Main Site Documentation

Bring prototype to production: how to prevent hacking?


#1

For example if we use Cerberus as the prototype and use Cerb40 in production. We have to keep the USB client connector exposed to the consumer since we want to allow the end user to (1) update the firmware when GHI updates it and (2) update our application when we have a newer version with bug fixes etc.

If the end user is a NetMF or GT programmer, what is preventing him/her from using our product as a customized NetMF/GT hardware. He/she can just start Visual Studio and write some code and deploy and erase our application binary.

I am not looking for hack-proof in any way; but this seems too easy - or I am missing something?


#2

If you’re concerned about this then you probably should not start with an OSH micro as your foundation :wink:


#3

I am not that much concerned about others reverse engineering the binary. It’s more of a concern for the customer to accidentally overwrite the application using Visual Studio. In general I want to know your opinion of the “kosher” way of bringing a prototype product to release.


#4

you could look at IFU and use hot-melt glue in the USB port (or hide it in the case :slight_smile: )

It’s an interesting question though, I wonder whether Gus and GHI have other customers who have approached this in some way. I do suspect though that many implementations are “set and forget” and stay at a certain revision for ever - but that doesn’t really work in a scenario where you want to do continued development and feature increases, just those cases where you’d never know there was some inbuilt feature inside a larger product.


#5

There are many way and it depends on your needs. Please call GHI if you like to discuss this.


#6

I think you can use MFDeploy to sign your application… and lock your device…which i believe will allow deployment of only same signature signed applications.