password for autoupdate?
password for autoupdate?
Is there anyway I can set up some kind of password for autoupdate?
-
- Posts: 513
- Joined: Sat Apr 26, 2008 7:14 am
Re: password for autoupdate?
see the update_authenticate_func and update_shutdown_func described in (C:\Nburn\examples\AutoUpdateFeatures)
Re: password for autoupdate?
Is there any way I can scramble the firmware so other people can't use this in normal netburner boards?
It would be great if I could have some intermediate function as the firmware is receive to decode it.
Any clue about how I can do this?
It would be great if I could have some intermediate function as the firmware is receive to decode it.
Any clue about how I can do this?
Re: password for autoupdate?
Which netburner device do you have? If it is a module, then you could add an external security chip or similar component. I haven't done this before, but it might be worth looking into if I had a major concern.
Re: password for autoupdate?
I was thinking of some function to override or maybe a callback, where I could change was is being received before passing that to autoupdate. So I could use AES or some similar block cipher to decode the firmware.
Re: password for autoupdate?
This is a how paranoid do you want to be question....
Most Paranoid:
IF the person trying to steal your software is technically savy then could do a memory dump from your board and make an
S19 file they could program in another identical netburner.
My guess is that most of our developer customers could accomplish this in one to four days.
The only sure fire way to combat this is to add some kind of security key.
Something like on of the maxim one wire secure tokens connected to a gpio pin.
Less Paranoid:
Since you need to modify both autoupdate and the netburner side of the same I'd reccomend that you start with the tcpupdate
and modify that. You will notice that tcpupdate handles a stream of data.
Look in nburn\system\tcpupdate and replace all the ReadWithTimeout calls with your own decoder function.
On the send side you will need to modify the tcpupdate PC app to do the same.
nburn\pctools\tcpupdate.
You would need to replace all the send calls in updatedlg.cpp with your encodding send function.
Note that you can not just encrypt the S19 file as both autoupdate and tcpupdate read the S19 decode it to binary and
send the binary image.
Least Paranoid:
If your customers are completely non-technical then you can just change the platform name
and auto update will fail.
Note that the first line of the _APP.S19 is something like: S0MOD5270
The part after the S0 must match the name in bsp.c
const char * PlatformName = "MOD5270";
If you change this name then you can't do an easy autoupdate.
(You have to change the text in the _APP.s19 to match the new name.)
Most Paranoid:
IF the person trying to steal your software is technically savy then could do a memory dump from your board and make an
S19 file they could program in another identical netburner.
My guess is that most of our developer customers could accomplish this in one to four days.
The only sure fire way to combat this is to add some kind of security key.
Something like on of the maxim one wire secure tokens connected to a gpio pin.
Less Paranoid:
Since you need to modify both autoupdate and the netburner side of the same I'd reccomend that you start with the tcpupdate
and modify that. You will notice that tcpupdate handles a stream of data.
Look in nburn\system\tcpupdate and replace all the ReadWithTimeout calls with your own decoder function.
On the send side you will need to modify the tcpupdate PC app to do the same.
nburn\pctools\tcpupdate.
You would need to replace all the send calls in updatedlg.cpp with your encodding send function.
Note that you can not just encrypt the S19 file as both autoupdate and tcpupdate read the S19 decode it to binary and
send the binary image.
Least Paranoid:
If your customers are completely non-technical then you can just change the platform name
and auto update will fail.
Note that the first line of the _APP.S19 is something like: S0MOD5270
The part after the S0 must match the name in bsp.c
const char * PlatformName = "MOD5270";
If you change this name then you can't do an easy autoupdate.
(You have to change the text in the _APP.s19 to match the new name.)