Selling OrangePi-based product hard2hack

(Pietro) #1

Hi all,
I’m interested in building and selling a product containing an Orange Pi or Raspberry Pi with embedded software protected by Intellectual Property. I would like it to be as hard as possible for a customer/hacker to get root access or steal software or data out of it.

I found the OrangePi to have an 8GB eMMC which should be more than enough to store our data.

I’m aware of how to secure network and application levels, but how to secure the device it from a customer/hacker who bought the device?

I would like to prevent or make it very hard for him to read eMMc memory or get root access to the device. Which steps, links and tools do you recommend?

Thanks all!

(Amzker Pro Hacker) #2

Making secure it from Customer
It’s not possible :+1:
And please change category to Random
I think it’s not related to OS Support


So what you want to protect is the intellectual property right? Software, designs and some such yes? If so then the answer is going to within how said software is coded. It would be undesirable to block features of the pi if the customer is buying the device rather than just leasing access to it, if they buy it is their property they ought to be able to do whatever the hell they wish with it. Access to data can be controlled by sandboxing, blocking access to system calls, encryption, access control policies and other things that are all going to be related to the operating system you’re working with.

There’s also keeping whatever data you don’t want them to have off of the device, of course if it’s data they are generating it is to an extent their data and you may (legally) have to provide some access to it. But there are too many variables and too little details in your description to know where to start looking.

(Pietro) #4

Hi muroga.
The customer won’t buy the device, but the service it provides. I will remain the owner of the device, while the customer will have access to the functionalities agreed in the service agreement and he will have to return the device after service expiration. For this reason I would like to secure it as much as possible from malicious attempts of reverse engineering or cloning.

As for the data eventually generated from users, this will be always available for export, in csv or zip format

(Nico Paul) #5

This is not the place I’d suggest for advise on closed source projects most if us are kindof against this principal. Can you give more details as the application of the product and what intellectual property is being protected