Selling Pi-based products very hard to hack


Recommended Posts

Hi all,
I'm interested in developing and selling a product containing an Orange Pi or Raspberry Pi with embedded software protected by Intellectual Property. I would like it to be as hard as possible for a customer/hacker to get root access or steal software or data out of it. 

I found the OrangePi to have an 8GB eMMC which would be enough for both OS and our data and probably would be more secure than SD.  

I'm aware of how to secure network and application layers, but how to secure the device from a customer/hacker who bought the device and thus have physical access to it?

I would like to prevent or make it very hard for him to read the eMMc memory or get root access to the device. Which steps, links and tools do you recommend?

 

Thanks all!
Pietro

Link to post
Share on other sites
Donate and support the project!

Hi Pietro,

 

If your software is so good, that people are willing to pay money "if they rather use it than steal it", well done.

If you offer it to others who do not have the money but use it, test it and give you feedback and even help you to make it better - win - win.

This is how https://www.invoiceninja.com/  built a great company - listen to the podcast on https://twit.tv/shows/floss-weekly/episodes/506?autostart=false

 

so long

Link to post
Share on other sites
4 hours ago, pietrom said:

Hi all,
I'm interested in developing and selling a product containing an Orange Pi or Raspberry Pi with embedded software protected by Intellectual Property. I would like it to be as hard as possible for a customer/hacker to get root access or steal software or data out of it. 

I found the OrangePi to have an 8GB eMMC which would be enough for both OS and our data and probably would be more secure than SD.  

I'm aware of how to secure network and application layers, but how to secure the device from a customer/hacker who bought the device and thus have physical access to it?

I would like to prevent or make it very hard for him to read the eMMc memory or get root access to the device. Which steps, links and tools do you recommend?

 

Thanks all!
Pietro

 

As a whole your inquiry kind of pains me... but here's the truthiest answer:

 

 If you have data you want people to have, don't store it on the device.  Have it pull from the cloud and store in memory.  Or encrypt on disk, and decryption key is pulled from cloud and stored in memory.   

 

Luckily for you, that means it can be solved via network and application layers.

Link to post
Share on other sites

Learn something from game consoles' DRM systems, like Xbox One/PS4. Basically you need secure boot to ensure bootloader/kernel integrity, and something like TPM to store the encryption key and only unseal the key to trusted bl/kernel.

 

Seems to be impossible with AllWinner and RPi SoC.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.