Unlock a software running on USB key?

Hi,

We would like to package an application running directly from a USB key (and only from it).

What can be done is locking on a single USB key using the USB Key UID (which all average/good USB Key have - a unique identifier). This technique is sometime used as a cheap "hardware lock" activation mechanism combined with a licence file - in principle like LimeLM but way simpler.

My question: is it possible to use LimeLM to Activate() a software meant to run only on a USB Key but on different computers? (i.e. the only hardware footprint would be the UID of the USB Key.)

Would an option for that be possible (or would you be interested - sometimes it's possible but would shun doing it), knowing it's limitations?

(This is only meant to block casual copying; if the software is not run from the USB key our app would require a standard unlock with LimeLM; but if it is started from a USB key we would check for the basic unlock with LimeLM based only on the USB Key UID and a licence file located on the key.)

Best regards,Alexandre Leclerc

Hey Alexandre,

USB Key UID (which all average/good USB Key have - a unique identifier).

We've looked into this and it's nonviable. Unfortunately a great many USB keys either have a non-unique "serial number" (that is, all keys of the same model/factory are stamped with the same serial number) or they have no serial number at all. There's no way to reliably tell USB drive apart (we wish there was -- this would be useful). And this problem isn't limited to cheap USB sticks either -- it effects the whole market (cheap to expensive, brand to brand)

My question: is it possible to use LimeLM to Activate() a software meant to run only on a USB Key but on different computers? (i.e. the only hardware footprint would be the UID of the USB Key.)

No, but you'll be able to do something similar with TurboFloat. Namely, you just plug in the TurboFloatServer address hosted somewhere on a company's network, save that info to the USB drive alongside your app. Then an employee can walk from computer to computer with your software on the USB stick and everything will "just work". That is, your software will talk to the TurboFloatServer to get a license lease to run on whatever computer the user has plugged his USB stick into.

TurboFloat will be out very soon.

Hi Wyatt,

Thank you very much for your kind reply.

From my limited experience I've been thought (from web articles) and seen (myself) that usually we could, to a certain point, give some trust to the GUID of a USB Key as a basic way to identify the same piece of hardware. I thought that it would rarely happen that two USB Key would have the same properties.

For example, I currently have two USB Keys on my computer and I get the following information from the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\STORAGE\Volume_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Micro&Rev_0.2#SNDKAAEDD40CF3B08302&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_??_USBSTOR#Disk&Ven_Sony&Prod_Storage_Media&Rev_0100#CB4001207070001631&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

We can see two serials (GUID): SNDKAAEDD40CF3B08302 and CB4001207070001631.

But I'm not telling you are wrong. I agree that if this is not safe, this would be improper to implement a locking mechanism for your customers based on that only.

OK, let say I approach the problem another way. Currently, LimeLM is creating a "footprint" for its locking mechanism.

Would that be "conceivable" to optionally let a programmer give a "footprint" to LimeLM to be used? (So that way, in *extremely* rare cases, I could take the risk to pass, let say, a so-said-USB-GUID, as the only footprint to be considered for lock/unlock or, more specifically, to control the trial period of a product.)

(I'll give more background info. We have a small project to "give" a program to a school teacher that will use it with his students. The program will be distributed on USB key for students and they will all run it in trial mode only for a time. The students will use the software at school, and at home, an maybe at work. We wanted to "lock" the application on the USB keys that will receive. The key would have been the "hardware footprint", and the trial licence be on the key. All the technology would be self-containing. As our software already detects very well if it starts from USB/Net/Drive we know how the licence should be handled. Our goal was to avoid using LimeLM for 99% of the time, then having to code a special mechanism for USB based installations - this special project with that teacher. -- TurboFloat would not be the perfect tool for us in this very special and uncommon situation.)

In any situation, thank you very much for this interesting discussion.

Best regards,Alexandre Leclerc

We can see two serials (GUID): SNDKAAEDD40CF3B08302 and CB4001207070001631

Unfortunately this is an exception to the general rule that most USB keys don't have this information.

We wanted to "lock" the application on the USB keys that will receive.

Or just give the user a product key with 2 or more allowed activations so they can activate on more than 1 computer.

Would that be "conceivable" to optionally let a programmer give a "footprint" to LimeLM to be used?

No, unfortunately not, for many reasons.

Reply
Discard post