Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Mobile and Embedded
  4. Obtain MAC address or other device footprint
Forum Updated to NodeBB v4.3 + New Features

Obtain MAC address or other device footprint

Scheduled Pinned Locked Moved Mobile and Embedded
6 Posts 3 Posters 2.8k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    digorydoo
    wrote on last edited by
    #1

    I'm implementing a simple class to store and retrieve values from a file using encryption. The key being used is supposed to be device-specific, so if somebody is able to steal the encrypted file he or she will still not be able to use it on his or her own device.

    To make the key device-specific, I want to XOR some static key with the device's MAC address(es). I'm using the following technique to obtain the MAC addresses:

    @
    QString strMAC;
    QList<QNetworkInterface> list = QNetworkInterface::allInterfaces();
    int nCount = list.length();

    qDebug() << "SecureStore:" << QStringLiteral ("Found ") + QString::number (nCount) + " interfaces.";

for (int i = 0; i < nCount; i++)
{
    QNetworkInterface interface = list.value (i);
    strMAC = interface.hardwareAddress();
    qDebug() << "SecureStore:" << QStringLiteral (" - ") + interface.humanReadableName() + "(" + strMAC + ")";
}

    @

    On Android tablet Samsung tab3 I get the following lines logged when there is an active WiFi connection:

    @
    SecureStore: "Found 2 interfaces."
    SecureStore: " - lo(00:00:00:00:00:00)"
    SecureStore: " - wlan0(SO:ME:AD:DR:ES:SS)" // some address
    @

    However if WiFi is down or not connected, I get the following:

    @
    SecureStore: "Found 1 interfaces."
    SecureStore: " - lo(00:00:00:00:00:00)"
    @

    That's bad, because in this case my SecureStore will not be able to decrypt the file properly.

    So does anybody know a means how to obtain all MAC addresses disregarding the interface's states? Or alternatively, does anybody know another means using Qt to find some device-specific numbers that might be used to derive a key from?

    1 Reply Last reply
    0
    • SGaistS Offline
      SGaistS Offline
      SGaist
      Lifetime Qt Champion
      wrote on last edited by
      #2

      Hi,

      Maybe "QtSystems":https://qt.gitorious.org/qt/qtsystems/ might be of interest

      Interested in AI ? www.idiap.ch
      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

      1 Reply Last reply
      0
      • jeremy_kJ Offline
        jeremy_kJ Offline
        jeremy_k
        wrote on last edited by
        #3

        There's a fundamental flaw in this key generation scheme, in that the "secret" is attached to outgoing messages and incoming messages at the local network level, in plain text.

        It's also a rather short key at 48 bits, with added predictability when an attacker knows what device the target is using.

        If the goal is anything more than a dissuading a minimally interested attacker, please reconsider.

        Asking a question about code? http://eel.is/iso-c++/testcase/

        1 Reply Last reply
        0
        • D Offline
          D Offline
          digorydoo
          wrote on last edited by
          #4

          @jeremy: Thanks for the reply. The key is actually 128bit, but I want to XOR the first 6 bytes to the MAC address, leaving 80bit unaffected. I might also use some other technique than XOR, e.g. Blowfish's F function or something.

          @SGaist: Thanks for the link. However, since my target is mobile platforms, the amount of code to link against the product should be as small as possible. I hope to find a way in plain Qt.

          1 Reply Last reply
          0
          • SGaistS Offline
            SGaistS Offline
            SGaist
            Lifetime Qt Champion
            wrote on last edited by
            #5

            QtSystems is a Qt module like e.g. QtAndroidExtras

            Interested in AI ? www.idiap.ch
            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

            1 Reply Last reply
            0
            • D Offline
              D Offline
              digorydoo
              wrote on last edited by
              #6

              Sure. However, I found another solution, which may be better in terms of security. When the app is first launched, I generate a UUID and store it in the app's settings file. The UUID stays the same and will be renewed only when the user reinstalls the app. So, I no longer need the MAC addresses.

              Since the settings file may be accessible on a rooted device, I don't use the UUID directly as the key to my SecureStore. Instead, I obtain the key by passing the UUID to a modified version of the bcrypt password hashing algorithm.

              1 Reply Last reply
              0

              • Login
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Users
              • Groups
              • Search
              • Get Qt Extensions
              • Unsolved