motezazer Posted April 7, 2015 Posted April 7, 2015 Hello everyone I am working on an open-source project and... Okay, I will just clarify a few things. You might ask me why I post a thread in this section, since it's an open-source project. It's very simple.The project is open-source, okay. But it will have an online "store" (only free apps) where software creators can upload their softwares and distribute them.It's not my IP but their IP. The project is named NightOS. It will be a javascript desktop environment based on node-webkit, embedded with a minimified linux. The customization of the application is possible, but we want store applications to be safe. NightOS will have an (obfuscated) encryption scheme to protect authors' IP.Sadly, with NightOS customization, it would be possible to call the functions without knowing them to decrypt store applications. Moreover, javascript obfuscation isn't very secure. So we decided that people could only access store/launch store applications if they use an unmodified NightOS version. We found a solution : node-webkit will check the sigs of NightOS, and if they are valids, will decrypt the encrypted javascript files which contains decryption functions (and keys). BUT we are facing two major problems, and it's why I ask for help here :-an hacker should not patch sig checks-an hacker should not retrieve the decryption key Here are the objectives :-block script kiddies-block (if possible) begginers in reverse-engineering-delay a maximum medium reverse-enginers-and, the pro hackers, well... at least don't make them the task too easy Has it's packed with Linux, I can modify the kernel if needed. Have you any advices or help to help us facing these problems? Thank you
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now