We use the UR-robot for process movements, which cant be accomplished by the standard movements. We do the programming of the movements via variables and waypoints from userinput in PolyScope. These are often very complex and time consuming to program. My problem is, that everyone with a USB drive and basic UR knowledge can copy this.
It would be great if there was a way to protect this work. This could easily be implemented with the following functions:
- Locking folders with a password.
- Be able to make a if-statement that checks the robots serialnumber, so programlines only can be executed on a certain robot.
Best regards Jes Peter
I do agree with you. its good to have such a feature to protect some of our hard earned knowledge
I think best shot you have is to write urp program in the way, that it listens for commands from external program. Then you lock down that program as hard as you can. First though, you should make sure, that your program works flawlessly. Otherwise it just creates frustration for end user. Personally I like, that I can read the commands, that are sent to the robot. That way often I can figure out, what is going wrong.
However, I agree, that checking the serial number against some key is a fair way to make sure, that license is paid for.
I think you can fully protect your program by changing root password, and disabling USB automount rules. What you should do is to:
- backup robot USB drive image (just in case something goes wrong)
- change root password on robot
- delete /etc/udev/rules.d/10-automount.rules
Let me know if you find any security holes in this approach.
Disadvantage is that you will have to mount USB drive manually every time.
I reckon your best option is to create a URCap, that generates some clever code based on a friendly user interface for configuration.
The URCap could be restricted to only run on a specific robot serial number or similar.
The code contributed by the URCap would not be directly readble in PolyScope, and the user would only see the URCap node.
Problem is with that approach you can delete the root password, via the built in text editor. This has root level access like polyscope when opened via the calibration / advanced menu thingy. And I don’t think that password is changeable via the user.
Would be a good feature to have, I have always thought the UR was a little open in terms of IP protection.
This way would not prevent any user from reading the code contributed by the URCap in the .script that is auto-generated when program is saved.
Is there any way to protect such kind of code?
Depends on what you need to contribute.
If it e.g. is a stream of positions, instead of putting all the fancy calculations directly in the generateScript() method, you could have the script code iteratively call an XML-RPC call to a daemon, that only returns the “next position”. In this way the read script would only contain a call to XML-RPC, and your more advanced code will take place in a daemon behind the scenes.
This would also enable you to put the algorithm in a compiled daemon language, to make decompilation even harder.
I was thinking about this in terms of security also. Even if onehave a quite good setup of ones network, installing malicious software on a UR with automount USB and autorun .sh scripts can be a big flaw, not only for UR+ producers, but also for end customers.
Why does UR not have Polyscope run under another user (Not to be able to change root password and other system files via Polyscope) and also require the System Password on mount as a popup, except if no System Password is set?
at the moment, every urcap can easily be decompiled with a tool like JD-GUI.
It would be nice, if the SDK had a built-in way for obfuscating or encrypting all of the code, which is only readable by PolyScope at Runtime. Therefore it would be much harder to reverse engineer any urcap and won’t be worth the work doing so.
As the new integrated Remote Tool Center Point URCap has a license check up it would be cool if it would be possible to implement something similar to the URCap API