Is there any way to protect your binary code (shared library) from illegal use?

Question

I develop some codes and pack them into several shared libraries (*.so in Android OS). I would share them to some vendors but I want these libraries can be used only on one or more Android devices. I tried to get the device unique id and check is the id legal or not, but it seems there is no any id that represents a unique device and can not be changed even the device is re-flashed. I know there is a CPUID under x86 windows system, but not similar thing under arm-based Android device. Also, for the sake of linux security mechanism, I can't get anything like MAC for flash id either from user space without root.

Any ways to achieve that ? Look forward to your advice. Thanks.

Yes, it's called "Intellectual Property Law" – Neil McGuigan Mar 29 '17 at 18:28 — Neil McGuigan, Mar 29 '17 at 18:28
Absolutely, but it is quite ideally... – Adagio1983 Mar 30 '17 at 08:01 — Adagio1983, Mar 30 '17 at 08:01

score 0 · Answer 1 · answered Mar 29 '17 at 11:47

0

Even if you try to do that, someone can just decompile your library and revert these countermeasures. There is no way you can avoid that.

If this is not a concern to you, you can get the IMEI of the device. The downside is that there might not be one (most likely the case if it is a tablet without 3G). Here is how: How to get the device's IMEI/ESN programmatically in android?

If you want to get the MAC address you can try this (still, not guaranteed that it will work, plus it is easy to spoof): Getting MAC address in Android 6.0

This is also an interesting read, however most of these methods are likely to not uniquely identify a device once it has been reset: https://developer.android.com/training/articles/user-data-ids.html

answered Mar 29 '17 at 11:47

Iakovos

1,842
4
25
30

I don't concern that someone will revert my binary code, but the IMEI and any other ids your shown are not unique and easy to pretend. – Adagio1983 Mar 30 '17 at 08:02
I don't believe there is something more unique than these. From my experience, changing the MAC address is not that simple (not as simple as in Linux, unless you are not planning to connect to a network, or are using an open network). Another way would be to generate a random ID for the device on the first run, but that will be reset if the user clears the data. Probably the best solution is going with the android device ID, unless you want to create another mechanism (e.g. have session cookies and allow only one session per user - however this can still easily be copied to another device). – Iakovos Mar 30 '17 at 09:43

Is there any way to protect your binary code (shared library) from illegal use?

1 Answers1