Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Mobile and Embedded
  4. Obtain MAC address or other device footprint

Obtain MAC address or other device footprint

Scheduled Pinned Locked Moved Mobile and Embedded
6 Posts 3 Posters 3.0k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    digorydoo
    wrote on last edited by
    #1

    I'm implementing a simple class to store and retrieve values from a file using encryption. The key being used is supposed to be device-specific, so if somebody is able to steal the encrypted file he or she will still not be able to use it on his or her own device.

    To make the key device-specific, I want to XOR some static key with the device's MAC address(es). I'm using the following technique to obtain the MAC addresses:

    @
    QString strMAC;
    QList<QNetworkInterface> list = QNetworkInterface::allInterfaces();
    int nCount = list.length();

    qDebug() << "SecureStore:" << QStringLiteral ("Found ") + QString::number (nCount) + " interfaces.";

for (int i = 0; i < nCount; i++)
{
    QNetworkInterface interface = list.value (i);
    strMAC = interface.hardwareAddress();
    qDebug() << "SecureStore:" << QStringLiteral (" - ") + interface.humanReadableName() + "(" + strMAC + ")";
}

    @

    On Android tablet Samsung tab3 I get the following lines logged when there is an active WiFi connection:

    @
    SecureStore: "Found 2 interfaces."
    SecureStore: " - lo(00:00:00:00:00:00)"
    SecureStore: " - wlan0(SO:ME:AD:DR:ES:SS)" // some address
    @

    However if WiFi is down or not connected, I get the following:

    @
    SecureStore: "Found 1 interfaces."
    SecureStore: " - lo(00:00:00:00:00:00)"
    @

    That's bad, because in this case my SecureStore will not be able to decrypt the file properly.

    So does anybody know a means how to obtain all MAC addresses disregarding the interface's states? Or alternatively, does anybody know another means using Qt to find some device-specific numbers that might be used to derive a key from?

    1 Reply Last reply
    0
    • SGaistS Offline
      SGaistS Offline
      SGaist
      Lifetime Qt Champion
      wrote on last edited by
      #2

      Hi,

      Maybe "QtSystems":https://qt.gitorious.org/qt/qtsystems/ might be of interest

      Interested in AI ? www.idiap.ch
      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

      1 Reply Last reply
      0
      • jeremy_kJ Offline
        jeremy_kJ Offline
        jeremy_k
        wrote on last edited by
        #3

        There's a fundamental flaw in this key generation scheme, in that the "secret" is attached to outgoing messages and incoming messages at the local network level, in plain text.

        It's also a rather short key at 48 bits, with added predictability when an attacker knows what device the target is using.

        If the goal is anything more than a dissuading a minimally interested attacker, please reconsider.

        Asking a question about code? http://eel.is/iso-c++/testcase/

        1 Reply Last reply
        0
        • D Offline
          D Offline
          digorydoo
          wrote on last edited by
          #4

          @jeremy: Thanks for the reply. The key is actually 128bit, but I want to XOR the first 6 bytes to the MAC address, leaving 80bit unaffected. I might also use some other technique than XOR, e.g. Blowfish's F function or something.

          @SGaist: Thanks for the link. However, since my target is mobile platforms, the amount of code to link against the product should be as small as possible. I hope to find a way in plain Qt.

          1 Reply Last reply
          0
          • SGaistS Offline
            SGaistS Offline
            SGaist
            Lifetime Qt Champion
            wrote on last edited by
            #5

            QtSystems is a Qt module like e.g. QtAndroidExtras

            Interested in AI ? www.idiap.ch
            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

            1 Reply Last reply
            0
            • D Offline
              D Offline
              digorydoo
              wrote on last edited by
              #6

              Sure. However, I found another solution, which may be better in terms of security. When the app is first launched, I generate a UUID and store it in the app's settings file. The UUID stays the same and will be renewed only when the user reinstalls the app. So, I no longer need the MAC addresses.

              Since the settings file may be accessible on a rooted device, I don't use the UUID directly as the key to my SecureStore. Instead, I obtain the key by passing the UUID to a modified version of the bcrypt password hashing algorithm.

              1 Reply Last reply
              0

              • Login
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Users
              • Groups
              • Search
              • Get Qt Extensions
              • Unsolved