我们用 C 语言开发了一个应用程序。然后我们交叉编译它并将其移植到运行 Linux 的 ARM 单板计算机上。我们开始向使用此应用程序的客户销售此 SBC 以满足他们的特定需求。但是,我们听说他们还试图入侵 SBC 以复制我们编译的代码,然后对其进行反编译,以便将来开发自己的代码。所以我的问题是:如何保护我在 SBC 中的软件应用程序?我们曾尝试过标准的 Linux 软件保护解决方案,例如 truecrypt,但很难交叉编译到 SBC。有什么建议么?最好的问候, new2RoR
问问题
504 次
1 回答
2
You appear to have two separate issues to deal with here:
- Disclosure of confidential information (e.g. details of the implementation of your software)
- Unauthorised use/modification of your software
The only entirely reliable solution to both is using a SBC with secure boot, and fully trusted execution path (e.g. everything code-signed). This is by no means impossible, but will limit your hardware choices and be high-effort. This is fundamentally contrary to the ethos of the open source movement, and solutions are hard to come by.
Dealing with the issue of confidentiality, disassembling compiled C and C++ is not particularly easy or useful and requires a fairly high level of skill; it won't be an economic attack unless the value of doing so is very high.
Unless you can prevent the attacker getting access to the binary form of the software, you can reduce the attack surface and make life more difficult for any attacker by:
- Stripping symbols
- Obfuscating those symbols that need to remain
- Statically link with libraries.
- Obfuscation or encryption of any data compiled into the software
Preventing unauthorised usage can be achieved by some kind of authentication with something a legitimate user holds and/or code signing
- Code signing can be used to prevent modified versions of the software being used (so long as you trust the operating system to enforce it)
- Using a hardware authentication token or unique identity device can ensure the software isn't copied and used on another system.
In practice, you probably want both of these.
于 2012-12-19T10:27:05.327 回答