C# usb dongle

0

hello, i don't have a good kowledge about this, but i think you need to search for a library or sdk to use the usb dongle drivers. Check if there is any documentation in google for your usb dongle in order to know where to start.

answered 2 years ago by:

muster
1556

add comment

0

Thanks for your reply. I don't have any experience at all at this topic so I ask if anybody knows a good tutorial on this could he/she give me a link

Thanks in advance

answered 2 years ago by:

cypro21
30

add comment

1

well i did some search for this, i think the dongle hardware is the key itself and you can't make a software out of a dongle unless you want to create a file in a flash memory and halt the application startup until the usb is connected and the content of this specific file in this specific flash memory is the needed content. you might do it this way in your application but some things must not change in the flash memory like for example the Flash Memory name must be the same and the driveformat such as ntfs or fat and the file location that you need to check and it is preferred that the flash memory is only used for this purpous in order to keep the total size of the flash drive stable and so not to loose some clusters. Here is a sample code i thought of for creating the file authenticator:

//Create the authenticator file according to the flash memory name by caling CreateAuthenticator(flashmemoryname);
//Authenticate(flashmemoryname) return true if the authenticator.chk is found with the same properties and flash name while it returns false if the only the data in the file is different and normally it will loop through all drives if none of the previous constraints happen.

        private void CreateAuthenticator(string myFlashMemoryName)
        {
            string fullSerial = "";
            System.IO.DriveInfo di=null;
            foreach (System.IO.DriveInfo inf in System.IO.DriveInfo.GetDrives())
            {
                if (inf.IsReady && myFlashMemoryName == inf.VolumeLabel)
                {
                    di = inf;
                    fullSerial = (inf.VolumeLabel + "/" + inf.DriveType.ToString() + "/" + inf.DriveFormat + "/" + inf.TotalSize.ToString());
                    break;
                }
            }
            if (di != null)
            {
                System.Security.Cryptography.MD5 md = System.Security.Cryptography.MD5.Create();
                string md5 = System.Text.Encoding.Default.GetString(md.ComputeHash(System.Text.Encoding.Default.GetBytes(fullSerial)));
                System.IO.File.WriteAllText(di.Name + "authenticator.chk", md5);
            }
        }

        private bool Authenticator(string myFlashMemoryName)
        {
            string fullSerial = "";
            System.IO.DriveInfo di = null; 
            while(true)
            {
                foreach (System.IO.DriveInfo inf in System.IO.DriveInfo.GetDrives())
                {
                    if (inf.IsReady && inf.VolumeLabel == myFlashMemoryName)
                    {
                        di = inf;
                        fullSerial = (myFlashMemoryName + "/" + inf.DriveType.ToString() + "/" + inf.DriveFormat + "/" + inf.TotalSize.ToString());
                        break;
                    }
                }
                System.Security.Cryptography.MD5 md = System.Security.Cryptography.MD5.Create();
                string md5 = System.Text.Encoding.Default.GetString(md.ComputeHash(System.Text.Encoding.Default.GetBytes(fullSerial)));
                string data="";
                if (di != null)
                {
                    if (System.IO.File.Exists(di.Name + "authenticator.chk"))
                        data = System.IO.File.ReadAllText(di.Name + "authenticator.chk");
                    if (md5 == data)
                        return true;
                    else
                        return false;
                }
                System.Threading.Thread.Sleep(100);
            }
            return false;
        }

answered 2 years ago by:

muster
1556
edited 2 years ago

(x)

cypro21
30

Thanks for your reply. What about the flash drive. Is there any way of preventing the users from accessing its contents from Windows Explorer. Something to say this drive is locked or so....? Again, thanks

(x)

muster
1556

unfortunately no because this is still a normal flash memory, but the user won't remove the file because the software will not work for him for sure unless all the keys are equal to the flash memory constraints.

(x)

muster
1556

but you can enable the write protection of the whole system for removable disks. to do this in my opinion make an exe file in the autorun of the flash memory that is able to enable write protection in the registry whenever the program starts. so whenever this flash memory is pluged it will be write protected and let this exe file check the unplug of the flashmemory so whenever the flash memory is unplugged the program removes write protection and exits. The only drawback of this i think is the autorun blocker softwares and the operating system itself if its set not to apply autorun. Or simply you can get a flash memory with a write protection switch.

add comment

2

I am working on exactly what you are looking for.

The trick here is to use the serial number off of the USB flash drive. This serial number is (ideally) very difficult to impossible for an enduser to trivially change.

