Anti-tamper circuit

P

pma32904

New Member
Hi, I'm looking for some ideas on building an anti-tamper circuit for an 08M based device. The 08M would be on a circuit board in a dark plastic project box. The idea is to disable the circuit if the box is opened with power applied or not. Several ideas come to mind: 1 - use a photo-transistor to drive a fet/transistor and blow a fuse so the 08M will no longer turn on. 2 - Use a photo-transistor to trip a latching relay to disconnect power to the 08M. 3 - Use a variation of the circuit with a momentary push button to power on the 08M and a light sensor/transistor to turn it off.

The 08M would have an external (to the box) power source. I would like to be able to disable the 08M (ie interrupt it's power path) even if it is not powered at the time. Suitable means might be an internal battery, a super capacitor, or perhaps something I haven't thought of yet. The purpose is primarily to annoy snooping users...

I'd also like the circuit to be less than obvious to an un-trained eye. A mini-fuse painted to look like a resistor or a mis-labeled IC or relay would be sufficient.

Does anyone have any ideas, similar devices, or advice?

Thanks,
Paul
 
E

eclectic

Moderator
pma32904 said:
Hi,
edit
The purpose is primarily to annoy snooping users...

I'd also like the circuit to be less than obvious to an un-trained eye. A mini-fuse painted to look like a resistor or a mis-labeled IC or relay would be sufficient.

Does anyone have any ideas, similar devices, or advice?

Thanks,
Paul
Click to expand...
Paul.

A Copper's or a Crook's question.............

What might happen if the whole box is nicked?
And then re-powered?

Or, do you want to KILL the chip?
I'm still not sure.

e
 
Last edited:
P

pma32904

New Member
At this point I just want to deter a snoop from doing something useful with the circuit. I figured a power circuit that quit working was easy enough. I don't want to "destroy" the chip, unless that's reversible and relatively easy to un-do. Someone could steal/pinch the box, but most likely an overly curious customer is going to send it back to have it "fixed."

Paul
 
Last edited:
E

eclectic

Moderator
pma32904 said:
At this point I just want to deter a snoop from doing something useful with the circuit. I figured a power circuit that quit working was easy enough. I don't want to "destroy" the chip, unless that's reversible and relatively easy to un-do. Someone could steal/pinch the box, but most likely an overly curious customer is going to send it back to have it "fixed."

Paul
Click to expand...
Paul.

Copper's or Crook's question 2 .............

Is what you are doing legal? :) Just checking. :))

For only £1.50, is it easier,
just to ZAP the chip, and start again?

e
 
slimplynth

slimplynth

Senior Member
you could solder components in that dont actually do anything or have any relevance to the working circuit - just to add to the confusion for a snooper. Also, an RF remote i want to hack/duplicate has the chip's identification rubbed/scotchbrited off.
 
J

Jeremy Leach

Senior Member
Not too sure if this would help, but ... if the 08M is always running, then could just have a switch that's activated when the lid is opened, which fires an interrupt routine that saves a flag in picaxe EEPROM and then shuts the picaxe down by looping or end statement. If the picaxe is then repowered, the initialisation routine checks the EEPROM flag and detecting it set, immediately turns the picaxe off.
 
P

pma32904

New Member
eclectic - In answer to question number 2 - Is it legal? I hope so. I'm building a circuit that a customer will buy. I simply want to know if it's been snooped at. I have a particular nosy customer in mind. I may test it on them first to make sure it's suitable. :) Not sure if there is an easy way to destroy an 08M with the energy in a battery or capacitor...

slimplynth - I did think about putting some extra components in there just to obfuscate the truth. Confuse the ignorant, etc.

jeremy - Having the Picaxe directly monitor a switch of light sensor and flip a bit is likely easier that using a latching relay. One could always reprogram the 08M, if you knew what the program was. I like it.

The next question is how to do this without power applied; such as with a super-cap or internal battery as the phantom power source?

Paul
 
M

Mycroft2152

Senior Member
Isn't this a moot point?

The customer may see the circuitry, but cannot read the program in the PICAXE chip.

