NetBurner 3.5.0
PDF Version
 
Board Lock

This set of examples implements a scheme to lock an application to a specific device (board). The application will only run on a device with a specific MAC address. The implementation uses a secret message that is run through a MD5 hash function. The secret message is padded to a multiple of 64 bytes, and the MD5 context is saved.

The board is then signed by combining the partial MD5 context with the board's MAC address to generate a 16 byte digest specific to both the board and secret message. The 16 byte digest is then stored in flash memory. In this example it is stored in the User Parameters area, but you can choose a different location if you wish.

To verify the application is authorized to run on the device, you recompute the digest and compare it to the stored value.

Procedure to Create a Secret Message:

  • Go to the keyblob project.
  • Edit the text: const char * YourSecretSigningText = "This should be your company secret message";
  • Compile and run the application on your NetBurner device.
  • Capture the last message, your keyblob should be :
        const MD5_CTX YourCompanySecret = {{2106921824u,3945495657u,2391356351u,2780313164u},{512u,0u},
        {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
    
    -Be sure to save the message someplace safe. This is your company's secret message.
  • Copy this message/text to the signboard project.
  • Compile and run the signboard project on the target board to be permitted/locked. This application computes and stores a signature in UserParam space.
  • Now copy the company secret into the checkboard project main.cpp.
  • Compile and run the application. It will check to see if the application is authorized to run on the device.

Things to modify or enhance:

  • The sign function and check function do not need to be in separate programs. They could be in the same program with the sign function hidden by some secret command.
  • In most real or significant apps your code will want to use the UserParam space for storing additional information,. so you need to modify the sign and check functions to store and retrieve the 16 byte digest from your storage structures.
  • Key Blob
  • Sign Board
  • Check Lock