You can't. It goes against the very nature of the medium, like trying to delete ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

akiselev on May 12, 2021 | parent | context | favorite | on: Reverse Engineering an Unknown Microcontroller

You can't. It goes against the very nature of the medium, like trying to delete something on the internet. If it's something a CPU has to execute, it has to be in memory where it can be dumped. At best all one can do is make it harder to stop less determined adversaries.

That said, there actually is one nasty [1] workaround: run some critical functionality on a custom USB dongle that the user has to have connected in order to use the software. It could be a calculation in a critical path that's not compute bound but without which the software is unusable. It could even be a JIT engine that consumes encrypted code and returns polymorphic executable code designed to be near impossible to assemble back into a static binary. Some fabs can make tamper-resistant ASICs with a specialized packaging process that couples the on chip memory to the package so that opening the package makes the memory unrecoverable for extra security. This level of protection would be effective against all but the most determined and well funded nation state or competitor.

[1] Nasty for the user, the developer, and the investor all in one!

amelius on May 13, 2021 [–]

Sounds like someone could build a company on that idea.

simcop2387 on May 14, 2021 | [–]

That's basically what the casino gaming industry is. They're done of the most physically secure systems against reverse engineering that you're likely to run across. More so than atms or a lot of other secure systems.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact