dion
April 10th, 2003, 06:07
well, i think the subj was really off topic, if not sorry to post it wrongly. anyone know about how to read protected PAL or GAL chip, i.e. 16V8, 20V8, 18V8, etc... that having the security code set up?
View Full Version : PAL/GAL chip breaking code?
scorpie
April 11th, 2003, 09:49
I think the best way to "read" the PAL is just giving "complete" combination of input, since the input is "finite". Write down the output, and "rebuild" the function (Karnaugh Map, Tabulation, etc.). If possible, use a Programmer (HILO System, SunShine, etc.).
Scorpie
Scorpie
dion
April 12th, 2003, 09:28
Quote:
| Originally posted by scorpie I think the best way to "read" the PAL is just giving "complete" combination of input, since the input is "finite". Write down the output, and "rebuild" the function (Karnaugh Map, Tabulation, etc.). If possible, use a Programmer (HILO System, SunShine, etc.). Scorpie |
thanks Scorpie. yup, and the problem is this programmer can't read a protected one. after seeking more info, i read somewhere about timing issue, anyone know if i should care about it or not?
neviens
April 12th, 2003, 12:33
Timing isue was relevant to gal programming on older
chips only. Never ones you can program over PC paralel
port withot worries about timings. Some time ago I
used programmer from this site:
http://se-ed.net/mpu51/gal/gal.html
About protected gals. As Scorpie pointed out, best aproach
for read out protected low density pal, is provide all possible
code combinations to its inputs and read all coresponding
outputs, then build a logic chart from this table.
Neviens.
chips only. Never ones you can program over PC paralel
port withot worries about timings. Some time ago I
used programmer from this site:
http://se-ed.net/mpu51/gal/gal.html
About protected gals. As Scorpie pointed out, best aproach
for read out protected low density pal, is provide all possible
code combinations to its inputs and read all coresponding
outputs, then build a logic chart from this table.
Neviens.
dion
April 13th, 2003, 01:31
thanks neviens. but i dont mean that timing, i mean timing in the "formed" function. but i felt something wrong here. need to check it out. btw, anyone know exactly how this security bit is applied in the chip? with encryption or with blown fuses?
squidge
April 13th, 2003, 03:36
It's normally always blown fuses in current PALs/GALs. You can't access the internal structures without wiping the entire chip (unless of course you can read it with a laser).
Just do like others have suggested - provide every possible input and map the outputs.
Just do like others have suggested - provide every possible input and map the outputs.
dion
April 24th, 2003, 06:04
if it would be the case, i wont asking this thing here. i got confirmed myself with someone in china that someone had cr4ck this protection, and when it first sold out, it priced $300, but after a mass production, it sold $10. well, i thought there must be somehow a way to read it, because its not using blown fuses method. anyone in china must be know this one, would there be someone told me how this can be done?
Powered by vBulletin® Version 4.2.2 Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.