Jump to content
Tuts 4 You

Key protection


Recommended Posts

Hello everyone


I am working on an open-source project and...


Okay, I will just clarify a few things. You might ask me why I post a thread in this section, since it's an open-source project. It's very simple.
The project is open-source, okay. But it will have an online "store" (only free apps) where software creators can upload their softwares and distribute them.

It's not my IP but their IP.


The project is named NightOS. It will be a javascript desktop environment based on node-webkit, embedded with a minimified linux.


The customization of the application is possible, but we want store applications to be safe. NightOS will have an (obfuscated) encryption scheme to protect authors' IP.

Sadly, with NightOS customization, it would be possible to call the functions without knowing them to decrypt store applications. Moreover, javascript obfuscation isn't very secure.


So we decided that people could only access store/launch store applications if they use an unmodified NightOS version.


We found a solution : node-webkit will check the sigs of NightOS, and if they are valids, will decrypt the encrypted javascript files which contains decryption functions (and keys).


BUT we are facing two major problems, and it's why I ask for help here :

-an hacker should not patch sig checks

-an hacker should not retrieve the decryption key


Here are the objectives :

-block script kiddies

-block (if possible) begginers in reverse-engineering

-delay a maximum medium reverse-enginers

-and, the pro hackers, well... at least don't make them the task too easy


Has it's packed with Linux, I can modify the kernel if needed.


Have you any advices or help to help us facing these problems?


Thank you

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...