ame
Posts: 3172
Joined: Sat Aug 18, 2012 1:21 am
Location: Korea

Re: How to lock SD card with the device

Tue Feb 11, 2014 6:35 am

batrashish wrote:How about MAC ID instead of Serial number?
It can be spoofed. And the model A Pi doesn't have one.

batrashish
Posts: 26
Joined: Sat Feb 08, 2014 6:17 am

Re: How to lock SD card with the device

Tue Feb 11, 2014 6:39 am

rpdom wrote:
ame wrote:The first loophole is in step a). You are relying on the OS not to lie to you about the serial number.
That isn't a real problem. It is fairly trivial to bypass the OS and get the serial number direct from the system using a mailbox call.

Ashish > Please let me know how to use the mailbox command, which can bypass the OS.

However, it isn't hard to examine the code of a compiled C routine and work out what it is doing, especially a simple "read file, decrypt, write data" one.

Ashish > Here is the catch. You are reading the file, and decrypting it inside the binary code and you are not writing the data. Instead of writing the data you are using that data stored in a string variable and passing as an argument to the System command which runs the Python with option "-c". In this case you do not have to expose the Decrypted Code.
Advantage is that you are decrypting and executing inside the binary file without actually exposing your decrypted Python Code.

[edit]MAC id isn't a good one to choose. It is based on the serial number, but can be overridden by an option in cmdline.txt

User avatar
rpdom
Posts: 15587
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to lock SD card with the device

Tue Feb 11, 2014 7:21 am

ame wrote:
batrashish wrote:How about MAC ID instead of Serial number?
It can be spoofed. And the model A Pi doesn't have one.
Actually the model A Pi does have one. It just isn't used for anything.

The default MAC address is the Raspberry Pi Foundation's ID B8:27:EB followed by the last 6 hex-digits of the serial number.

User avatar
rpdom
Posts: 15587
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: How to lock SD card with the device

Tue Feb 11, 2014 7:28 am

batrashish wrote:Please let me know how to use the mailbox command, which can bypass the OS.
I've only done it in assembler in a Bare Metal environment, but it should be fairly easy in C under Linux.

Here's a link that will help you http://www.raspberrypi.org/forum/viewto ... 31&t=18936

batrashish
Posts: 26
Joined: Sat Feb 08, 2014 6:17 am

Re: How to lock SD card with the device

Tue Feb 11, 2014 7:37 am

batrashish wrote:
FLYFISH TECHNOLOGIES wrote:Hi,
DougieLawson wrote:On a machine with a BIOS you may be able to have a secure password stored in the hardware. The RPi doesn't have a BIOS.
Earlier in this discussion I mentioned a hardware dongle to overcome this issue... it seems that nobody noticed it and it is still believed that BIOS is the only place to store hardware password...

It might be a proper moment to provide out-of-the-box hardware decryption engine tailored to the RasPi... ;-)


Best wishes, Ivan Zilic.
Hello Ivan,
Could you elaborate more on Hardware Donge Solution.
Any links would be helpful..


Regards,
Ashish


I have found out a way.
It is as follows:
a) Hard code the serial number of the device in the python code and compare it with the device serial number before execution of actual code.
b) encrypt the python file using base64encryption. I know, that this code can be decrypted (Hold on to see the next few steps)
c) After you get the encrypted code, Encrypt it further by witing a simple C code in which this encrypted Python file is passed as input. Now this encryption is only known to you since you have written the algorithm for it. After this step you get further encrypted code which you only can decrypt. This encrypted file will be useless for Others. This encrypted file will be given to the customer.
d) Write another C code to do the following:
i. Read the doble encrypted file as input, which was produced in step C
ii. Decrypt it internally to get the Original Python Base64 encrypted code, in a variable.
iii. Pass this variable as input to Python command with "-c" option, which is called from inside the C code using System command of C language.

You are going to give only 2 files to the customer
A file which you produced in step C, With double encryption.
A file which your produced in Step D (The binary file of the c code, which cannot be decrypted)

Now the customer has the files which he needs for execution. But can not get the source code of the python file since both decryption and execution of the code source code are happening inside "C" binary file.

Please let me know if there is any loophole in the idea.?