You can get the serial number from WMI. The following code demonstrates this:

using System.Management;

namespace USBSNTool

{
    static class Program {

        private static void Main()
        {

            int enCount = 0;
            btnRefresh.Enabled = false;

            Console.WriteLine("Enumerating USB Storage devices..." + Environment.NewLine);

            // Perform an SQL-style search in WMI for USB devices.
            // All USB storage devices start with "USBSTOR"
            ManagementObjectSearcher searcher1 = new ManagementObjectSearcher("SELECT * FROM win32_pnpentity where deviceid like 'USBSTOR%'");

            // Iterate through all found USB objects.
            foreach (ManagementObject dm in searcher1.Get())
            {

                string did = dm["DeviceID"].ToString();

                Console.WriteLine("Found USB Mass Storage device" + Environment.NewLine +
                    "Vendor: " + parseVendorFromDeviceID(did) + Environment.NewLine +
                    "Product: " + parseProductFromDeviceID(did) + Environment.NewLine +
                    "Serial: " + parseSerialFromDeviceID(did) + Environment.NewLine);

                enCount++;
            }

            Console.WriteLine("Finished, found " + enCount.ToString() + " devices.");
        }

        private string parseSerialFromDeviceID(string deviceId)
        {
            string[] splitDeviceId = deviceId.Split('\\');
            string[] serialArray;
            string serial;
            int arrayLen = splitDeviceId.Length - 1;

            serialArray = splitDeviceId[arrayLen].Split('&');
            serial = serialArray[0];

            return serial;
        }
        private string parseVendorFromDeviceID(string deviceId) {
            string[] splitDeviceId = deviceId.Split('\\');
            string[] serialArray = splitDeviceId[1].Split('&');
            string serial = serialArray[1].Remove(0, 4);
            serial = serial.Replace("_", " ");
            return serial;
        }
        private string parseProductFromDeviceID(string deviceId)
        {
            string[] splitDeviceId = deviceId.Split('\\');
            string[] serialArray = splitDeviceId[1].Split('&');
            string serial = serialArray[2].Remove(0, 5);
            serial = serial.Replace("_", " ");
            return serial;
        }
    }
}

You can adapt this code as you see fit. An idea would be to restructure it to populate an array of USB device serial number strings. (I'd actually recommend you consider the entire device identification - make, model, AND serial - you can simply concatenate them all.)

Now you need to figure out how you're going to use that for licensing. Some ideas: (note, some of this may seem over your head if you've never done any reading on cryptography; bear with me.)

* Hash the USB device's info with MD5 and use it as a license key.
Disadvantages: Too easy to figure out and circumvent/generate keys. Plus, you don't get "app-specific" serialization, as MD5 is a static hashing algorithm.

* Encrypt the USB device's info with a symmetric cipher like RC4, store it on disk in a (possibly hidden/system/otherwise protected) file in a known location, then when authenticating, look for that file and enumerate all USB devices to determine if the device specified by the file is found on disk. Your app will hold the key used to encrypt.
Disadvantages: Your app could easily be hacked (unless you obfuscate) to retrieve the key used for RC4.

* Same as above, but modify the USB identification in a reversible but confusing way. (e.g. flip the entire string so it's backwards, add a random character every 3 chars (you can then remove every 3rd char), and shift (rot13-style) each letter by 3 (not by 13!)).
Disadvantages: It's harder now to generate licenses, but still possible, again if your app is not obfuscated it's trivial to view the algorithm you're using to scramble the USB info prior to encrypting

* Same as above, but store the resulting license data OUTSIDE the filesystem.
This is tough because it seems your app requires administrator privileges to read any data from raw sectors on disk. So your app will require administrator privileges to run (not a good idea). The idea here is that most flash drives are partitioned, and there's always a few blank sectors between the partition table and the first partition. Some licensing systems (e.g. Adobe) use this space to store license data; other crypto systems (e.g. TrueCrypt) use it to store program and cipher data.
Disadvantages: App needs administrator privileges just to check the license.

* Use a public key cipher.
This is the method I'm trying to figure out. I have a parallel project that has the same issue as this, you'll see I've posted a question on here about dealing with asymmetric ciphers. The idea is, prior to shipping out your dongles, you'd first write an app that computes a security hash and encrypts it using your PRIVATE key (which you guard with your life), and then your app has an embedded PUBLIC key that can DECRYPT that information (but cannot be used to encrypt any keys!).
Disadvantages: You need to protect the public key inside the application, because otherwise a hacker could modify your assembly by inserting their own public key and then generating serials using its matching private key.

Another caveat: Not all flash drives have unique serial numbers. You'll need to ensure the drives you use as dongles do indeed have unique serial numbers. Cheaper off-brand or white-box no-brand flash drives may not use the serial number at all. Also, card readers and similar devices usually won't present a serial number. It is OK for non-unique serial numbers to exist in the system (because you will just never generate a proper license for those serials) but you do need to ensure that the USB devices you're using do indeed have unique serial numbers per device.

As you can see, there is NO foolproof licensing solution. But the trickier you can make the cracking, the longer it will take for the hackers to figure out what you did. For this solution to be truly effective, you need to implement a (good) .NET assembly obfuscator and also protect the method you use to store the public key in the app (e.g. resources)

If you have more questions then please reply to this post.

fm

answered 2 years ago by:

fmillion
490
edited 2 years ago

(x)

muster
1556

tnx for the answer. i searched for this at the beginning but couldn't find a thing concerning the serial of the usb.

(x)

cypro21
30

thanks a lot you were really helpful I appreciate it

(x)

cypro21
30

I would like to ask you. How can I prevent someone from accessing the USB dongle contents? ex not be able to copy any data into it?

add comment

4 answers

Welcome to debugging.com!