Proving Copyright Infringement On Firmware

[Jon Wilder]

Hi all. Something I've always been really big on is copyright infringement and other companies stealing firmware code. I can see where it would become difficult to prove if they can produce functionally identical code that was either written in the same language but differently from how your source is written, or if they wrote it in a different language altogether.

However...a couple of scenarios where I would think you could prove that your firmware was stolen would be -

(a) If the manufacturer in question couldn't produce the source code for the firmware in question
(b) If checking the binaries from both manufacturers against each other proves them to be an identical match

If you write in assembly, option b would be a very easy way to prove that the company in question is definitely using your firmware as the same source file is going to assemble the same every time. However, in higher level languages I'm not so sure. My question here is if you take your C source files and compile them multiple times, does the compiler usually compile it the same way every time? Or is there a chance that the compiled binary may end up being compiled with a different set of instructions and program memory locations each time you compile the source (assuming no changes were made to the source files)?

I always set the read protect bits on the code memory in the final release source code, which does offer readback protection. I'm just trying to think of the scenario where someone may know of some way to get around this.

 

[Ian Rogers]

I don't think you can do much about "reverse engineering".... Lets assume a scenario similar to one happening in my quarter!

I have been approached by a firm who has bought a firmware from a software company!! The said company has shirked the original deal "Gentleman's handshake" about the IP... This means that the source code HASN'T been handed over..

I have been asked to reverse engineer and re produce the original firmware..... Two things stick out... The IP is on the original source code not the firmware... The firmware was written specifically for the job in hand!!

Now! The company that wrote the firmware have re-produced the product and are attempting to sell on it's own merit, AND are still asking royalties for firmware sold to the original company...

So! What has been stolen!! If I produce code to re produce the original firmware, It's my interpretation and it will be my IP until I hand it over to the original company! I do not think the copyright of firmware is ever going to be the right of the programmer only the source code... When you have written some code and burnt a chip the chip is theirs... If they wish someone else to do their will then sorry! As long as you have tried your best to read protect your code!

Without the binary they would have to go through the functionality to re produce, with the binary they would need to disassemble the code... Either way it'll be a tough road, I'm sure they would rather talk it out!!

 

[MrAl]

Hi,

Also, depending on how bad they want the code, i dont think any chip is completely safe because an advanced method is to pop the top off the chip and examine the programmed die with a microscope, either automatic or by hand. The patterns in the die reveal the programming.

Then there is also single stepping. Some chips can be single stepped and that helps figure things out too.

There is probably no way to protect perfectly, because when the chip is programmed there is a physical change in the die that can be detected even though it is a small change.

Software is changing pretty fast for these things too. A year later nobody wants the code anyway because there is a better version or better product out

As far as compiling into the same exact machine code, if you use a different compiler you get a different output set of codes. So if they had your source code they could just compile with a different compiler. Some things would be similar i suppose though, but most definitely not everything.
You might be able to tell by the response times. If you had port A bit 1 change high to low when encoder 1 is turned to the right and theirs was the same, you might suspect some copying. You could then look at other pin responses.
The other problem is finding a product that has code that was stolen. You might never run across it unless you know where they sell the products and you do an active search. You'd also have to buy one to test

 

[Jon Wilder]

I can see reverse engineering the signaling and function of a chip and writing functionally identical code to make another chip function identically to another. The resulting source code ends up being your IP in this case and I don't think there is any law that protects against writing source code that is functionally identical to someone else's source code. I've actually done this for a device. Not to rip off the device, but to have source code that I could modify and change to add and improve existing functionality for the purpose of marketing an "upgrade" controller for the device. For this particular device in question, there was functionality that many end users wanted to see implemented that the manufacturer showed no interest in implementing. Hence I reverse engineered the functionality of their controller enough to write my own functionally identical source code, then proceeded to add the functions that many end users were asking for. I also made some improvements to the MIDI message filtering as well as adding visual feedback when the end user wants to store a preset.

In looking at their disassembled binary, it became clear to me that they probably wrote the code in a higher level language. I ended up writing my code in assembly which resulted in my binary being a lot tighter than theirs. So clearly our binaries would not be a match if you compared them (simply looking at the file sizes between binaries would reveal that they're definitely not identical).

That said...I'm gathering that a copyright only exists on the source code itself, but not on the resulting compiled/assembled binary file? Is there any way to patent or copyright a microcontroller with a given piece of firmware present on the chip? Obviously I can't patent an Atmel AT89S8253 by itself, but is there any patent that exists where I can patent say an Atmel AT89S8253 that functions like mine does when loaded with my firmware?

 

[ericgibbs]

hi,
I saw a video on the web sometime ago.
The guy cracked the top off a PIC to expose the die.
He masked the area on the die which contained the flashed program and then exposed the code protect area of the die to UV, thus erasing the protection bits.

He had used a microscope and was able to map out the flash area and the other memory areas on the die.

E

 

[Mosaic]

You have an idea to make a micro do a particular set of tasks. You cannot copyright an idea.

You write source code that uses a specific method to accomplish your task. You can copyright this.

Someone else has the same idea or likes yours and proceeds to implement his own method of coding on the same micro or a different one to accomplish the same task. That's his copyright , no infringement on yours.

The intention of copyright or patents is to protect the genuine owners' investment in developing the method or material content. Most folks want patents to protect against competition in the market. Investors in new products like that idea and will invest more quickly if they see a monopoly opportunity. Patents only protect you when illegal duplication of your patent is employed and then only if you have the $$ to litigate the matter as the onus of proof is yours.

