and Microcontrollers' started by bob332, Feb 23, 2011.

  1. bob332

    Thread Starter Member

    Feb 14, 2011
    just out of curiosity, how secure is arduino or programmed atmega chips like a atmega 168 or 328 once in the wild? using either the arduino ide, AVRISP mkII or stuff you guys know about that i am not aware of, how easy is it to reconstruct a program?

    can it be read and the converted back into assembly? and then from assembly back into something else?

  2. nerdegutta


    Dec 15, 2009
    I don't know about Arduino, but with PIC, when I program/burn the chip, there is an option called "Code protection" or something.

    I've tried it, and when I check the box, I cannot read the code back in the programming software. I have to blank/erase all.

    BTW I'm using the Piccolo and the Asix UP program.
  3. t06afre

    AAC Fanatic!

    May 11, 2009
    No I do not think you can protect code in an arduino. The arduino use a bootloader concept. And I am quite sure that only a programmer unit do have access to the fuse-bits. So anyone with a Atmel programmer unit. Will be able to download your code. In machine code format. I am not an expert on arduino. So I suggest you pay your friend Google a visit. And ask him to seek up the following words arduino protect code
  4. Papabravo


    Feb 24, 2006
    A determined assault on a microcontroller will probably produce a list of hexadecimal numbers representing the machine code.

    With some additional effort a disassembly listing can be produced. Even with a Harvard architecture like the AVR there are still constant tables that need to be accounted for. A disassembly of a constant table does look like gibberish.

    Without documentation understanding that assembly listing is difficult, but not impossible. Creating a C program from the assembly language program is probably more work than writing the C program from scratch after understanding and documenting the assembly language version. That is my opinion based on half a century of programming experience. Your mileage may vary.
  5. bob332

    Thread Starter Member

    Feb 14, 2011
    thank you all for your information. i do have an avrisp mkII programmer and will see what happens when i try to read the code from the isp pins on an older arduino i have access too. my main concern is the arduino sketch i am working on twitters, so the twitter u/p is in the code and that is what i am worried about.

    would i search for 'disassembler'? sorry for my newbness about this situation.

  6. GetDeviceInfo

    AAC Fanatic!

    Jun 7, 2009
    I would second that, but IDA pro is a wonderful tool.