I am doing some consulting work writing some code for a company. The program is in python (using the wxPython and numpy libraries) and will thus be open source. In fact, the company wants to make sure that it's open source so their customers have access to it to be able to adapt it to their needs.
However, they want to ensure that their copyright, company logos, and other branding information cannot be removed without causing the program to quit running. This is a very reasonable request, as this type of theft has been known to occur in this industry, especially in the far east.
I just received this request an hour or two ago, so I haven't thought a lot about it yet. But I have a nodding familiarity with some cryptographic tools and a nice solution hasn't popped into my head yet. I'm guessing it will take some secure hashing (e.g., something like SHA1) method to hash some of the program's key resources, then perhaps some compiled code that refuses to run unless the proper hash is generated from the required resources.
I doubt it would be possible to easily secure things against a determined and resourceful hacker. However, the desire is to make someone work sufficiently hard trying to figure out what's happening to make it not worth the effort.
If any of you have some suggestions on how to attack this problem or relevant pointers to web resources, I'd be grateful for the help
However, they want to ensure that their copyright, company logos, and other branding information cannot be removed without causing the program to quit running. This is a very reasonable request, as this type of theft has been known to occur in this industry, especially in the far east.
I just received this request an hour or two ago, so I haven't thought a lot about it yet. But I have a nodding familiarity with some cryptographic tools and a nice solution hasn't popped into my head yet. I'm guessing it will take some secure hashing (e.g., something like SHA1) method to hash some of the program's key resources, then perhaps some compiled code that refuses to run unless the proper hash is generated from the required resources.
I doubt it would be possible to easily secure things against a determined and resourceful hacker. However, the desire is to make someone work sufficiently hard trying to figure out what's happening to make it not worth the effort.
If any of you have some suggestions on how to attack this problem or relevant pointers to web resources, I'd be grateful for the help