NetBurner 3.5.6
PDF Version
Check Lock

CheckLock Application

Overview

The CheckLock application is a board authorization system designed to verify that a locked device is authorized to run the application. It uses MD5 hashing combined with the device's MAC address to create a unique board lock mechanism.

Purpose

This application implements a hardware-based authorization system that:

  • Prevents unauthorized devices from running the application
  • Uses the network interface MAC address as a unique device identifier
  • Stores authorization data in the device's UserParam flash space
  • Provides runtime verification of device authorization

How It Works

Board Lock Verification Process

  1. Initialize Context: The application uses a pre-configured MD5 context with specific state values that serve as a company secret
  2. Get MAC Address: Retrieves the MAC address from the first network interface
  3. Generate Hash: Updates the MD5 context with the 6-byte MAC address and finalizes the hash
  4. Compare Values: Compares the generated 16-byte digest with the stored authorization value in flash memory
  5. Return Result: Returns true if all 16 bytes match, false otherwise

Key Components

YourCompanySecret

A pre-initialized MD5 context containing:

  • ctx_state: 4x 32-bit state values (2106921824, 3945495657, 2391356351, 2780313164)
  • ctx_count: 2x 32-bit count values (512, 0)
  • buf: 64-byte buffer for MD5 operations

CheckBoardLock Function

The core authorization function that:

  • Copies the company secret MD5 context
  • Retrieves the device MAC address
  • Updates MD5 hash with MAC address
  • Compares result with stored authorization data

Application Flow

  1. Initialization: Network stack initialization and system diagnostics enablement
  2. Network Wait: Waits up to 5 seconds for active network (DHCP)
  3. Authorization Check: Calls CheckBoardLock() to verify device authorization
  4. Status Report: Prints success or failure message
  5. Main Loop: Enters infinite loop with 1-second delays

Security Features

  • Unique Device Binding: Each authorization is tied to a specific MAC address
  • Flash Storage: Authorization data stored in non-volatile UserParam flash space
  • Company Secret: Uses proprietary MD5 context as cryptographic seed
  • Runtime Verification: Checks authorization every time the application starts

Output Messages

  • "Application started" - Application initialization complete
  • "Board checks ok" - Device is authorized to run
  • "Board fails lock check" - Device authorization failed

Technical Requirements

  • Network interface support for MAC address retrieval
  • MD5 hashing capability
  • UserParam flash space for storing authorization data
  • Real-time operating system (RTOS) support

Security Considerations

  • The application includes system diagnostics which should be removed for production builds
  • The company secret values are hardcoded and should be unique per deployment
  • Authorization data in flash must be properly programmed during device provisioning

Usage

This application is typically used in embedded systems where device authorization is required before allowing normal operation. The board lock mechanism ensures that only properly authorized hardware can run the application software.

Development Notes