Where are you going to store the key used to unlock the main partition?Jimbo1954 wrote:I dunno....It's too simple! What have I missed?
Now this is a royaly bad idea. You would alienate every one that does not connect there RPi to the net, not to mention any one that has a dial up internet connection. And what happens in 10 years, your server is gone to history, and a registered owner of your software license wants to use it on there old legacy first generation genuine Raspbery Pi Model B?To be honest, that is exactly what I had originally thought of... I would put an element of the code on the server that the software has to 'get' in order for it to work, as the device would have to be connected to the internet always anyway...
Code: Select all
sudo dd if=/dev/mmcblk0 bs=512 count=1 | sha1sum -
Code: Select all
cat /proc/cpuinfo | grep Serial
Hi folks,dauhee wrote:how about this for protecting your intellectual property:
There will be a bit more to it but thats the main part - it will only cover your home folder. If you want to do more then its something like:
Code: Select all
sudo apt-get install ecryptfs-utils sudo apt-get install lsof sudo ecryptfs-migrate-home -u pi
http://www.howtoforge.com/how-to-encryp ... an-squeeze
Here I want to add one thing. is there any possibility of this? we can create c language script which check the mac address. and if it matches then it will give the procceess to decrypt the encrypted img file and run. now convert c file to binary executable file. and delete all readable c files. Now 3rd partition can not understand binary file and even decrypting proccess. so both task can be fullfilled.Jimbo1954 wrote:Lots of interesting comments about ethical considerations, etc, but I'm going to cut to the chase and try for a quick technical fix...tell me your views, you probably have considered this more deeply than I:
1) use full disk encryption to protect your files in the main SD partition
2) create a script that runs at install time and updates another script with the MAC address (or something similar that won't change/is guaranteed unique) of the Pi
3) Arrange that the updated script from 2 above runs at boot time, and compares the MAC address found at install time with the MAC address at run time. If the two are not the same (i.e. the SD card is NOT running on the Pi it was originally installed on) then shutdown.
While running, the files are available on the Pi, but if you block ssh, telnet, etc, and only allow restricted access via Apache or similar, the files will not be observable/copyable. When the person who wants to copy your code tries to examine the SD card, its encrypted. If they simply try to clone the chip blind, the cloned SD will only run in the "parent" Pi, thus making cloning pointless.
I dunno....It's too simple! What have I missed?
Later:....Well Duuuuhhhhh!! I *said* it was too simple...the passphrase would have to be unencrypted, available at boot and so located somewhere it could be read unencrypted at boot....i.e. on the FAT partition of the SD....So when the encrypted chip was removed, the passphrase would come with it and the whole thing could be decrypted. So let my stupidity be a lesson to you all: When it seems too simple, it is, an you should go away and think again before committing to print!
There's nothing to stop the MAC address being spoofed. In much the same way that the cpu serial can be spoofed. You can't use either as an encryption key as they are not secure.hardiksharma.sh wrote: Here I want to add one thing. is there any possibility of this? we can create c language script which check the mac address. and if it matches then it will give the procceess to decrypt the encrypted img file and run. now convert c file to binary executable file. and delete all readable c files. Now 3rd partition can not understand binary file and even decrypting proccess. so both task can be fullfilled.
unless you use a hardware encryption device like mentioned in viewtopic.php?f=31&t=38213&sid=cbd5b152 ... 5#p1187819 it will not work as software onlybpfrare wrote: ↑Thu Aug 10, 2017 4:27 pmI found a topic explain how to encrypt the SD card.
Anyone try this?
https://www.offensive-security.com/kali ... ncryption/