Prevent Someone From Reading Your Data From The Serial Monitor

I know there has been some talk about using the "Lock Bits" to protect your code from simply being copied off of the Arduino, but is there any way to prevent someone from simply just using the Arduino IDE's Serial monitor to see what is being read back and forth through the Serial port??

My reason is that on our Arduino code we have a unique Customer ID that is to match each copy of the software it is shipped with as just one form of security but if someone can simply read what is coming through the serial monitor then there is nothing preventing them from simply making an Arduino with the Unique customer ID code and then just bang out copies of both the software and an Arduino with the ID code on it?

Any suggestions??

The first word that comes to mind is encryption.

You will have to explain why that ID is going over the line.

I guess if you have written any Arduino programs you would not be asking the question. The serial monitor ONLY shows what your program writes to it.

If you don't want people to do what you are suggesting, then remove all the serial output from your program.

Paul

I think that that is not possible in this case. The Arduino acts like some form of dongle (next to its other functionalities, if any).

sterretje: I think that that is not possible in this case. The Arduino acts like some form of dongle (next to its other functionalities, if any).

If true, then very poor design.

Paul

The only thing you get on the Serial console is what your program writes to it. So don't write anything there you don't want the user to see.

Secondly, the ATmega processor by design allows one to read back the uploaded code. Normally that's not very useful of course, can't do much with it than verbatim copying to another processor, and that's only useful when used on identical hardware.

All in all it sounds like you're trying to implement some kind of DRM (digital restrictions management) scheme. If so, just forget about it. It doesn't stop people that really want to copy your stuff - it does add a lot of work for you now, and later for support of your legitimate customers who get caught in the inevitable failures of your scheme.

The idea of a dongle sounds good to me, only that this dongle has to be applied to the Arduino itself. Then Serial output is written only if the dongle is present.

In software it's more cumbersome, because two commands for Start and Stop output are required, and a code (ID...) has to be entered with the Start command.

Ok thanks for all of the input guys. So from what I'm gathering so far the only thing we have at least going for us is that with our current designs Arduino Communication to software and back is that through the Arduino IDE you can't read what our software is sending to the Arduino ONLY what the Arduino is sending to the software?? Am I understanding that right?

If so at least we'll know which customer gave away a copy of the software and cloned an Arduino. At least we could then go after that person (For whatever that is worth)??

Am I also to understand that there is a way to encrypt the Data being sent through the Serial port to the software?? And if so does this affect how the software may interpret that encrypted Arduino code??

What about this "Lock Bits" method I keep hearing about??

The long and short of it is basically that I know there is no real way to protect your stuff once you are almost ready to put it out there, I'm just trying to make the process of cloning the software and the Arduino and having someone just pump out copy after copy and selling them out from under us... We've put 4 long years into our project so I want to do as much as possible to make it as difficult as possible to copy our stuff.

Thanks guys.

sterretje: The first word that comes to mind is encryption.

You will have to explain why that ID is going over the line.

Sorry buddy ;) I guess that does require a little bit of explanation ;)

You see our software operates in two different modes. We have what you would call "In Lab Mode" where if there is no Arduino connected or the Customer ID should be incorrect then many of the on screen buttons will not function and the Voice commands respond differently because of this "state"

The other mode is the normal mode where if there is an Arduino connected and the Customer ID number matches the one in the software then everything functions normally.

I know it's not the most secure method.

I was toying with the idea of having the software perhaps "ping" back a confirmation code also as I guess currently anyone just reading what the Arduino is putting out could just then identify the customer ID number and make a new Arduino with that ID number printed to the Serial port.... However if they can't read what is being send from the Software?????? (Unclear on that point) then some sort of confirmation code "Ping" back might be one way to go. ??

I hope all the effort you put in this "protection" plus all the customer service hours you're going to waste trouble shooting it for your paying customers is worth the little if any extra sales you're going to get from it.

Do mind that an Arduino has VERY limited memory. All this overhead is eating up valuable space.

Other than dongle, what purpose does the Arduino serve?

Why not use an esp8266 and hard code the MAC address
Connect a ds18b20. Hard code the address.

It's certainly possible. You've probably seen the chips on credit cards? They have a very similar problem. The bank must be able to ensure that the chip in the reader has not been copied or tampered with.

They start with physical security. You notice that it's difficult to insert the card into the reader? That is intentional. By making the reader a tight fit, you can't slip some kind of intercept device between the card and the reader.

But it's not too difficult to make a fake card with wires coming out of it which go to a real card and intercept the communication to the card. But this security is not for the bank: it's for you. If a merchant asks you to insert your card into a funky-looking card reader with wires coming out of it, you would probably say "no."

So if you make your dongle "tight" then it would be obvious when you visit your client's site for a meeting if they've got odd wires coming out of their dongles.

I would suggest you use any of the Arduinos that have a native USB port. A Micro or Teensy, for example. Then there's no Serial lines to be sniffed with a simple Serial logger. Yes, USB loggers do exist but they generate a whole lot more data that must be sifted to find the secret password. Just that simple step will slow down the pirates by a measurable amount.

Then there's things you can do to restrict the communication between the dongle and the PC. The dongle should not release the secret password to anyone who asks. The process of asking needs to be complexified. Instead of a simple "send ID" command, the command should be 100 characters long and impossible to memorize. Use ASCII characters that can't be typed on the keyboard or displayed on the screen. Like 0x07 is 'bell' and has no written representation.

