Cracking A PIC Chip

Home Articles Projects Blog Contact

Blog

Cracking A PIC Chip

Colin Mitchell

September 10, 2005

Make sure to subscribe to our newsletter and be the first to know the news.

Many reader have asked if the code from a “protected chip” can be “read.”
I have not done this myself, but a firm from Lithuania offers to “crack” a Code Protected PIC chip for $1,000 USD!
Their address is:

Semiresearch Inc.
http://www.semiresearch.com
Jasinskio str.17, Vilnius, 2001, Lithuania
tel.+37052685564
fax +37052122757

This is obviously very expensive and you will find some details on doing it yourself on the web.
Here is an outline of some ideas:

The Old Crow says

I’ve had success by “blowing” the data pin out on PICs. Example: a 12C508. Ground every pin but pin 7, then put 10vDC on pin 7 for a second. Bond wire fried. You lose the use of pin 7 forever, but as it is the data I/O pin for programming, considerably hampers reading the ROM save for those who can desurface the chip package and probe the die.
Not strictly recommended for commercial apps, but I’ve never lost a PIC to this procedure yet.

Craig Lee [clee@ATTCANADA.NET] says:

I have found cracking procedure for the following chips:

16c54,16c55,16c56,16c57,16c58,16c61,16c62,16c64,16c65,16c71,16c73, 16c74,16c84

The procedure supposedly gives you some bits of the instruction word and you are left to select one of two possible instructions by context. Also, the procedures seem to be generic and should work on all 12bit and 14bit chips.

The [older versions] of the PIC chip (PIC16C84) can in fact have its program and data memory read after the config fuses have been set to code protection ON. Try the following: