Protecting Against Piracy Of Raspberry Pi Apps???

Joseph_Claeys · December 28, 2015, 6:33pm

[quote=238138:@Mike Cotrone]Or something like this.

http://store.mobileappsystems.com/100052 [/quote]

This is neat. Thanks for sharing.

Marco_Hof · December 28, 2015, 6:40pm

Don’t forget to check if it’s the real /proc/cpuinfo (and not a cloned copy mounted in place). I think you can check that with fstat() and the filesize needs to be 0.

scott_boss · December 28, 2015, 6:42pm

[quote=238156:@Norman Palardy]Right now remote debugging and debugging literally CAN’T work
But we’re working on that :)[/quote]

we know and appreciate all the hard work yall are doing to remedy that.

jim_mckay · December 28, 2015, 6:50pm

[quote=238157:@James Redway]By capturing the CPU serial number you have at lease one element that makes the Pi unique. You can then save that serial number to the SD Card in an encrypted database, and if the SD card is removed and placed into another Pi, the software will no longer work. I think this has value for those who want to use Xojo to develop for the Pi.

[/quote]
Just thinking…
You could use a build script to insert the encrypted/obfuscated CPU serial into the App’s code and build a unique binary for each Pi, then include an encrypted DB with a salted hash of the executable where the app could check that it’s on the machine it expects and the executable code hasn’t been modified/hacked.

Still not totally unhackable, but a giant pain for any would-be pirate if you add the checks at fairly random spots throughout the app.

James_Redway · December 28, 2015, 7:00pm

[quote=238165:@jim mckay]Just thinking…
You could use a build script to insert the encrypted/obfuscated CPU serial into the App’s code and build a unique binary for each Pi, then include an encrypted DB with a salted hash of the executable where the app could check that it’s on the machine it expects and the executable code hasn’t been modified/hacked.

Still not totally unhackable, but a giant pain for any would-be pirate if you add the checks at fairly random spots throughout the app.[/quote]

Adding the CPUs serial number to the code and having a unique build would add another layer of security. Good idea.

Norman_P · December 28, 2015, 7:06pm

[quote=238158:@Jean-Yves Pochez]@Norman Palardy :
something simple that could be included in the System class ? not only for the Pi in fact.[/quote]
What ?
I have no idea what you’re talking about

Norman_P · December 28, 2015, 7:08pm

was empty so I guess that means I wasn’t good or bad - kind of neutral

Arturo_Garcia · August 25, 2017, 2:17pm

[quote=238141:@Mike Cotrone]Re-post to working project example:
https://www.dropbox.com/sh/cm427dppf80p800/AABYi6Y6dHzzTtlpXEFM4sv4a?dl=0[/quote]

I know this is an old post, but would it be possible to post the working code or a link to download the project? This is very useful for a Raspberry project I am working on.

Thanks

Marc_Bates · November 25, 2017, 1:25am

Definitely a “me too” in this aspect as far as the working code/project example. This is why I hate 3rd party hosting/links. they ALWAYS go dead.

Michael_Conner · January 1, 2018, 8:13am

I know this is an old post, but would it be possible to post the working code or a link to download the project? This is very useful for a Raspberry project I am working on.

The solution was posted by Mike Cotrone called Pi2SerialTest.xojo_binary_project

Christopher_Wade · January 2, 2018, 6:55pm

Just something to consider:
Chances are someone who owns a Raspberry Pi is likely to get a new one somewhere along the way and retire the old one. Personally, I wouldn’t repurchase an application every time that I get a new computer.

Now there can be mechanisms put in place to allow for this, but honestly, the apps that try to make the process too difficult are the ones that get cracked the most because people figure out how to do it for legitimate reasons and then it spreads.

So when it comes to anti-piracy methods, be careful.

Michael_Conner · January 2, 2018, 9:45pm

I have another purpose in mind for the serial number from the board, not really interested piracy or anything of the likes.
Thanks though.

Michael_Conner · January 5, 2018, 6:39am

This seems to work retrieving the serial:

FROM LINUX STREAM EDITOR:
Processor : ARMv6-compatible processor rev 7 (v6l)
BogoMIPS : 697.95
Features : swp half thumb fastmult vfp edsp java tls
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xb76
CPU revision : 7

Hardware : BCM2708
Revision : 1000002
Serial : 000054000000000d

XOJO:

Dim GetPiSerial As New Shell
Dim cmd As String

#If TargetLinux Then

cmd = “sed -n ‘/^Serial/{s/.* //;p}’ /proc/cpuinfo”
GetPiSerial.Execute(cmd)

If GetPiSerial.ErrorCode = 0 Then
MsgBox( GetPiSerial.Result)
Else
MsgBox( "Error " + Str(GetPiSerial.ErrorCode) )
End If

#Endif

Kato_Gangstad · January 5, 2018, 7:32pm

The «pirate» only need to add his own custom «sed» executable that display the same fake information each time it runs.