omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Encrypt SD card content

Sun Mar 24, 2013 12:15 pm

Hi all,

I have read a few items on the forums about this, but thought I'd put my exact situation here to see what other users thought and maybe suggest some ideas on how I can do it?

I have developed something with my Pi and would like to sell what I have developed as a package, but obviously do not want someone to simply take the SD card out and copy the content!

What can I do to at least make it difficult (I know everything can be copied) for someone who may want to copy my project and code? I imagine some form of encryption would be needed for this.

I was also thinking of a way to 'hardwire' the SD card into the device, is that a bit farfetched?

I understand everything is 'copyable' but I'd like to make it at least as hard as possible for someone to do it.

Any suggestions?

Thanks!`
Get your Pi from here! http://bit.ly/18blVup

User avatar
malakai
Posts: 1382
Joined: Sat Sep 15, 2012 10:35 am
Contact: Website

Re: Encrypt SD card content

Sun Mar 24, 2013 12:22 pm

I think once you hand them the SD Card there is nothing you could do to stop the data from being copied. The best option I could think of is put the code on a server and control who could connect to that server. Would drive costs up and logistically may not be feasible to your application.

You could maybe compile the software and encode it to check the Serial number of the Pi?
http://www.raspians.com - always looking for content feel free to ask to have it posted. Or sign up and message me to become a contributor to the site. Raspians is not affiliated with the Raspberry Pi Foundation. (RPi's + You = Raspians)

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Sun Mar 24, 2013 12:29 pm

malakai wrote:The best option I could think of is put the code on a server and control who could connect to that server.
To be honest, that is exactly what I had originally thought of... I would put an element of the code on the server that the software has to 'get' in order for it to work, as the device would have to be connected to the internet always anyway...

Thanks

Any other suggestions?
Get your Pi from here! http://bit.ly/18blVup

Joe Schmoe
Posts: 4277
Joined: Sun Jan 15, 2012 1:11 pm

Re: Encrypt SD card content

Sun Mar 24, 2013 12:40 pm

The short answer here is that it is not that hard to design and implement something secure, as long as:

1) You're reasonably competent - and willing to think imaginatively.

2) It doesn't have to be standardized/documented. The real trick in the crypto world is to be able to develop and publish algorithms that are open (visible to the world) and yet still (reasonably) secure. This is obviously ultimately impossible, but they come pretty close in many cases (e.g, ssh).

Anyway, I've done this several times, in various ways.

The idea of having part of it depend on being connected to the Internet is a good one.
And some folks need to stop being fanboys and see the forest behind the trees.

(One of the best lines I've seen on this board lately)

User avatar
malakai
Posts: 1382
Joined: Sat Sep 15, 2012 10:35 am
Contact: Website

Re: Encrypt SD card content

Sun Mar 24, 2013 12:50 pm

I just keep thinking of say a PS3 drive. I believe the reason you can't just make an image of it and copy that to another Hard Drive is the proprietary format of the drive. AFAIK since the Pi uses a standard format encrypted or not any image utility can just make a copy and dump it onto another SD Card and it would boot.

Same example but with the games. This gets confusing to me but there is some form of protection that when making a 1:1 backup they won't work so someone had to make a tool that would write a bypass mechanism into the copy process so it would ignore the security this I have no idea on how to implement.
http://www.raspians.com - always looking for content feel free to ask to have it posted. Or sign up and message me to become a contributor to the site. Raspians is not affiliated with the Raspberry Pi Foundation. (RPi's + You = Raspians)

User avatar
PeterO
Posts: 5156
Joined: Sun Jul 22, 2012 4:14 pm

Re: Encrypt SD card content

Sun Mar 24, 2013 1:11 pm

Joe Schmoe wrote:The idea of having part of it depend on being connected to the Internet is a good one.
I expect someome told EA that before this happened ...
http://www.techdirt.com/articles/201303 ... does.shtml
PeterO
Discoverer of the PI2 XENON DEATH FLASH!
Interests: C,Python,PIC,Electronics,Ham Radio (G0DZB),1960s British Computers.
"The primary requirement (as we've always seen in your examples) is that the code is readable. " Dougie Lawson

dauhee
Posts: 59
Joined: Fri Sep 07, 2012 1:50 pm

Re: Encrypt SD card content

Fri Apr 05, 2013 2:07 pm

how about this for protecting your intellectual property:

Code: Select all

sudo apt-get install ecryptfs-utils
sudo apt-get install lsof
sudo ecryptfs-migrate-home -u pi
There will be a bit more to it but thats the main part - it will only cover your home folder. If you want to do more then its something like:

http://www.howtoforge.com/how-to-encryp ... an-squeeze

User avatar
DeeJay
Posts: 2027
Joined: Tue Jan 01, 2013 9:33 pm
Location: East Midlands, UK

Re: Encrypt SD card content

Fri Apr 05, 2013 3:04 pm

omega1 wrote:I have developed something with my Pi and would like to sell what I have developed as a package
As well as using your Pi's hardware, I'm assuming you will have used a linux kernel and a swathe of other gnu or similarly licensed tools and utilities?

I am not a lawyer or an open source zealot, but you might want to check what obligations are placed on you by the licenses for those tools if you seek to sell something developed using them.
How To Ask Questions The Smart Way: http://www.catb.org/~esr/faqs/smart-questions.html
How to Report Bugs Effectively: http://www.chiark.greenend.org.uk/~sgtatham/bugs.html

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Wed Apr 10, 2013 5:13 pm

DeeJay wrote:As well as using your Pi's hardware, I'm assuming you will have used a linux kernel and a swathe of other gnu or similarly licensed tools and utilities?

I am not a lawyer or an open source zealot, but you might want to check what obligations are placed on you by the licenses for those tools if you seek to sell something developed using them.
Very interesting concept and something I hadn't thought of...

Does anyone know what the position is regarding this?

For example, If I buy a Raspberry Pi (which has the standard Raspian on it and I write some software and then intend to sell the device as a 'standalone' product...

Interesting topic!
Get your Pi from here! http://bit.ly/18blVup

Rene_is_I
Posts: 172
Joined: Tue Dec 25, 2012 12:52 pm

Re: Encrypt SD card content

Wed Apr 10, 2013 6:12 pm

That way I understand it is, that you can sell a system that uses open source software as long as
you include the original copyright and credits.

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Wed Apr 10, 2013 6:21 pm

Rene_is_I wrote:That way I understand it is, that you can sell a system that uses open source software as long as
you include the original copyright and credits.
Which could be detailed in the instruction manual?
Get your Pi from here! http://bit.ly/18blVup

Rene_is_I
Posts: 172
Joined: Tue Dec 25, 2012 12:52 pm

Re: Encrypt SD card content

Wed Apr 10, 2013 6:25 pm

@omega1
Which could be detailed in the instruction manual?
Yup, and if the buyer does not RTFM, well that's their problem. ;)

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Wed Apr 10, 2013 6:29 pm

Rene_is_I wrote:RTFM, well that's their problem. ;)
RTFM... I must use this more often!! :D

I was wondering if anyone could confirm 100% that this would suffice?
Get your Pi from here! http://bit.ly/18blVup

wirelessmonk
Posts: 47
Joined: Sat Sep 08, 2012 2:58 am
Location: The Colonies

Re: Encrypt SD card content

Wed Apr 10, 2013 7:02 pm

It depends on what licenses are involved. Even in Opensource, there are numerous licenses to consider. Debian is distributed under approximately 20.

If you've created software that runs in linux and on an ARM processor, I believe you are covered with acknowledging Debian's licenses in the manual.

I may well be mistaken, but additions or modifications to the OS may obligate you to share your source code.

There are numerous resources online. I checked Wikipedia and Debian's wiki, for example.

Rene_is_I
Posts: 172
Joined: Tue Dec 25, 2012 12:52 pm

Re: Encrypt SD card content

Wed Apr 10, 2013 7:18 pm

This is turning out to be a real interesting thread.
I'm wondering just how one gets a definitive answer to this as there seems to be many interpretations.

Considering how many devices use Linux these days, from set top boxes to IPTV servers to routers and even NAS boxes, not once have I seen any acknowledgement on the actual product and I doubt very
much if the manufacturer will be very forth coming if they received a request for a copy of the software simply because it's based on open source.

Modifying the kernel maybe different but if someone writes an app and compiles it using gcc or whatever other compiler, I can't see why:
1) The source code should be public
2) One has to specifically mention that the app was compiled using WhateverCompiler Ver xxxx

Rene_is_I
Posts: 172
Joined: Tue Dec 25, 2012 12:52 pm

Re: Encrypt SD card content

Wed Apr 10, 2013 7:50 pm

OK been doing some more reading on GPL etc and I think it works like this:

You develop an app/range of apps that run on some distro.
You can't stop someone making copies of that distro if it's GPL based, but your app/s may not be copied
as you have decided to make them non-GPL and that is what you are charging for, not the GPL stuff.

I'm no lawyer so would like to hear others opinions or perhaps there are some lawyers in the house?

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Thu Apr 18, 2013 5:45 pm

Hi all, thank you for your replies and suggestions.

I'm at a stage where I need to decide how I'm going to do this, but am really stuck with how encryption works and what to use to achieve what I want.

As I mentioned in the first post, I'd like to find a way to ensure that if someone takes out my SD card the content cannot be copied or simply cloned to another SD card.

I have made it so that some of the files are dragged off a server and even made a reference to the Pi's serial number, but if the SD content is available, anyone can copy/modify the files and bypass any of this.

I've taken a look at some of the links for encryption but I feel a little out of my depth. As most of the content is in a /home/user/ folder I guess it would be sufficient to just encrypt this folder.

Are there any really simple step by step guides on how to do this?
Is the folder always encrypted?
How do I manipulate data (read/write) these files (if they are encrypted), does the encryption software take care of this?
Will the unit boot normally or will I have to enter a password/passkey on boot?

Thanks in advance for any input into this.
Get your Pi from here! http://bit.ly/18blVup

technion
Posts: 238
Joined: Sun Dec 02, 2012 9:49 am

Re: Encrypt SD card content

Fri Apr 19, 2013 5:18 am

A very blunt way of putting this is..

If you encrypt your SD card in such a way that the "key" for that encryption is also on the SD card, or otherwise available to the Pi, you have satisfied the need as far as most marketing departments are concerned, but failed to achieve the goal. Anyone who walks away with the Pi, walks away with the encrypted data AND the keys for that data.

If you store the key elsewhere, how is it accessed? Online options were discussed above. Other options involve forcing the user to call you for a key every time they boot. This is terribly inconvenient.

The reality here is that corporations like Microsoft have much bigger budgets than yourself, and invest large amounts of that antipiracy. The most successful element of this is not a technical measure, but the one where they conduct "random audits". Yet MS Office and Windows are widely pirated.

In short, I don't believe you will achieve your goal with a technical measure, unless you want to seriously inconvenience your users.

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Fri Apr 19, 2013 12:41 pm

I think I'll go with a different approach to this... I'm thinking of some kind of hardware protection, maybe a programmable PIC (that contains a serial number) connected to the device somehow. (Or something along those lines!)

Thanks to all for your suggestions, comments and advice!
Get your Pi from here! http://bit.ly/18blVup

User avatar
jojopi
Posts: 3088
Joined: Tue Oct 11, 2011 8:38 pm

Re: Encrypt SD card content

Fri Apr 19, 2013 12:55 pm

omega1 wrote:I'm thinking of some kind of hardware protection, maybe a programmable PIC (that contains a serial number) connected to the device somehow.
Unless the PIC is itself running a lot of the project, I do not see that this is any harder to defeat than tying to the SoC or SD card serial number.

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Fri Apr 19, 2013 1:06 pm

To be honest, I've just though this through and if they can get to the SD card content, they can just bypass with part where it checks anything (hard of software) so I'm back to square one...

