Creating USB Harware Keys
-
I want to learn how to create hardware keys. I have seen the software like AntiDuplicate have worked with Hasps. I am fascinated with the idea of using Hardware keys. Earlier it used to be a serial port key and not USBs have replaced them. Is there a way by which a normal USB key can be converted into a Hardware Key for Software Protection?
-
I want to learn how to create hardware keys. I have seen the software like AntiDuplicate have worked with Hasps. I am fascinated with the idea of using Hardware keys. Earlier it used to be a serial port key and not USBs have replaced them. Is there a way by which a normal USB key can be converted into a Hardware Key for Software Protection?
So far all USB memory sticks I have seen contain a manufacturer string and a unique ID within each manufacturer (each with a different syntax though). So yes you can use those as the base for some kind of hardware-based software protection. You would need a couple of WMI classes to get the information; they do work in user mode, even on Vista and presumably also Win7. :)
Luc Pattyn
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
-
So far all USB memory sticks I have seen contain a manufacturer string and a unique ID within each manufacturer (each with a different syntax though). So yes you can use those as the base for some kind of hardware-based software protection. You would need a couple of WMI classes to get the information; they do work in user mode, even on Vista and presumably also Win7. :)
Luc Pattyn
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
Thanks Luc, That's great to know. any suggested readings for getting those unique IDs? So far, all I came across are basically for permanent disks and not for removable ones. One more thing I want to know is whether there is a way to prevent writing to USB disk without a password may be? Whatever solutions (making USB disk write protected) I have seen so far are based on registry and hence machine specific...
-
Thanks Luc, That's great to know. any suggested readings for getting those unique IDs? So far, all I came across are basically for permanent disks and not for removable ones. One more thing I want to know is whether there is a way to prevent writing to USB disk without a password may be? Whatever solutions (making USB disk write protected) I have seen so far are based on registry and hence machine specific...
google terms: USB, serialNumber, Win32_DiskDrive, Win32_LogicalDiskToPartition, Win32_PhysicalMedia I have a USB stick with a write-protect switch, unknown manufacturer AFAIK all solutions with read-only device, or hidden second partition, require a special driver :)
Luc Pattyn
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
-
google terms: USB, serialNumber, Win32_DiskDrive, Win32_LogicalDiskToPartition, Win32_PhysicalMedia I have a USB stick with a write-protect switch, unknown manufacturer AFAIK all solutions with read-only device, or hidden second partition, require a special driver :)
Luc Pattyn
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
Oh, I have done that... and will further be digging into it. Google mostly returns AntiDuplicate or other paid solution sites. nothing to read on or learn. Usually, talking to someone who knows better than me, helps a lot. :) Thanks a lot. If you know of some library on codeproject or any such developer website, it would be helpful. Apart from this, I was also trying to find some library which could access a TrueCrypt partition from the code. That would sort a lot of issues actually.
-
So far all USB memory sticks I have seen contain a manufacturer string and a unique ID within each manufacturer (each with a different syntax though). So yes you can use those as the base for some kind of hardware-based software protection. You would need a couple of WMI classes to get the information; they do work in user mode, even on Vista and presumably also Win7. :)
Luc Pattyn
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
-
I want to learn how to create hardware keys. I have seen the software like AntiDuplicate have worked with Hasps. I am fascinated with the idea of using Hardware keys. Earlier it used to be a serial port key and not USBs have replaced them. Is there a way by which a normal USB key can be converted into a Hardware Key for Software Protection?
There are a variety of USB-based microcontrollers available; evaluation kits can be had for $100 or less. The normal approach for hardware copy protection is to have a key receive a packet of data from the PC, munge the data, and send it back. The PC can then check whether it got what it expects. The amount of time and effort you spend on the dongle code will depend greatly upon your perceived threat model. Ideally, there would be some algorithm used in your code which (1) did not require a large bandwidth for inputs and outputs; (2) did not require an enormous amount of CPU power to compute; and (3) could not be readily inferred by examining inputs and outputs. A roll-playing game, for example, might put some aspects of a character's AI into the dongle. If the character is supposed to do something special if it enters the room with the golden fiddle, and the code for that behavior is only in the dongle and not in the PC-loaded software, even someone with full source code for the PC software wouldn't be able to "crack" the game to run properly without the dongle. If there aren't any "useful but obscure" algorithms that can be usefully put into the dongle, security will be much tougher. It wouldn't be hard to write a dongle that takes 8 bytes, encrypts them with some secret DES key, and sends them back, but someone who reverse-engineered the PC-side code could then imitate out the dongle. Using a public-key system like RSA would be better, but even if someone couldn't imitate the dongle the code that requires it could likely be bypassed.