This question has been asked and answered here several times. If there is physical access to the card, all bets are off.ertank wrote: ↑Tue Dec 10, 2019 9:35 amHello,
We have a compiled application, GUI, running on Pi. We will be putting that application on an SDCARD/Flash Disk/mSATA and giving away with Pi itself.
We would like to protect that application to be copy/paste to another place for reverse engineering, etc.
We thought of;
1- Use a strong password for user pi like 16 characters with everything mixed.
2- Use LUKS and put out application on an encrypt partition.
What we are afraid of is that someone may have login access (forcefully or similar) to the device and can do as he wish.
We would like to hear any suggestions of prior experiences.
Thanks & regards,
Code: Select all
grep Serial /proc/cpuinfo Serial : 00000000f7dd7cf3
I suspect the Pi 4 serial numbers are also randomly assigned. IIRC they had to set the highest nibble in the serial number to 1 (10000000XXXXXXXX) to signify it is a Pi 4 so the online shop wouldn't issue codec licenses for it.thagrol wrote: ↑Wed Dec 11, 2019 10:02 pmLocking to a serial number won't work. Older model Pi may have the same serial number as another Pi (serial numbers are randomly assigned at the factory, enough Pi have been produced that duplicate serial numbers are a thing) though the risk of that is small. Not sure if the problem also exists on the 4B.
Still lots of them around but it is usually for niche or specialist but expensive software packages like Xilinx Vivado. Thankfully they're USB these days instead of the bad old days of parallel port dongles.
It really depends on what the app is, the price point and the use case and how secure you want to make it. I used to manage CAD design environments for large telecom companies and had the dubious pleasure of interacting with pretty much all the licensing variants.trejan wrote: ↑Wed Dec 11, 2019 10:34 pmStill lots of them around but it is usually for niche or specialist but expensive software packages like Xilinx Vivado. Thankfully they're USB these days instead of the bad old days of parallel port dongles.
The common way to protect code these days is to run the part that needs to be secured in the cloud.
The result from the users point of viewMaciej Witkowiak and Michael Steil wrote:The original GEOS was copy protected in three ways:
- The original loader decrypted the KERNAL at load time and refused to do so if the floppy disk was a copy.
- Desktop assigned a random serial number to the kernel on first boot and keyed all major applications to itself.
- To counter tampering with the serial number logic, the KERNAL contained two traps that could sabotage the kernel.
While SD cards are quieter than floppy disks, they are notoriously the least reliable component of most Raspberry Pi configurations. For this reason, the above analysis and commentary on copy protection applies equally well, in my opinion, to the Pi. In particular, it should be possible to employ the same ideas to secure a program on the Pi; however, the perceived problems with copy protection and the resulting decrease in reliability are also the same.James Esch wrote:GEOS for the Commodore had some fatal flaws that doomed it as a viable 8-bit operating system. The problem can be reduced to two words: copy protection. The GEOS “boot disk” was copy protected. Out of the box, they only gave you one backup boot disk. Berkeley Softworks really outdid themselves in making the boot disk virtually impossible to crack. Although other applications were not copy protected, they were “keyed” to your boot disk, meaning that after “installing” your newest GEOS application, you wouldn’t be able to use those apps unless you booted with your original system disk. This kept GEOS out of the hands of pirates, but it was incredibly short-sighted.
Have you ever seen a 5.25″ floppy disk? It is obscenely easy to mutilate. Have you also seen and heard a 1541 disk drive? Especially one that needs an alignment? A 1541 can perform complex drum solos on your disk that would make Buddy Rich jealous. What this means is that the entire brilliant achievement of software expertise that was GEOS, this user friendly operating environment coded and packaged to make your life easier, was a ticking time bomb waiting for the fateful day that your boot disks got trashed, making ALL of your work irretrievable.