Click here to Skip to main content
15,885,952 members
Search within:


Prevent/detect usb flash cloning/restoring
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi there,

I have an issue regarding developing a secure way of doing licensing for a software application. This application would allow the user the possibility to use some how of "offline licenses" for consuming, stored in an encrypted file.
The problem is that the main vulnerability is when the user decides to hack the licensing system, by cloning at first the entire usb flash contents (cloning byte by byte) and after consuming all of it's x licenses, he would restore the clone to the same usb stick and re-consume the same licenses.

So, the question to you would be:
Is there a way to somehow know if a usb flash has been cloned ? Maybe with some sort of specific generic usb flash hardware feature including some counters or something like that?
Or do you have another idea on doing the "offline licenses" mechanism safe (without requiring internet connection and server sync) ?

Thank you !
Posted
Add a Solution
Comments
Ron Beyer 9-May-13 13:55pm    
Why not just use a dongle that is designed specifically to do this? These are the ones that I use: http://esecutech.com/ and are relatively cheap and work well. As far as I know, there isn't a fool-proof way to detect if a drive has been cloned. Some WMI queries can give you the drive serial number (not the same as disk serial number) but from my experimentation not all disks will return this information, especially removable ones.

1 solution

Don't use a flash drive for delivering licenses. Open source tools and proprietary apps like Ghost will eat you alive. It is too easy to image a thumb drive and post the image to BitTorrent or, God forbid, put it into a thumb drive duplicator and create 50 copies at once.

Either look for an on-line solution that supports operating in an off-line mode after the initial validation (never using a dongle) or get USB license key dongles... which are NOT thumb drives. They are devices with a processor and encryption that will usually require some sort of library to be added into your application. You make a simple call within your code to the library and it handles the rest. A lot of times these will be used in a two-part license scheme where you deliver the USB dongle to the customer and the first time they run the app with the key present, a thumbprint of the system is made and that license is activated on that system. The thumbprint ties the license to the hardware. The customer can't move the license from machine to machine (unless you choose to let them) and since these are secure license hardware keys, they can't be cloned.

If you are trying to develop a solution on your own, you should seriously consider abandoning that idea and just buy something off the shelf. Since you are asking this question I'll assume you aren't versed in license key management so you are likely to make a serious mistake in trying to roll your own implementation. Same reason people don't write their own encryption... you will fail miserably.

If you value your app enough to protect it with a hardware key, then spend the money on a real licensing system.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Chrome "restore page" prevent
using system.IO to detect usb drivers
USB detection
USB flash memory
USB detection in JAVA
Detecting USB devices
how to run an application when flash drive detected?
Softdog USB detection
Problem with c++ console application for Detecting USB Insertion/Removal
Simulate flash drive

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 May 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900