Problem
I want to secure my Raspberry pi in a special way.
I would like to start up raspberry pi without entering a password as pi user.
However, I want pi user to have zero privilege. Cant read a file, cant copy a file, simply nothing. And without access to root->'sudo su'. On the other hand when raspberry pi starts itself with pi user, I want backend process to be running as root. So to put it simply, I want it like in a zoo - two worlds but neither of them can enter the other. Clients can be present, see what process are running, see files in directories, but cant read it, copy, remove and etc. In the same time I want the backend to be untouched and running and writing files.
Reason:
I have raspberri pi product - customer get it home, when plug in power supply,RPi starts up and runs backend programs with root privilege and communicates with my desktop software.
But I dont want curious customer that plugs in HDMI and see my code. I also dont want him to take the SD card and extract the code.
I heard its possible to reverse engineer the code even if compiled. So I simply want the programs(python script) to be there but cannot be accessed in any way.
Is it possible to make such protection?
Thanks in advance
You may consider to use the following approach
Use at least two levels of hashing with MAC address and ARM chip serial number (via cat /proc/cpuinfo) with additional secret keys. Run your program only if the stored license key is the same as the result of doubly-hashed functions.
Optionally, you could rewrite critical part of your code in C, compile it statically, and remove all debug symbols. Call it using Python.
Quick optimization of your code using cython. Call its generated shared objects with a python caller script. Distribute only the shared objects and the python caller script.
This will prevent most people from reverse engineering your codes.
Just to be clear, "cant read a file" means "can't run a program", which means "can't see what process are running, see files in directories".
From your question, I don't understand why you'd even leave the pi user in place...
... runs backend programs with root privilege
Never a good idea - use service accounts instead.
But I dont want curious customer that plugs in HDMI and see my code.
Then don't enable the HDMI output, don't have a graphical desktop installed and disable the login prompt. You might want to look at a "minimal" / "lite" image.
Remember that the UART can present a login prompt, so make sure that's disabled too.
And as the config.txt and kernel need to be in cleartext in the boot partition they can be easily swapped... thus these steps are not going to be terribly effective.
I also dont want him to take the SD card and extract the code.
You could look at encrypting the filesystems (e.g: LUKS), but the Raspberry Pi has no native ability to store data and identify itself... so your encryption key can only be something like the MAC address, or stored in cleartext on the SD card...
Fundamentally this is just going to be a deterrent from casual "oh what's this" investigations.
"Physical access is total access"... once you put it in the customer's hands, you're looking at deterrents more than absolutes.
I heard its possible to reverse engineer the code even if compiled. So I simply want the programs (python script) to be there but cannot be accessed in any way.
Python doesn't get compiled until runtime, so you'll need to ship the device with your source code on it...
If you really want to secure your Intellectual Property, then perhaps the Raspberry Pi isn't the best option? It's up to you to balance cost vs security.
Related
I am researching whether it is possible to control a NAO with a Myo Armband. I know both devices have bluetooth connects, but my question is whether certain movements in the Myo armband can be programmed with Python. Perhaps install a Python program in a computer command, so the Myo can directly control the NAO.
Has anyone attempted this or would know steps I can take to see whether this is even feasible?
The NAO can be connected via bluetooth to phones and computers and be remotely controlled that way. I've written simple movement Python code that can make the NAO move forward and backward. I'm not sure what to do next to try and take this a step further.
In Choreographe, which is the program used to control the NAO, empty script boxes still have to be opened and programmed to upload the behavior to the NAO, which is why I'm unsure how this could even be bypassed with the Myo.
I just want to see if it is possible to somehow do simple behaviors with the Myo.
Sure, it's possible. NAO v6 has integrated bluetooth, and for previous versions of NAO you could plug a bluetooth dongle in the head.
As for how to integrate it in NAO: I often use the robot-jumpstarter tempaltes, for example "pythonapp" is basically a standalone Python script wrapped in a Choregraphe package (but you can program it as if it was a python script - split your code into modules, include thrid-party libraries, etc.). Combine with the Python MYO MSDK, and you should be able to build something.
See here for a video of NAO + MYO + Occulus Rift.
I have a project in my job.
