Good morning to everyone,
I want to sell my arduino project but I don't know how to prevent people from stealing my code or upload a code that it's not original. I will still need to update firmware for futher public changes.
In particular I will open a github where i will publish the updated hex so that the user should just upload that on the board. The problem is that I want that the user cannot copy the original code on another board (duplicate my product) or upload "unofficial" firmware. In other words if a piece of code is uploaded on arduino 1 it should not be possible to just download it from the board and upload it on an arduino 2 (where 1 and 2 are NOT the models).
Does anyone know a way to solve this problem?
I am available for further explanations.
Thank you all in advance
You should also be aware that if you sell your product then you may break the open source agreements. See https://support.arduino.cc/hc/en-us/articles/4415094490770-Licensing-for-products-based-on-Arduino
If you are going to allow the uploading of a hex file that you provide then what is to prevent a user uploading a hex file of their own ?
Don’t worry I have already checked all the licenses I need.
The question you made is the same I am asking for.
I am assuming you are talking about AVR based Arduino.
The combination of requirements doesn't really make sense, if you publish the hex file then you have already given them the code, which they can copy.
If you provide the means for the user to upload your code, then they can upload any code.
You can make a product, and lock the chip after programming, and don't publish the hex. This is really the only way to keep your code secure with AVR. But you can't prevent the user reprogramming the chip.
If you want to create secure upload you probably need to use a different chip that has better support for code protection.
Bear in mind a professional attacker can always read your code, it is just a question of time and money. And there is no way to stop someone reverse engineering your product. A patent would give legal protection.
I thought of something like this: the code contains a list of keys and when started it checks if one of the keys is in an external eeprom (maybe you can think of better devices). If the key on the eeprom matches with one of the keys in the code the board works otherwise it will start an endless useless loop. What do you think?
If someone publishes the hex, they can rip the eeprom too. Takes almost no effort.
Even without it, they can fuzz it.
If you publish the HEX code, what is to stop anyone getting hold of it and copying onto multiple arduinos ?
Even if the eeprom is external to the board?
What about some sort of encryption?
Please read all the thread before answering just the first post
That makes it even easier to hack.
If you want code protection, you need to start with a chip that supports it. You can then publish encrypted code, and a secure bootloader on the chip will only load software signed by you. You might also be able to prevent the contents of the chip being erased, depending on the chip.
Any examples of this type of chip?
Yes, if you distribute a board with an eeprom on it, that eeprom can easily be copied and the rom distributed.
Encryption will only stop someone for a short period of time. That's why encryption keys are required to be changed on a regular basis and usually multiple rotating keys are used for very secure systems.
The reality is that if you're asking this question that anything that you will write any time soon can easily be copied in function if not in fact, with little effort.
I don't have a specific example, but you could start with https://www.microchip.com/en-us/products/security/mcus-with-integrated-security/32-bit
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.