tags:

views:

203

answers:

4

Hello, I am trying to secure an application to only run from a specific USB disk. I have code to get the serial number from the device, but the only way I can make this work the way I want to is to manually code the serial number into the binary. Is there a way I could make a stub application that would modify the existing binary to insert the serial number into it after it's compiled? I've seen this done in C++ in the past, but that was a long time ago and I cant quite remember how we did it back then.

A: 

I don't know, but that hasn't stopped me from answering before.

Maybe figure out where you want to store the SN in the executable (it should be only one place, right?) and just treat the executable as a giant binary blob, and use the stub program to insert it where it needs to go?

John at CashCommons
A: 

Perhaps you want to get a separate USB license key like these ones:

http://www.bhphotovideo.com/c/buy/USB-License-Keys/ci/12454/N/4294550039

???

Hamish Grubijan
+8  A: 

Storing it in the assembly is a bad idea. Here is what I would do (and have done similar in the past):

  1. Be sure you are signing your assemblies.
  2. Create an XML document that contains your licensing data - in your case the serial number of the USB device.
  3. Utilize the SignedXml library in .NET (implements XMLDSIG) to sign the licensing XML document that contains the serial number. You will use the same private key that is used to sign the assembly.
  4. When your app starts up, it verifies that the signature of the XML file is valid using the public key that it was signed with (and is embedded in the assembly).

Obviously you don't ship your private key, so if the app needs to generate the XML config file itself (rather than it be a file you ship to the user) you will need to implement a web service.

Bryan Batchelder
Very cool, thanks for the feedback, I think I will use this method.What I am trying to do is make a program that can only ever be run from a specific thumbdrive that I have authorized. Thanks for all the good feedback!
Jesse Knott
Well then feel free to mark this as the answer :-)
Bryan Batchelder
A: 

Why would anybody want to save anything inside an executable. If you're planning to sign the executable for distribution changing the executable in some way would break the signing and saving something in binary to the executable won't prevent someone from taking the value out the executable.

Best thing you can do is store the serial number to a file, registry, or other place then encrypt the value so it can't be modified without breaking it. I use a library that ships with License Vault from a fairly new company called SpearmanTech. You can use their library to store encrypted values to the .NET machine.config file in an encrypted form so it can't be tampered with. This way you can pull the information from the .config file when your application starts.

Are you writing a .NET application in C++ or native C++ well either way you should be able to communicate with the .NET framework so this solution would work.

I would check out their product at http://www.spearmantech.com. Hope it works for you.

Csharprules