I'd like to ask for your advice about improving security of executing a compiled program on a client's computer. The idea is that we send a compiled program to a client but the program has been written and compiled by a third-party. How to make sure that the program won't make any harm to a client's operating system while running? What would be the best to achieve that goal and not decrease dramatically performance of executing a program?
UPDATE:
I assume that third-party don't want to harm client's OS but it can happen that they make some mistake or their program is infected by someone else.
The program could be compiled to either bytecode or native, it depends on third-party.
There are two main options, depending on whether or not you trust the third party.
If you trust the 3rd party, then you just care that it actually came from them, and that it hasn't changed in transit. Code signing is a good solution here. If the third party signs the code, and you check the signature, then you can check nothing has changed in the middle, and prove it was them who wrote it.
If you don't trust the third party, then it is a difficult problem. The usual solution is to run code in a "sandbox", where it is allowed to perform a limited set of operations. This concept has been implemented for a number of languages - google "sandbox" and you'll find a lot about it. For Perl, see SafePerl, for Java see "Java Permissions". Variations exist for other languages too.
Depending on the language involved and what kind of permissions are required, you may be able to use the language's built in sandboxing capabilities. For example, earlier versions of .NET have a "Trust Level" that can be set to control how much access a program has when it's run (newer versions have a similar feature called Code Access Security (CAS)). Java has policy files that control the same thing.
Another method that may be helpful is to run the program using (Microsoft) Sysinternals process monitor, while scanning all operations that the program is doing.
If it's developed by a third party, then it's very difficult to know exactly what it's going to do without reviewing the code. This may be more of a contractual solution - adding penalties into the contract with the third-party and agreeing on their liability for any damages.
sign it. Google for 'digital signature' or 'code signing'
If you have the resources, use a virtual machine. That is -- usually -- a pretty good sandbox for untrusted applications.
If this happens to be a Unix system, check out what you can do with chroot.
The other thing is that don't underestimate the value of thorough testing. you can run the app (in a non production environment) and verify the following (escalating levels of paranoia!)
CPU/Disk usage is acceptable
doesn't talk to any networked hosts it shouldn't do - i.e no 'phone home capability'
Scan with your AV program of choice
you could even hook up pSpy or something to find out more about what it's doing.
additionally, if possible run the application with a low privileged user. this will offer some degree of 'sandboxing', i.e the app won't be able to interfere with other processes
..also don't overlook the value of the legal contracts with the vendor that may often give you some kind of recompense if there is a problem. of course, choosing a reputable vendor in the first place offers a level of assurance as well.
-ace
Related
I understand why cold starts happen (Byte code needs to be turned into machine code through JIT compilation). However with all the generated meta data available for binaries these days I do not understand why there isn't a simple tool that automatically takes the byte code and turns ALL PATHS THROUGH THE CODE (auto discovered) into machine code specific for that target platform. That would mean the first request through any path (assume a rest api) would be fast and not require any further Just In Time Compilation.
We can create an automation test suite or load test to JIT all the paths before allowing the machine into the load balancer rotation (good best practice anyway). We can also flip the "always on" setting in cloud hosting providers to keep the warmed application from getting evicted from memory (requiring the entire process over again). However, it seems like such an archaic process to still be having in 2020.
Why isn't there a tool that does this? What is the limitation that prevents us from using meta data, debug symbols and/or other means to understand how to generate machine code that is already warm and ready for users from the start?
So I have been asking some sharp minds around my professional network and no one seems to be able to point out exactly what limitation makes this so hard to do. However, I did get a few tools on my radar that do what i'm looking for to some level.
Crossgen appears to be the most promising but it's far from widely used among the many peers I've spoken to. Will have to take a closer look.
Also several do some sort of startup task that runs some class initialization and also register them as singletons. I wouldn't consider those much different then just running integration or load tests on the application.
Most programming languages have some form of native image compiler tool. It's up to you to use them if that is what you are looking to do.