Then you can add some challenge-response to the communication. When the PC says "send ID" the dongle can ask "are you sure?" and the PC must reply to that within 10 milliseconds, but not before 5 milliseconds. So if the hacker doesn't get the response just right at the right time, you can ignore that request.

So far, none of this is using encryption. The technical name for the type of attack you are trying to to defeat is called the "man in the middle attack." This is well-known from the days when governments would tap the phone lines of foreign embassies on their soil by simply digging a tunnel under the street to get to the phone line. It is a gigantic business now, with every single website worth more than $5 using SSL encryption.

You probably don't need the full private-key encryption that the SSL key-exchange process uses. Basically there's a matched pair of keys - a public one and a private one. Anything encrypted with your private key can be decrypted by your public key and vice-versa. But having the public key doesn't give you any information about the private one. So we play the "think of a number" game. I think of a number and encrypt it using your public key. I send that to you and you can decrypt it with your private key. Then you think of another number and encrypt it with my public key. I can decrypt that. Now we have a private conversation that nobody can eavesdrop on. SSL is actually more complex because you need signed certificates to verify that the server you are talking to is who it says it is. You don't need that part of it.

But the principles of encrypting secret information can be used to make your dongle more secure. Make the PC request something different every time. The Arduino does some process on that data and returns the result. The PC checks that this matches the expected result. So there's no single 'password' that can be detected on the USB wires. The attacker would have to reverse-engineer the software inside the Arduino to find out what it does to the incoming data. That data could be very simple, like the current time on the PC. So even if somebody records a password exchange, they can't play it back to the PC at a different time.

At that point, the weakest point is inside the PC software. It is relatively easy to edit the binary machine code so that the location it jumps to when the dongle-check fails is the same as the successful location. To guard against that, you need to put some of your critical code into the dongle, so that the software literally can't operate without it.

MorganS:

Very extensive explanation / analysis. Added a karma for that :wink:

Knightriderguy: What about this "Lock Bits" method I keep hearing about??

I thought that you had that figured out.

The lockbits prevent the reading of the application that is stored in the processor. If you try to read a locked processor using AVRdude, you will get

:00000001FF

which has totally no resemblance with the the original hex file that you have loaded to the board. The latter looks something like

:100000000C945D000C9485000C9485000C94850084
:100010000C9485000C9485000C9485000C9485004C
...
...
:0208880000006E
:00000001FF

There might be other ways to get the application out of the processor but if so, it will take specialised equipment and a lot of time. If the CIA is interested in your stuff in the Arduino, they will probably be able to manage to get it.

=== You might want to find a balance between price and volume. If your product is relatively cheap, most businesses will rather buy than try to get an illegal copy.

We had a supplier that designs and develops hardware/software for us. It's a small volume. We bought 3 units and it costed us one million dollars; that covered their development costs and production costs. We needed some additional spares and they wanted to charge us again one million dollars. Knowing that they had covered their development costs, we could bring their price down to ten-thousand dollars for 3.

Each Sam3x (the main uc of the Arduino DUE board) has a Unique 128-bit Identifier, plus lock bits to forbid any reading of the code. If your code leverages parts of the Unique ID in different parts of the code and you set all lock bits after uploading the code, it becomes extremely complex, even impossible to 1/ duplicate the code, and 2/ make it work on another board. No encryption needed.

If the only thing the dongle does is to unlock some software features, they make security devices specifically for that purpose.

My T-Tech PCB etcher has a serial dongle that unlocks the software in this fashion.

it seems that this is a way to invent something that already exists. ??

google security dongle

KEYLOC

Wow!! Thanks again guys for some of this very extensive information.... much of it may be well beyond the scope of my abilities... :/

But I did discover one interesting thing that may well be of great value. It seems that if the serial monitor is open then our software app does not even open a Serial port in order to connect to the Arduino. And in turn inside of the software I've coded it so that if no Arduino is connected then buttons that would send any characters to the Arduino just do not work if no Arduino is connected. My guess is that alone should be a real pain for anyone attempting to just try and read what was being sent from the software to the Arduino??

On the flipside if a ping back / Confirmation code could be sent back from the Software to the Arduino and then have the Arduino Disable if it should be wrong might slow them down some too.

I'm not too worried about dealing with a tremendous amount of customers on this project, it really is designed for a fairly small community.... that being said if it should ever turn out to be a much larger customer base than expected I guess we'll cross that bridge at that time ;)

As for right now we do know that there are a limited number of dishonest individuals within this particular community and it's them I'm primarily concerned abut making copying our product much more difficult for. ;)

But I did discover one interesting thing that may well be of great value. It seems that if the serial monitor is open then our software app does not even open a Serial port in order to connect to the Arduino. And in turn inside of the software I’ve coded it so that if no Arduino is connected then buttons that would send any characters to the Arduino just do not work if no Arduino is connected. My guess is that alone should be a real pain for anyone attempting to just try and read what was being sent from the software to the Arduino??

It’s normal that only one application can make use of a serial port.

If the Arduino is not in a sealed unit, it will be easy to just probe the TX and RX pins (Mega, Nano, Uno etc). And as MorganS said, one can snif the USB port on the PC and that way find out what goes over the line.

It’s just a first barrier and one that’s probably quite easy to overcome.

Knightriderguy: My guess is that alone should be a real pain for anyone attempting to just try and read what was being sent from the software to the Arduino??

Not really. Sysinternals can be used to monitor the flow between your application and the driver. Or, a second computer (e.g. a Raspberry Pi) can be placed in the middle. The cost ranges from $0 to about $50.