The target is to prepare 14 SD cards for provisioning any Raspberry Pi 3.
So I have to found a solution to do it automatically and follow which SD card is ready to start and which one is complete.
I have the idea to build with a Python3 program and a tkinter interface because I know a little bit Python and not others languages...
The program should work like this :
List every Windows drives where SD card is mounted
Push a button in front of the letter of the SD card drive to start the provisioning.
The provisioning is all steps to make the SD cards bootable with an OS. So I have to pass some DISKPART commands or equivalent in Python I think, if you have any suggestions ?
Show a statut in front of each drive to follow if the drive is pending, working, complete, etc.
I have a huge interogation about this. My program has to refresh every informations. I mean the program should work in real time or not ? What is the best way to proceed ?
To be clear, I don't want someone building to me this program, I just want to have some good idea to implement.
Thank you
You can use this module to execute commands. For example:
import subprocess
completed = subprocess.run(['ls', '-1'])
print('returncode:', completed.returncode)
I can't help with the Python part, but if you have a WinAPI window with message handling (so the WindowProc thing), WM_DEVICECHANGE is the message, here are the actual event categories and RegisterDeviceNotification is how you subscribe to it. Complete (but C) MSDN example is here
While implementing it may require some work, viability itself depends on getting access/not getting access to the message queue (from Python). Based on this and this it seems to be possible, but I have no experience with it.
I'm currently doing a project in which I'm making an ADS-B flightradar on a led matrix, which is controlled by a Raspberry Pi. I've found a program called dump1090 which receives and decodes the data from my SDR receiver. I can find lots of example on how to use to forward that data to a webserver or whatever, but I can't seem to find anything on how you can programmatically listen to the data dump1090 produces. Does anyone know how you can programmatically receive dump1090's data in order to use the data in a program? (any language would do, but perhaps python would be the most obvious choice)
You should be able to start dump1090 using a programming language of choice (c/c++/java/python/etc.) and and read the std out pipe.
Personally, on Raspberry Pi, I find Python nicer to use since it's easier to test/reiterate without needing to compile. Python provides the subprocess package which allows you run dump1090(or any other application) from within Python and have a look at the output (using subprocess.check_output('dump1090') for example). Have a look at check_output and Popen options to see what works best with your application.
I have a VB6 application running on a number of old 486 Windows 95 machines and sometimes the application is upgraded. The only way to accomplish this today is to use Hyperterminal and send the file over a null modem cable. Replacing the machines is not an option at this point.
I want to write an application that can take care of transferring the updating app over null modem without rewriting the VB6 app. This means I'm free to use anything I see fit. What alternatives are there?
These are the ones I can think of but I'd like to know if I'm wrong and any pros/cons. Also, I'd prefer to avoid C/C++ if at all possible.
Python with py2exe
Another VB6 app
C/C++
Edit: Some clarifications after reading the comments:
I want to make the process as easy as possible, today we have to remove and dismantle the computer, connect a keyboard and then fire up Hyperterminal to get going. That's why I want something more automatic. I'm open to suggestion of existing solutions but given the specific needs I didn't think there were any.
There is no ethernet on some of the computers either so the solution needs to be able to run RS232.
And again: Replacing the machines is not an option at this point. Just trust me on this.
If you must use a null modem, how about the built in serial line networking support?
Then you can just use normal network methods (psexec, file share, etc) methods to do the update.
Network Method
I would first get network cards installed in everything. If you want something that you can just plugin and go, look for any card compatible with NE2000. That card will work out of the box on Windows 3.11 and 95, no problem. In particular, you can find the 3Com EtherLink II or the 3C509B for very cheap online. It's an excellent card. (The Google Shopping results list several for under $20.)
From there, just enable the Windows File/Print Sharing service over TCP/IP, and you're good to go! After you've done this, you can remotely manage and upgrade these machines, saving you a lot of headache later on.
Serial-Port Method
Deanna's suggestion of using the serial port as a network device and transferring files normally will work as well. However, there is a bit of setup involved, and it can be a hassle if you've never done it. There are several other software options. I recommend LapLink. It's fairly painless.