Providers are supposed to give you a platform for your application and there is a certain amount of isolation and privacy you should expect from your provider. They should not go digging into your application to figure out all its "paths". That would be very invasive.
Plus "warming up" all paths would be an overly resource intensive process for a provider to be obligated to perform for every application they host.
I just finished my program, now I want to build a setup with Inno-setup that gets the hardware id and and stores it into a file in the CD so that the program can be installed in only one computer with only one license. Unfortunately i am not good at all at Inno-setup scripting language. Anything you guys can do to help me will do, anything, even small hints,
Please help i am out of options right now.
I want to build a setup with Innosetup that gets the hardware id and and stores it into a file in the CD so that the program can be installed in only one computer with only one license.
You want to create a unique Installer and CD for every client?
Wow, that's a lot of work. It only makes sense for a really small business.
Anyway, in regard to getting a hardware-id:
There is no function in InnoSetup to get a "hardware id".
You probably mean some kind of identifier, like a hard-disk or motherboard serial number, right? You could decide to fetch some serial numbers or identifiers by querying the WMI.
But wait? You compile Innosetup on the developer machine, right?
The only hardware-ids you could possibly get at that time are IDs from your own developer machine. How do you get the hardware-id of your client, which is later trying to install your software from CD?
The whole approach doesn't make much sense and is flawed.
In general, doing this kind of protection in the installer is kind of useless.
Please handle your protection in the application, not in the setup.
You might use one of the following approaches: "API-Key" or "license-code" or "license file" or "hardware-dongle".
In other words: its always the same installer on multiple CDs, but the additional separate license code makes the difference - not during, but after the installation. The user simply enters the key or loads the license-file into the application and gets "Application registered to XY".
this may very well be a stupid question, but when i was asked something much simplier then this, i didn't have much of an answer...
why are most programs installed via some several step process of adding and changing and whatnot? we have programs that can be ran straight from a self contained executable, but a large portion of programs cannot. why is this? is it due to the programs growing exponentially by needing to include everything within itself? if that is the case, it is so difficult to design an OS from the ground up to be completely modular... ie. having an OS with a standard set of modules, that can be accessed and used from any 'standalone program' that doesn't require a lengthy install.
thanks
David Kirsch.
It's really a question of how complicated your program is. Many windows programs have dependencies on Visual Studio C++, .Net, Java etc. runtimes that are not delivered by the substrate OS. This means that for your programs to work those components must already be on the system.
If those prerequisites are missing, then your program won't even load, so you can't even get your program to check for them and tell the user to go and get them. This is where an installer comes in, as it generally doesn't have any prerequisites, but is able to sniff out the ones your progam needs and can either tell you to go and get them, or try to install them for you.
Also many programs need some logical, as well as physical, installation work to be done as part of deployment. This might mean registry changes (such as COM registration), changes to IIS (setting up a web application and virtual directory), or changes to the Service Control manager (setting up Windows Services).
In short, unless your program is extremely self-contained and has no external dependencies, an installer is the only way to get your application on the desktop.
I'm writing a software application that the user needs to buy a license for and activate it. I need suggestions on how to start about writing a powerful algorithm for code generation and of course, code checking. I know that people can reverse engineer the code and make a keygen, however, my question is two parts:
In general, regardless of the application being cracked this way, how can I start writing an algorithm to accept a certain Serial or String or a combination. (e.g is that the right thing? e.g: the first number is from 3-9 the second should be the first - 3, while the third number should be the second * + ....whatever...??)
What is the best approach for protecting a Desktop application from piracy without dealing with the internet. Is it the algorithm (make it harder to reverse engineer), protect the source code from being seen after application is installed somewhere?? ...??
PS: Maybe it is worth to mention that I am using Java as my development language.
Thanks
It sounds like you might benefit from the public-key cryptography approach.
This can be broken down into two sub points:
A. Have you read this thread here on SO? It might give you some breadth on the issue.
B. As #Jaka said, it's not a great challenge (from what I've read) to produce human readable code from Java byte code. You can run your code through an obfuscator to make it more difficult for someone to produce human readable code from it, but if someone really wants to read your code, they'll almost always find a way. The best approach to combat this is to take the advice in the SO thread I linked to: make it easier for someone to buy your app than for someone to steal it.
