GuenterP
Software protection by USB-memory-stick August 06, 2008 11:44AM |
Moderator |
PETER ZHOU
Re: Software protection by USB-memory-stick August 06, 2008 12:42PM |
Quote
GuenterP
'USB memory stick' is a protected trade name of SONY
'USB mass storage device' is the non-protected but rather ambiguous acronym
------------------------------------------------------------------------
After having some troubles using the Rockey2 USB-dongle [www.ftsafe.com] in a stored procedure on a Windows Vista 64 system (the DLL can't be registered), I started to think - once again - about software protection. Licensed users should be able to execute THEIR program on any computer they want. Any binding of software to the hardware implies that users would have to call and have to re-enter a new license key. The questions are: what happens after hours and on weekends and can the user fake a situation of a defective computer only to get a second license cheap.
Only a portable hardware key can get those things straight.
So, I found out that <b>nearly every USB-memory-stick has a unique serial number</b> (for Vendor & revision) burnt into it. So, no one can replace it with a stick of the same serial#. Beware: This is NOT the volume serial number of the formatted USB-drive! Leaves the 'problem' of how to retrieve the hardware-serial# of a USB memory stick ..
Hi
As it turned out, it is no problem at all, because the WinDev 11+12 USB functions deliver this serial# without a need to resort to Windows API calls !!
Look at the program example of the USBListDevice(..) command. The variable sDevice holds a long string which in fact are some concatinated infos, all parts separated by a '&' character. Near the end you'll find the hardware serial number of the memory stick!
PC Soft has extracted 5 parts of this strings - but not the serial# - as USBProperties. However, we can extract the serial# from the unique USB-device identifier (sDevice)!
sDevice:
USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MINI&REV_0.1\SNDK3EE594080EB00406&0
Serial#:
SNDK3EE594080EB00406
If you want to check whether the serial# is correct or not and/or dig a bit more into USB characteristics, you can use NirSoft's freeware utility USBDeview: [www.nirsoft.net]
Idea for a software protection mechanism:
We will put an encrypted file onto the dongle that contains textual customer information, features of the software and the serial number and vendor name of the USB memory stick. The software just has to read / decrypt the information contained in that file and check whether the actual hardware serial# of the memory stick equals the serial# retrieved from the encrypted file. License changes can be distributed as an attachment file to an e-mail and copied to the memory stick. No interruption of customer's use of the software will take place.
Advantage 1: Even small numbers of software can be protected. Just buy 5 USB memory sticks for a small project ..
Advantage 2: Independence from a certain dongle maker and their more or less complex schemes of contacting their dongles.
Advantage 3: It's way cheaper to buy a standard USB memory stick than to buy a dongle. Cheap dongles come in minimum quantities of at least 100. USB memory sticks with 64 mb storage start at 3,- Euros - you can even have them with custom logo (and your program's name on it!) e.g.: [www.tlntradecompany.com]
Edited 1 times. Last edit at 08/06/08 11:55AM by GuenterP.
Toddy Utomo
Re: Software protection by USB-memory-stick August 06, 2008 05:35PM |
GuenterP
Re: Software protection by USB-memory-stick August 06, 2008 08:25PM |
Moderator |
Gianni Spano
Re: Software protection by USB-memory-stick August 06, 2008 11:52PM |
GuenterP
Re: Software protection by USB-memory-stick August 07, 2008 12:13AM |
Moderator |
Al
Re: Software protection by USB-memory-stick August 07, 2008 01:59AM |
KenKnight
Re: Software protection by USB-memory-stick August 07, 2008 04:04AM |
Peter Raines
Re: Software protection by USB-memory-stick August 07, 2008 06:44AM |
GuenterP
Re: Software protection by USB-memory-stick August 07, 2008 08:23AM |
Moderator |
Quote
Al
Hello Guenter
I think it's a great idea, very innovative.
One thing to keep in mind running it on a server. Because the device is actually a drive and some boards can boot from a USB drive, you may run into some opposition from sysadmins, because your usb stick may interfere with the startup.
We have a couple of sites where they run backup hard disks connected by USB and these have to be unplugged before the servers will reboot, which makes remote reboots impossible, because the servers try and boot from the usb drives.
Regards
Al
GuenterP
Re: Software protection by USB-memory-stick August 07, 2008 09:08AM |
Moderator |
Quote
Peter Raines
Of course it's not difficult for someone to create a virtual USB driver which will give your app the serial number required, or simply to debug your exe to bypass the serial number check. As far as security goes, HASP HL dongles are still a far better option. But for a cheap and cheerful security measure, the USB mass storage device is a good idea.
-Peter
Peter Raines
Re: Software protection by USB-memory-stick August 08, 2008 01:04AM |
Aelfassi
Re: Software protection by USB-memory-stick August 08, 2008 07:20AM |
tunidev
Re: Software protection by USB-memory-stick November 07, 2008 09:13PM |
Jimbo
Re: Software protection by USB-memory-stick November 07, 2008 10:48PM |
Moderator |
Milton
Re: Software protection by USB-memory-stick November 08, 2008 01:38AM |
tunidev
Re: Software protection by USB-memory-stick November 09, 2008 12:46AM |