Is there someone or company that can handle reverse engineering of a LOCKED 80C537 in a reasonable amount of time?
- posted
18 years ago
Is there someone or company that can handle reverse engineering of a LOCKED 80C537 in a reasonable amount of time?
If I am not mistaken you are asking somebody to steal intellectual property by hacking a protected program. Please do not post here!
Schwob
snipped-for-privacy@gmail.com wrote:
More likely, it's a company where the original design engineer has left and no one knows what's going on.
Dan
You might be mistaken. My company for example, sells a device
Meindert
The manufacturer of the board went bust and we are trying to make 1 or
2 sets for standby. Do you know it cost a bomb just to make 2 boards compared to like 200? I wish I could make 50,000 pieces and sell them too since there's nobody around to sue us, but that's not our objective. Moreover, nobody would want this application-specific board anyway.But anyway, I do not have much knowledge of this chip. (Siemens SAB
80C537-16-N) It is programmable and lockable? If it is, how hard is it to reverse engineer it?
The 80C537 uses external rom only, so there's no need to reverse engineer this chip. There should be a PROM or EEPROM on your board that contains the code.
Meindert
In article , An Schwob in the USA writes
Please do not top post.
There are MANY reasons why some one needs to get into a locked system. Very often where the original programmer has left and the notes have disappeared.
Other times one company has bought out the IP from another if the staff at the original company are not being taken on they tend to "loose" all the documentation before the hand over. I have known this happen several times.
In the case of a local car company I understand the R&D team spent a couple of days shredding and burn all paper work and reformatting the hard disks. It was even suggested the over wrote all the backups with the new reformatted balk data.
However there are also many times when it is hacking for illegitimate reasons. You have to be satisfy your own moral and professional standards in each case as to whether you will help of not.
Though as the 537 is all external memory I can't see how it can be locked... unless they have scrambled the address and data lines.
The 537 is a rather old discontinued part that has not been for new designs for many years so it is likely to be an old system and probably not something leading edge worth hacking unless it is your own system.
-- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/\ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Most likely it will but it may not be much use to you unless you use it with a 537. Although it's basically a 8051 variant it does have some unique hardware.
question is how hard is it to get the code out? Would a $45 universal prommer do the job?
Any Eprom Programmer will do.
Infineon even has a disassembler somwhere in their download section for the
8 bit controllers. User Manuals for the 537 are available as well.see
grtnx /jan
schrieb im Newsbeitrag news: snipped-for-privacy@z14g2000cwz.googlegroups.com...
Not. Plug it in a programmer and press READ
Yep. EPROMS have no protection mechanism.
Meindert
Thanks for all the help guys. Being a noob in embedded stuff, I've learnt alot from this post alone.
This also led me to another question. So how does one protect their code?
In article , snipped-for-privacy@gmail.com writes
You don't. In the vast majority of embedded systems the software is of little use without all the hardware it is attached to. What is more most of it only works with the specific hardware it is attached to.
Added to that without the source code it is a long tedious job to work backwards from 64K of assembler to flowcharts and an understanding of the system.
It would have to be something VERY special to warrant that sort of effort. Either that or you are about to pirate the whole system and mass produce your own.
-- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/\ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
By using a microcontroller with internal ROM/FLASH for instance, which usually has some form of protection like lock-bits that prevent readout of the controller by a programmer.
Meindert
Dear all, I have a wind-turbine that is equipped with a Siemens 80c537 CPU based PLC, named Sentic convoy 537. Seems that today nobody is able to interact with this PLC. I have recognized the eprom (AMD 27c512). I need to modify a functional parameter (the rotor rpm set): can anyone suggest how to do that?
I have an eprom programmer and I can read the eprom content. But I need further help to do my job....
Please, can anyone help me?
Thank you!!
I am Jack's complete lack of surprise.
and a UV EPROM eraser.
-- Les Cargill
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.