You could even go all-out and pickup a multi-port serial interface for fairly cheap these days, and manage these computers centrally. RS232 is very robust and can go a long distance over the proper cabling.
Networking over Ethernet is the way to go though. If at all possible, choose that option.
We've got a few testing laboratories in a similar situation-the labs make money for the company so no touching the ancient computers that run the tests under pain of death. :-)
Anyway, pySerial seems like it'd work for this application, maybe take a look at their wxPython examples for some ideas on a GUI.
I guess the answer is pretty simple if you are happy using VB6 and the other app is already VB6, then use it.
That will do whatever serial comms you require quite adequately. Remember though you may want to update the application you write to do the updating in which case you are back to using hyperterminal!
This answer, stating that the naming of classes in Python is not done because of special privileges, here confuses me.
How can I access lower rings in Python?
Is the low-level io for accessing lower level rings?
If it is, which rings I can access with that?
Is the statement "This function is intended for low-level I/O." referring to lower level rings or to something else?
C tends to be prominent language in os -programming. When there is the OS -class in Python, does it mean that I can access C -code through that class?
Suppose I am playing with bizarre machine-language code and I want to somehow understand what it means. Are there some tools in Python which I can use to analyze such things? If there is not, is there some way that I could still use Python to control some tool which controls the bizarre machine language? [ctypes suggested in comments]
If Python has nothing to do with the low-level privileged stuff, do it still offers some wrappers to control the privileged?
Windows and Linux both use ring 0 for kernel code and ring 3 for user processes. The advantage of this is that user processes can be isolated from one another, so the system continues to run even if a process crashes. By contrast, a bug in ring 0 code can potentially crash the entire machine.
One of the reasons ring 0 code is so critical is that it can access hardware directly. By contrast, when a user-mode (ring 3) process needs to read some data from a disk:
the process executes a special instruction telling the CPU it wants to make a system call
CPU switches to ring 0 and starts executing kernel code
kernel checks that the process is allowed to perform the operation
if permitted, the operation is carried out
kernel tells the CPU it has finished
CPU switches back to ring 3 and returns control to the process
Processes belonging to "privileged" users (e.g. root/Administrator) run in ring 3 just like any other user-mode code; the only difference is that the check at step 3 always succeeds. This is a good thing because:
root-owned processes can crash without taking the entire system down
many user-mode features are unavailable in the kernel, e.g. swappable memory, private address space
As for running Python code in lower rings - kernel-mode is a very different environment, and the Python interpreter simply isn't designed to run in it, e.g. the procedure for allocating memory is completely different.
In the other question you reference, both os.open() and open() end up making the open() system call, which checks whether the process is allowed to open the corresponding file and performs the actual operation.
I think SimonJ's answer is very good, but I'm going to post my own because from your comments it appears you're not quite understanding things.
Firstly, when you boot an operating system, what you're doing is loading the kernel into memory and saying "start executing at address X". The kernel, that code, is essentially just a program, but of course nothing else is loaded, so if it wants to do anything it has to know the exact commands for the specific hardware it has attached to it.
You don't have to run a kernel. If you know how to control all the attached hardware, you don't need one, in fact. However, it was rapidly realised way back when that there are many types of hardware one might face and having an identical interface across systems to program against would make code portable and generally help get things done faster.
So the function of the kernel, then, is to control all the hardware attached to the system and present it in a common interface, called an API (application programming interface). Code for programs that run on the system don't talk directly to hardware. They talk to the kernel. So user land programs don't need to know how to ask a specific hard disk to read sector 0x213E or whatever, but the kernel does.
Now, the description of ring 3 provided in SimonJ's answer is how userland is implemented - with isolated, unprivileged processes with virtual private address spaces that cannot interfere with each other, for the benefits he describes.
There's also another level of complexity in here, namely the concept of permissions. Most operating systems have some form of access control, whereby "administrators" have total control of the system and "users" have a restricted subset of options. So a kernel request to open a file belonging to an administrator should fail under this sort of approach. The user who runs the program forms part of the program's context, if you like, and what the program can do is constrained by what that user can do.
Most of what you could ever want to achieve (unless your intention is to write a kernel) can be done in userland as the root/administrator user, where the kernel does not deny any API requests made to it. It's still a userland program. It's still a ring 3 program. But for most (nearly all) uses it is sufficient. A lot can be achieved as a non-root/administrative user.