Back in the day, the identification marks were sanded off the components or painted over to hide them.
 
hippy

hippy

Ex-Staff (retired)
I doubt you'll prevent anyone from doing something useful with the circuit if they are that way inclined. Unless you intend to self-destruct the circuit ( which punishes the simply curious who have no intent of doing anything with the circuit ) it doesn't prevent anyone reverse engineering the circuit nor your anti-snooping mechanism itself.

If you wanted to destroy the circuit then the best solution would be mechanical. SMD PICAXE bonded to the lid so it rips off when opened, you could do the same by not having tracks but run things through wires which are glued to the lid and tear out the connections. Perhaps a piezo element as used in cigarette lighters could deliver a destructive ESD charge to the chip though leaves the circuit intact.

A compromise, which is a challenge to perseverance itself in reverse engineering, is to build the circuit on two boards sandwiched together, the circuit completed by springs from one to the other. Pads where the springs would have been before they leapt out of the box mixed with pads which would create nonsensical paths and a non-functional unit.

You'd have to ensure that it wasn't easy to tell which pads were used; pressure indentations and unbalanced oxidisation giving the game away as much as clean buttons on a burglar alarm keypad do.

The simple approach is an anti-tamper label.
 
P

pma32904

New Member
I already dismissed a thin wire loop glued to the lid of the box, since it could potentially be quite easy to see where it was attached. I do like the idea of using springs and extra pads! How often have I opened a mechanical device myself, only to have a spring shoot out and render it useless in the past! Gluing pieces to the box and lid makes repair difficult, but I may deserve that... ;-)

It might be moot for a skilled reverse-engineer. I have mixed feeling about punishing the curious, since I am one of them. I suppose a "Warranty Void if Opened" sticker might suffice, but I'm attempting to protect the internal operation of the box from most. If it stops working when opened, then my goal is met.

I still like the challenge of doing this with stored power and keeping it legal, lest anyone want to add something with a high nitrogen content...

Paul
 
Technical

Technical

Technical Support
Staff member
pma32904 said:
Not sure if there is an easy way to destroy an 08M with the energy in a battery or capacitor...
Click to expand...
A simple 9V PP3 battery or 12V camera battery connected via a microswitch the wrong way around across the power rail should do the job... and help our 08M sales figures....

The burning smell should also inform the customer that they have not done something they should of done!
 
hippy

hippy

Ex-Staff (retired)
You really need to decide what it is you are trying to prevent. That a box stops working doesn't mean it cannot be made to work again, and if it can, then what have you achieved ?

I got a professional Internet Security Appliance which wipes its firmware if you cannot guess the password and the manufacturer won't hand out the firmware unless you can answer the security questions which only the original purchaser knows. I got it almost for free because it was a brick. All working perfectly now despite the most stringent security put in place to prevent that.

The trick with wire loops to the lid would be to use more wires than were needed so pulled apart it would be hard to know which wire went to which connection.
 
P

pma32904

New Member
Technical - If I can help sales of 08M's while having some fun, then why not! :)

Hippy - point well taken. If the chip is still functional, I will not stop a dedicated reverse engineering attempt. At most I'll frustrate a casual attempt and if found out, I may lose some customers in the process.

Thank you all for the comments and suggestions.

Paul
 
G

gbrusseau

Senior Member
Why not cover the circuit board with black potting compound along with the idea of storing a "this box has been opened" bit in EEPROM.
 
M

microman171

Member
EEPROM Flagging

I like the idea of putting an 'opened' flag in the EEPROM. I also think you should repaint the chip, so then no one knows what it is (is that legal? I don't see why not...)

What I want to know is, WHY do you want the anti snooping device? What harm can having a good look do? If it is to prevent copying, then add extra parts to the circuit. Makes it a pain to reverse engineer, but even with top of the line electronics, it's still possible.
 
D

demonicpicaxeguy

Senior Member
in a couple of my recent dataloggers i simply put an LDR on the pcb and had the pic check it every now and then, if the casing is opened by somone other than me for maintence it sets a flag in the pic's eeprom as well as a time and date then goes into "i'm tampered with mode" where it puts out on the serial port "This Datalogger has been opened by unauthorised means on (date and time) to continue use return to manufacturer!"
 