In the modern 'connected' world where technology cycles are so fast, the usefulness of utiliy patents are lessening. If a small inventor files a patent for a valuable piece of tech, the trolls in certain eastern countries as well as certain central american ones will infringe and flood the market with product before the small guy can scale up. Then they can tie him up in THEIR legal system, if he litigates, as they have the cash flow to do so (from his own patent) while he can't recoup his R&D costs due to the illegal competition.

Trade secrets and bootstrapping to become a significant player seem to be the best way to recoup R&D these days IMHO. If you're lucky you get a few good Angel Investors upfront to quietly speed your time to market and market penetration.

 

[ronsimpson]

Once I wrote a subroutine that was never called. When the file was printed out in ASCII it would say:
"Copy wright ABC company 2015"

 

[alec_t]

"Copy wright ABC company 2015"

Ah, but that 'wright' is wrong. To right the wrong, the right right to write is 'right' .

 

[Colin]

"Ah, but that 'wright' is wrong. To right the wrong, the right right to write is 'right' "

Wonderful

 

[Jon Wilder]

That was another thought of mine...embedding some bit of useless code (or sequence of data bytes present in a specific memory region) that gets flashed in with the code...as a sort of "software watermark". That would be a great way of proving that a company actually did steal your exact code as they would never have known of that bit of code's existence.

 

[ericgibbs]

Assuming you had 'proof' of a copyright infringement, do you have the time and financial muscle to fight a home or overseas company in Court, that could take months to resolve.?

 

[Ian Rogers]

Assuming you had 'proof' of a copyright infringement, do you have the time and financial muscle to fight a home or overseas company in Court, that could take months to resolve.?

AND!!! Several countries do not even acknowledge copyright!!! So it ends there...

 

[Colin]

I had all my projects and kits copied by a person in Hong Kong and sold to distributors in the US.

The circuits, layout and PC boards were not altered in any way.
The copying was obvious.
The cost of initiating a court case was over $36,000 and that was 15 years ago.
That is only the starting cost.
It is absolutely pointless even starting a challenge.
You will be bankrupt in costs before you even get to the door of the court.

 

[MrAl]

Once I wrote a subroutine that was never called. When the file was printed out in ASCII it would say:
"Copy wright ABC company 2015"

Hi,

It's a good idea, but you also need to call that routine or the compiler might optimize it out of the actual code. If the compiler shows bytes used you can tell because inclusion of the routine will not use any more bytes unless it is called, and then it will use a lot more bytes.

void Copyright(void)
{
String[]="Copyright 2015 Microjerk Inc.";
}
Copyright();

 

[Jon Wilder]

Unless you code in assembly. Then everything gets assembled in.

Quite honestly, the products I design and build are for a niche market so I highly doubt other countries would ever go copying any of my stuff. No...I'm more concerned with people within the community of our niche market pulling this off. People who have always wanted to release some sort of MIDI product but don't have any background in microcontrollers and would rather copy someone else's device than take the time and learn how to make their own MIDI stuff.

People in this community have long been reverse engineering other peoples' guitar amp mods because that's easy enough to do. I'm just looking to keep those without an embedded electronics background from going in and trying to capitalize on a product that took me time to design.

 

[Ian Rogers]

I'm just looking to keep those without an embedded electronics background from going in and trying to capitalize on a product that took me time to design.

For someone to even get interested, there has to be a worth while goal!!

I have several products on the market!!! I never need to code protect my chips... If I have a 16k program that someone wants to reverse engineer... Go for it! It'll take an age.... Some of these C optimizers make reverse engineering a piggin' nightmare!! If we were making a million pound a year, maybe it would be worth someone doing it, but alass! It isn't!!

 

[Nigel Goodwin]

Some of these C optimizers make reverse engineering a piggin' nightmare!! !

I've yet to see a C compiler that doesn't produce really horrible machine code

As you say, it's an absolute nightmare to try and make sense of it.

 

[ericgibbs]

I have several products on the market!!! I never need to code protect my chips... If I have a 16k program that someone wants to reverse engineer... Go for it!

I applied the same philosophy to my products, the best way to keep ahead of the competition is to upgrade your products about every 2 years.
Using the latest technology at that time usually means a reduction in the selling price and improved performance of the product.

 

[Ian Rogers]

I applied the same philosophy to my products, the best way to keep ahead of the competition is to upgrade your products about every 2 years.
Using the latest technology at that time usually means a reduction in the selling price and improved performance of the product.

True!

I have a system that is now 8 years old.... There have been 4 revisions.... Each revision is a different chip! So inevitably, slightly different code... Once my new system is up and running ( pic32 with 256k code memory) I won't need to protect that either!

 

[Diver300]

I've also had my designs copied. In my case the circuit, but not the layout was copied, as was the firmware. The main customer for our product got copies made, and resorted to commissioning burglaries to get the source code. That also shows what sort of people you have to deal with.

There is absolutely nothing that a small company can do after the event. As Colin says, the winner will usually be the one who can keep paying the lawyers longest.

My big mistake was not putting a backdoor into the software, as it was an internet-connected device and that would have been possible. However, all that would have probably been achieved would have been a lot of inconvenience for the final customers, who didn't realise that they were buying stolen IP. The affect on the copyright thief would have been less. If the full source code had been obtained, the back door would have been closed.

As copyright theft is so easy, it is also quite easy for someone to steal your IP, and then claim that it is theirs and use the legal process to stop you using it. This particularly applies to patents. For individuals and small companies, it can help to publish designs so as to be able to prove that the patent or stolen design was predated. However, if the first you know about your design being stolen is a cease and desist court order preventing you from using it, you might as well design something else.