That applies to the python interpreter and by extension all python code running on that interpreter.
Let's deal with some uncertainties:
The naming of os and sys I think is because these are "systems" tasks (as opposed to say urllib2). They give you ways to manipulate and open files, for example. However, these go through the python interpreter which in turn makes a call to the kernel.
I do not know of any kernel-mode python implementations. Therefore to my knowledge there is no way to write code in python that will run in the kernel (linux/windows).
There are two types of privileged: privileged in terms of hardware access and privileged in terms of the access control system provided by the kernel. Python can be run as root/an administrator (indeed on Linux many of the administration gui tools are written in python), so in a sense it can access privileged code.
Writing a C extension or controlling a C application to Python would ostensibly mean you are either using code added to the interpreter (userland) or controlling another userland application. However, if you wrote a kernel module in C (Linux) or a Driver in C (Windows) it would be possible to load that driver and interact with it via the kernel APIs from python. An example might be creating a /proc entry in C and then having your python application pass messages via read/write to that /proc entry (which the kernel module would have to handle via a write/read handler. Essentially, you write the code you want to run in kernel space and basically add/extend the kernel API in one of many ways so that your program can interact with that code.
"Low-level" IO means having more control over the type of IO that takes place and how you get that data from the operating system. It is low level compared to higher level functions still in Python that give you easier ways to read files (convenience at the cost of control). It is comparable to the difference between read() calls and fread() or fscanf() in C.
Health warning: Writing kernel modules, if you get it wrong, will at best result in that module not being properly loaded; at worst your system will panic/bluescreen and you'll have to reboot.
The final point about machine instructions I cannot answer here. It's a totally separate question and it depends. There are many tools capable of analysing code like that I'm sure, but I'm not a reverse engineer. However, I do know that many of these tools (gdb, valgrind) e.g. tools that hook into binary code do not need kernel modules to do their work.
You can use inpout library http://logix4u.net/parallel-port/index.php
import ctypes
#Example of strobing data out with nStrobe pin (note - inverted)
#Get 50kbaud without the read, 30kbaud with
read = []
for n in range(4):
ctypes.windll.inpout32.Out32(0x37a, 1)
ctypes.windll.inpout32.Out32(0x378, n)
read.append(ctypes.windll.inpout32.Inp32(0x378)) #Dummy read to see what is going on
ctypes.windll.inpout32.Out32(0x37a, 0)
print read
[note: I was wrong. usermode code can no longer access ring 0 on modern unix systems. -- jc 2019-01-17]
I've forgotten what little I ever knew about Windows privileges. In all Unix systems with which I'm familiar, the root user can access all ring0 privileges. But I can't think of any mapping of Python modules with privilege rings.
That is, the 'os' and 'sys' modules don't give you any special privileges. You have them, or not, due to your login credentials.
How can I access lower rings in Python?
ctypes
Is the low-level io for accessing lower level rings?
No.
Is the statement "This function is intended for low-level I/O." referring to lower level rings or to something else?
Something else.
C tends to be prominent language in os -programming. When there is the OS -class in Python, does it mean that I can access C -code through that class?
All of CPython is implemented in C.
The os module (it's not a class, it's a module) is for accessing OS API's. C has nothing to do with access to OS API's. Python accesses the API's "directly".
Suppose I am playing with bizarre machine-language code and I want to somehow understand what it means. Are there some tools in Python which I can use to analyze such things?
"playing with"?
"understand what it means"? is your problem. You read the code, you understand it. Whether or not Python can help is impossible to say. What don't you understand?
If there is not, is there some way that I could still use Python to control some tool which controls the bizarre machine language? [ctypes suggested in comments]
ctypes
If Python has nothing to do with the low-level privileged stuff, do it still offers some wrappers to control the privileged?
You don't "wrap" things to control privileges.
Most OS's work like this.
You grant privileges to a user account.
The OS API's check the privileges granted to the user making the OS API request.
If the user has the privileges, the OS API works.
If the user lacks the privileges, the OS API raises an exception.
That's all there is to it.