(edited after stated he's using Java)
For the license keys you could use an encryption with public-private keys. In this way you could either embed the private key into the software and encrypt a string which would mean something to your software (like which features of your software are licensed). Or you could embed the public and give the software a string with special meaning and sign it with your private key. The software could then check if the signature is valid.
edit: labratmatt was faster with the public-private key answer :)
Obviously second part of your protection would need to deal with making your software hard to disassemble and debug (this is how crackers examine your software and try to bypass the protection with a patch or they try to figure out how they can make a keygen). This part is actually much harder and involves techniques like encryption the whole executable and wrap it inside a loader which decrypts it at runtime. The loader can also use various techniques to detect the presence of debuggers.
edit: Since you mentioned that the application is written in JAVA, then this encrypting and packing step is even more important as JAVA can easily be decompiled into a very human readable form. There are "obfuscator" programs which mess around with the classes so that the decompilers can't generate readable code, but cracking this is still much easier than cracking something compiled to machine code.
If you don't want to spend time with developing your own protection you can also use one of commercial protection software. There are quite a lot of them to choose from and they offer numerous protection schemes (dongles, time based licenses,...)
Lots of commercial software uses packages like FlexNet, HASP, Wibu-key
Suggestion: encrypt the part of the application that provides licensed-only functionality. The user needs a key you provide on purchase in order to use that portion of the code.
If you ever let the user run the code you want to protect before they've purchased, there is no significantly secure offline solution. At best, you can stop the most casual piracy.
You should also thing about doing it in a way that one key cannot be used on two different computers. Just to prevent a company buying one key and using it for many instalations.
Did you write your own JRE too? Building a secure, capable activation system that deals smoothly with the range of user scenarios you'll encounter (people with no network connection, a firewall, a proxy server etc) and has been thoroughly tested in the field takes considerable domain expertise and time.
As a supplier of such systems we do have as self-interest to declare, but we also have data - we see many companies who put their trust in a developer who says they can put together a licensing system, then later they come back to us as it never did what they needed. This article (of mine) expands on the issues: http://knol.google.com/k/dominic-haigh/issues-to-consider-before-building-your/2zijsseqiutxo/6#
https://superuser.com/questions/14224/how-to-explain-drm-cannot-work/14254#14254
Even if you did put a very powerful lock on your software, pirates would still find a way to crack it and put it on a torrent site. (case in point: Spore)
You are talking about DRM, and there's no easy way (if any) to lock pirates out of pirating your software. And besides, you are competing with free products that can do what your software does (always the case), so you should focus more on making your software easy to install and use, not hard to install and use for more than you intended.
I'm developing a commercial project on an ARM based embedded board with a custom Linux kernel on it, using Ruby. Target workspace of the project and the device is a closed-environment, no ethernet, inernet, I/O devices etc... I want to protect my code/program so that; it'll only work on the specific machines I let (so; people cant just copy and paste my code/program on to their embedded boards and run it w/o permission). This can probably done with the machine's MAC address tho; I don't have any experience on the subject. I guess, just a simple if(device.MACAddr == "XX:XX....XX") wouldn't be depandable (not to mention people can just easily delete the check from my code). I can't use some ruby obfuscators, which I found thru google, beacuse; the device doesnt run ruby-external-C-libraries or such stuff, only pure ruby code.
So; what are your suggestions, what type of approach should I take?
you can't really protect it, its hard enough protecting native code! and even then that basically fails if someone really wants to copy the software.
basically do very little if anything to secure it, its mostly wasted time and effort
This is isomorphic to the problem of DRM. You're giving a person both a lock and the key to that lock, and trying to stop that person from using the key in a way you don't like.
Therefore, I suggest using the same methods that other DRM users do: put your terms in the license, and sue them if they violate it. You need to use the law to enforce the other terms of the license, anyway.