I’ve seen the question asked several times on the forum of how to ship out update HEX files without the risk of someone flashing their own chips with it. There’s a pretty simple solution using GHI’s update (and probably MS’ update, but I haven’t looked into it yet) and that’s to make your HEX garbage.
When you go to update the firmware or application it has to pass some checks for the hardware to accept it, and even if it is accepted if your HEX has garbage it doesn’t do a pirate much good. So how do we make a garbage HEX that works? Pretty simply.
The first thing you want to do is generate a valid HEX file with MFDeploy.
Now we’re going to want to modify the HEX. There’s a couple of ways of doing that, you could put on a header of known length, seed the file, append a footer, or any combination of the above.
My method of choice is a header. First put in a magic number, a known set of 3 or 4 bytes that says “this is [em]my[/em] update hex”. Next you can tell it what sort of changes you’re making to the file with a single byte, lets say 7 tells us it’s a simple header with build info. So we’ll write 0x07, then we can add things like a build date and version info. Finally add the valid HEX to the end of your file and ship.
Now your updater needs to have a few changes in it. Instead of simply calling SystemUpdate, you now need to create a FileStream and check the header. The really nice thing about this is not only do you protect your data you can also get the version info from the header and make sure you’re flashing a newer version instead of accidentally reverting to an older one or flashing the same version for no good reason.
Once you’ve passed the checks its a simple matter to call SystemUpdate with the remainder of the HEX.
You now have a HEX that is not only secured but gives you more information.
I hope someone finds this helpful.