Regards,
Ashish

Regards,
Ashish

gkreidl
Posts: 6136
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: How to lock SD card with the device

Tue Feb 11, 2014 9:37 am

This is really simple: I'd disassemble the C-Code (both programs) and WOW ... there's no protection against a really good hacker (which I'm not).

The only reason to hack your system might be that you take much more money for it than it's really worth (or just for the fun of it). Best copy protection is a realistic price and giving good support to your customers. For a layman it will be "secure" enough, if you precompile the Python file to .pyc.

But there's another aspect to it: In these days, where lot's of Big Brothers are trying to enter every system, I would never trust software that is not open source.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

User avatar
FLYFISH TECHNOLOGIES
Posts: 1750
Joined: Thu Oct 03, 2013 7:48 am
Location: Ljubljana, Slovenia
Contact: Website

Re: How to lock SD card with the device

Tue Feb 11, 2014 1:02 pm

Hi Ashish,
batrashish wrote:Could you elaborate more on Hardware Donge Solution.
The general description link is http://en.wikipedia.org/wiki/Software_protection_dongle

There are several implementations, one very easily to break is if your software checks only a presence of the dongle. The cracker can locate these calls in the code and modify them to always return true.

The more "dynamic and active" involvement of the dongle is implemented, the harder is to break the protection. Most likely, your application reads/stores some data and processes/calculates something. These are good candidate spots where to involve the dongle and "outsource" few algorithms to it.

The ideal case is when you have somewhere (under your control) a server feeding the data for this RasPi. Here you provide encrypted data and the RasPi decrypts it via the dongle.
Another hard-to-break protection is in case your application also communicates with any board (to control or measure something). If you merge this I/O hardware with the protection features, the crackers will have hard time to break it.
In those two cases you don't prevent access, but the content is garbage.

If stored data is also important then you could consider to store it inside the protection dongle. It is not easy to copy its content, therefore this is additional huge obstacle to the crackers.

As you can see, there are several possible approaches, the selection criteria should be based on features of your application.

P.S. In the text above I'm mentioning a dongle, it could equally be an USB stick or GPIO add-on as well.


Best wishes, Ivan Zilic.
Running out of GPIO pins and/or need to read analog values?
Solution: http://www.flyfish-tech.com/FF32

batrashish
Posts: 26
Joined: Sat Feb 08, 2014 6:17 am

Re: How to lock SD card with the device

Thu Feb 13, 2014 7:46 am

rpdom wrote:
batrashish wrote:Please let me know how to use the mailbox command, which can bypass the OS.
I've only done it in assembler in a Bare Metal environment, but it should be fairly easy in C under Linux.

Here's a link that will help you http://www.raspberrypi.org/forum/viewto ... 31&t=18936
Dear RPDOM,
Could help me with a sample C code to get serial number from hardware.
I was trying figure out on the link that you shared, but could not find it.
Please help me out

Thank you for your help in Advance.

Regards,
Ashish

User avatar
DougieLawson
Posts: 36568
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to lock SD card with the device

Thu Feb 13, 2014 11:36 am

Code: Select all

#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <string.h>

#define BUF_SIZE 256

int main() {
        int file;
        ssize_t n;
        char *filename = "/proc/cpuinfo";
        char buffer[BUF_SIZE];
        char *foundit;
        char *foundit2;

        if ((file = open(filename, O_RDONLY)) < 0) {
                perror("failed to open");
                return 20;
        }

        bzero(buffer,256);
        while((n = read(file, &buffer, BUF_SIZE)) > 0) {
                if (n < 0)
                    error("ERROR reading from /proc/cpuinfo ");
        }
        foundit = strstr(buffer, "Serial");
        foundit2 = strstr(foundit, ":");
        strtok(foundit2, " :\r\n");
        printf("Pi Serial #: %s\r\n", foundit2);
}
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

batrashish
Posts: 26
Joined: Sat Feb 08, 2014 6:17 am

Re: How to lock SD card with the device

Thu Feb 13, 2014 11:43 am

DougieLawson wrote:

Code: Select all

#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <string.h>

#define BUF_SIZE 256

int main() {
        int file;
        ssize_t n;
        char *filename = "/proc/cpuinfo";
        char buffer[BUF_SIZE];
        char *foundit;
        char *foundit2;

        if ((file = open(filename, O_RDONLY)) < 0) {
                perror("failed to open");
                return 20;
        }

        bzero(buffer,256);
        while((n = read(file, &buffer, BUF_SIZE)) > 0) {
                if (n < 0)
                    error("ERROR reading from /proc/cpuinfo ");
        }
        foundit = strstr(buffer, "Serial");
        foundit2 = strstr(foundit, ":");
        strtok(foundit2, " :\r\n");
        printf("Pi Serial #: %s\r\n", foundit2);
}

Thank you Dougie,
But In this we are reading the file "/proc/cpuinfo" and not directly from H/W.

Is there any possibility that any one can mess around with this file and change the serial number, by mounting the SD card on any other machine and change the Serial number?

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6084
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: How to lock SD card with the device

Thu Feb 13, 2014 11:57 am

It's not a real file that physically exists on the sd card. It's a way to communicate with the kernel.

User avatar
DougieLawson
Posts: 36568
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to lock SD card with the device

Thu Feb 13, 2014 11:58 am

The /proc virtual filesystem is built by a kernel module. You can't update it, even as root. You could rewrite the kernel module to supply different results.

Source code is here: https://github.com/raspberrypi/linux/bl ... /cpuinfo.c
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

batrashish
Posts: 26
Joined: Sat Feb 08, 2014 6:17 am

Re: How to lock SD card with the device

Thu Feb 13, 2014 12:10 pm

Thank You all for your valuable Inputs.

I appreciate your valuable time you have given to provide the information.

Regards,
Ashish

MattF
Posts: 55
Joined: Tue Feb 12, 2013 10:01 am

Re: How to lock SD card with the device

Thu Feb 13, 2014 2:06 pm

A couple of things to think about)

1: /proc is a special file system, but under certain circumstances it can be uncounted. Or mounted somewhere else and a hand crafted /proc/cpuinfo created.

2: you might be in a chroot jail, in which case all bets are off.

In the absence of a hardware capability like TPM obfuscation is pretty much the best you can hope for.

Using digital certificates,with an online check for any that have exceeded their usage is a possibility, but this is breakable as well.

User avatar
jojopi
Posts: 3086
Joined: Tue Oct 11, 2011 8:38 pm

Re: How to lock SD card with the device

Thu Feb 13, 2014 2:52 pm

batrashish wrote:Is there any possibility that any one can mess around with this file and change the serial number, by mounting the SD card on any other machine and change the Serial number?
We could modify the kernel, load a module, mount /proc in a different place, overlay, chroot, intercept the request with LD_PRELOAD or ptrace(), alter the path in the binary, or just defeat your test by changing the allowed serial number.

I am not convinced that we actually need the C program to be able to run your Python anyway.

To make it even slightly difficult to work around your restrictions, you would need to have a better understanding of the issues than your attacker, which I think you do not. A beginner or a non-programmer probably will be stuck, however, simply because the SD card is not easy to modify or copy from Windows.

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: How to lock SD card with the device

Fri Feb 14, 2014 9:56 pm

I have code to do what you want in bare metal writing direct to hardware (asm), you would need to map the right address under linux etc.
Let me know if you want me to post it.
Batteries not included, Some assembly required.

batrashish
Posts: 26
Joined: Sat Feb 08, 2014 6:17 am

Re: How to lock SD card with the device

Sat Feb 15, 2014 8:28 am

DexOS wrote:I have code to do what you want in bare metal writing direct to hardware (asm), you would need to map the right address under linux etc.
Let me know if you want me to post it.

Sure, Please mail it to me at [email protected].

Best Regards,
Ashish

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: How to lock SD card with the device

Sun Feb 16, 2014 12:23 am

batrashish wrote:
DexOS wrote:I have code to do what you want in bare metal writing direct to hardware (asm), you would need to map the right address under linux etc.
Let me know if you want me to post it.

Sure, Please mail it to me at [email protected].

Best Regards,
Ashish
Here is a link to the code
http://www.dex-os.com/DexBasic/DexBasicSource.zip
Look in the folder SdMmc and then
SdMmc.inc
DisPlayInFo.inc
Written in FasmArm
Batteries not included, Some assembly required.

Return to “Advanced users”