Q

QuIcK

Senior Member
Jeremy Leach said:
Not too sure if this would help, but ... if the 08M is always running, then could just have a switch that's activated when the lid is opened, which fires an interrupt routine that saves a flag in picaxe EEPROM and then shuts the picaxe down by looping or end statement. If the picaxe is then repowered, the initialisation routine checks the EEPROM flag and detecting it set, immediately turns the picaxe off.
Click to expand...
this sounds like the best way. some sort of subtle way of detecting the lid off (reed switch & magnet, ldr, switch, continuity), and if the box is opened, its saved to eeprom, and the program wont run. they have to send it back to be "fixed", and all you have to do is reprogram it.

for redundancy, you could have a recharge circuit inside charging a battery. the battery powers the pic, so even hours after its been powered down, its still reverse-engineering-proof.

or coat the entire thing in epoxy resin. file off part numbers, that sort of thing.

or just put a note inside that says "go away" in stronger language
 
W

westaust55

Moderator
Very unlikely they could read the PICAE program, so that is safe.

Rub all markings of the top of the PICAXE chip

Put a fuse in the supply to PICAXE and a switch to the lid that shorts load side of the fuse to 0V and thus blows the fuse removing all power from the PICAXE.

Many PCB mounting fuses appear to be resistors or diodes, so might appear to be voltage reduction device.

If switch were say a reed switch with a small magnet on underside of lid, you could yourself hold a magnet at the side of box near reed switch to open without the same dire failure. :)
 
Last edited:
hippy

hippy

Ex-Staff (retired)
On the 'note inside', you can always include something like "Congratulations ! Please phone 01632 960971 for further information", sit back and wait for the phone call.

I remember ( not at Rev-Ed ) a call from a customer reporting "this equipment doesn't work", pre-empting further questions with, "there's a note inside saying this does not work!". Slight cock-up with mixing 'for repair' and 'for final assembly' lines.

It's fairly easy to sand or dremmel the identification off IC's. What it is can often be guessed at by analysis but that can be obfuscated by additional components. If you saw a LED or transistor driven from Input Pin 3 on an 08M you'd probably be inclined to believe it wasn't an 08M.
 
Q

QuIcK

Senior Member
i quite like this game.
its like, us against "them". trying to out smart the dangerously curious by prempting their idiocy.
and then having them phone a number to admit that they were an idiot so they can get it fixed and doing what it should be.

im tempted to build this into any designs i do in the future.:D
 
A

Andrew Cowan

Senior Member
I really like the idea of an LED on pin3. No way that can be a PICAXE!

Mayby add random (10M?) resistors on various pins, to confuse them? Paint all resistors black, so no idea what anything is?

A
 
R

retepsnikrep

Senior Member
A small ccd inside the box activated by said reed switch and storing picture to the serial eprom sounds good, give it 2 second delay, enough for muggins to shove his face into box looking at the pcb. Then you have the culprit and can e-mail then them picture when they deny opening it later.

Pyrotechnic device fired by said reed switch :)

Loud noise/piezo etc.

I have to temper the above with acknowledging the help I and many others have recieved here, so I think it a bit much to go to far in this respect. We have all benefited from the help freely given by others. If no one shared anything we would not have got very far.
 
W

Wrenow

Senior Member
A really good solution is outlined in Battlefield Earth by L Ron Hubbard (far better book than the movie). You basically build two circuits, one hidden (easy enough with multi-layer boards), one being real, the other bogus. Build the bogus circuit so it blows when you add power, add power and blow the components. Then build the real circuit, using the blown components still installed. If someone copies your circuit, and applies power, it is guaranteed to blow. ;-)

Add the disabling software, and you are good to go. They open it up, try to replace the blown component themselves, and it just blows again. In fact, you could set it up where replacing the intnetionally blown component, when power is applied, blows the real circuit. Lots of fun possible....

Potting it removes the fun, but is a lot easier to prevent snooping. All they have to go on is a big black glob.

Cheers,

Wreno
 
1968neil

1968neil

Senior Member
Just a thought, have you considered "Potting" ?
If the snooper gets the lid of and gets greeted with solid plastic that's all he'll ever see !
You could also add a programming socket for updates prior to potting.
Also remove the I/C numbers. even if he gets that far chances are he's destroyed it trying !
Hope this helps
Neil
 
You must log in or register to reply here.
Top