Apart from filling the SD card socket with some kind of glue or compound, I really cant see what I can do...
Get your Pi from here! http://bit.ly/18blVup

omega1
Posts: 113
Joined: Mon Jul 02, 2012 3:10 pm
Location: UK
Contact: Website

Re: Encrypt SD card content

Fri Apr 19, 2013 1:34 pm

Out of interest, I've been looking at eCryptfs and managed to encrypt a directory, but would I be right in thinking that I could not use encrypted files in a 'live' environment?

So if I encrypt a handful of files in a directory and then encrypt that directory, I wasn't able to use any of the files as they were encrypted.

Is there no solution where the files can be encrypted but still used in 'realtime'?
Get your Pi from here! http://bit.ly/18blVup

smajtkst
Posts: 1
Joined: Sat May 18, 2013 8:41 pm

Re: Encrypt SD card content

Sat May 18, 2013 9:02 pm

how about this for protecting your intellectual property:

Code: Select all
sudo apt-get install ecryptfs-utils
sudo apt-get install lsof
sudo ecryptfs-migrate-home -u pi
Hi dauhee, could I make you a question since I think this is what I need?
Once I encrypt my home directory, if my scripts are there, they will run when the system boots (it is supposed to run my home scripts on system startup), but if someone takes the SD card and try to read from another system those files will be encrypted, Is that? am I right or wrong?
I don't want to try stuff on my RPI until I'm sure that that's what I need.
Thank you in advance for your help!

sprinkmeier
Posts: 410
Joined: Mon Feb 04, 2013 10:48 am
Contact: Website

Re: Encrypt SD card content

Sat May 18, 2013 11:29 pm

Moral
You're taking millions of hours of work (GNU, Linux, RasPi, etc.) designed to be open and shared for the benefit of everyone, adding a few hours of your work and locking up the result.
Not cool.

Legal
Read the GPL and some of the other licenses used for the work you're trying to lock up.
Then read https://en.wikipedia.org/wiki/Software_ ... Litigation
The suit against High-Gain Antennas was settled on March 6, 2008 with the company agreeing to comply with GPL and paying an undisclosed sum to the plaintiffs.
By the time you pay for lawyers to make sure you're in the clear you'd be better off paying for a suitably licensed 'closed' platform.

Technical
You are trying to implement DRM, something the combined might of Microsoft, Sony, MPAA, Nintendo, Sega and countless others have failed to do.
Note that they all used closed hardware backed up by restricted licenses (defence in depth, if you can't stop them with tech sue them in court!).
At least give yourself a fighting chance by NOT starting with an Open platform.

Jimbo1954
Posts: 5
Joined: Wed Aug 14, 2013 9:37 pm

Re: Encrypt SD card content

Wed Aug 28, 2013 8:46 pm

Lots of interesting comments about ethical considerations, etc, but I'm going to cut to the chase and try for a quick technical fix...tell me your views, you probably have considered this more deeply than I:

1) use full disk encryption to protect your files in the main SD partition
2) create a script that runs at install time and updates another script with the MAC address (or something similar that won't change/is guaranteed unique) of the Pi
3) Arrange that the updated script from 2 above runs at boot time, and compares the MAC address found at install time with the MAC address at run time. If the two are not the same (i.e. the SD card is NOT running on the Pi it was originally installed on) then shutdown.

While running, the files are available on the Pi, but if you block ssh, telnet, etc, and only allow restricted access via Apache or similar, the files will not be observable/copyable. When the person who wants to copy your code tries to examine the SD card, its encrypted. If they simply try to clone the chip blind, the cloned SD will only run in the "parent" Pi, thus making cloning pointless.

I dunno....It's too simple! What have I missed?

Jim

Later:....Well Duuuuhhhhh!! I *said* it was too simple...the passphrase would have to be unencrypted, available at boot and so located somewhere it could be read unencrypted at boot....i.e. on the FAT partition of the SD....So when the encrypted chip was removed, the passphrase would come with it and the whole thing could be decrypted. So let my stupidity be a lesson to you all: When it seems too simple, it is, an you should go away and think again before committing to print!
Last edited by Jimbo1954 on Tue Sep 03, 2013 9:17 pm, edited 1 time in total.

Return to “General programming discussion”