Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
jane_k2018-11-23 23:09:44
Programming languages
jane_k, 2018-11-23 23:09:44

Is it possible to create an error-free device identification?

Given:
The application works equally on both Win and Android. The application sends a request to the server with the device identifier, then the server must somehow check whether the application code has been changed, since it can be decompiled and instead of the calculated identifier, send a ready-made identifier stolen from another machine. In other words, Internet connection. Further, after identification, HelloWorld will be sent to the device.
Question:
What are the options to ensure that the identifier was really programmatically generated and not substituted? (it implies decompilation and replacement of the identifier calculation with a ready-made identifier from another device) Virtual machines do not count, let's say the application will be installed manually for each user, but then there will be no control over the device.
The programming language doesn't matter, it's important to understand the logic.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
rPman, 2018-11-24
@jane_k

Hidden private key in a special chip on the device.
An example of such a device is a sim card, or a special chip in iphone and some android smartphones, contains a secret key that cannot be pulled out, has a chip that allows you to encrypt data with this key (asymmetric encryption algorithms). The server can verify that the data is encrypted with the correct key.
https://en.wikipedia.org/wiki/Hardware_security_module
https://developer.android.com/training/articles/ke... - if there is no hardware storage, the operating system will provide it, it's not as secure but still cost hacking high
https://developer.apple.com/documentation/security...
https://social.technet.microsoft.com/wiki/contents...
etc.
For windows, the standard was not invented, and devices are not supplied by default. For intel, you can certainly dig, there are proprietary tools, they are used to store oem keys, etc. but these tools are usually used by the hardware (laptop) manufacturer and are most likely already locked.
For desktop machines, the practice of a usb hasp key is used, or a usb key that appears in the system as a keyboard and generates time codes (codes tied to time, for example, like google authenticator), the devices themselves are cheap, unique, you can find special programmable ones (the secret key can be written one times and send to the client), are not expensive (more expensive delivery).
https://en.wikipedia.org/wiki/YubiKey

Report
D
d-stream, 2018-11-23
@d-stream

Answer: none.

Report
G
GavriKos, 2018-11-23
@GavriKos

In case of the client code to guarantee - it is impossible. You can complicate the task so much that hacking will lose its meaning because it will be more expensive than the profit received.

Similar questions
I
igoodmood2016-10-08 16:37:34
How to properly organize the structure in the class? 3Reply
A
Albert Sultangulov2019-03-11 14:24:26
What is more important than a programming language? 1Reply
I
Insolent Muzzle2020-12-05 11:14:16
Does it make sense to create a C++ library? 1Reply
T
tuccar2014-10-30 17:29:18
Which languages ​​are best for understanding pointers and recursions? 8Reply
M
martensit2016-11-06 23:04:07
What programming language for a beginner to choose for parsing? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question