Arsip: Tanya: Menggunakan USB dongle untuk security software
more 19 years ago
DonVall
Halo semua,
Mau tanya nih tentang bagaimana memanfaatkan USB dongle, untuk security software yang kita buat. Saya yakin di antara rekan2 ada yang sudah berpengalaman memanfaatkan USB dongle untuk security software.
Thanks sebelumnya,
Luthfi B Hakim
more 19 years ago
ZeAL
usb dongle itu maksudnya flash disk kan..???
buat aja file yang digenerate berdasarkan serial number usb tersebut, lalu simpan file tersebut di flash disk tersebut...
jangan lupa dienkripsi...
Jadi ketika flash disk ingin difungsikan sebagai key;
buka file tersebut -> baca isi file -> dekripsi file -> bandingkan dengan serial number flash disk -> jika sama, maka autorisasi diberikan..
Trus kalo mau dikasih semacam password, password itu digunakan aja sebagai kunci untuk fungsi enkripsi/dekripsi.. Jadinya ada 2 lapisan security, serial number dan password enkripsi/dekripsi...
more 19 years ago
DonVall
Sebenernya aku gak pernah pake USB Dongle. Cuman pernah liat aja di paket software. Jadi secara pasti juga aku gak tau apa USB dongle itu sebenernya flash disk atau bukan. Belakangan ini baru pengen tau lebih dalam. Siapa tau bisa dipake. Makanya nih butuh informasi lebih dalam.
Dulu juga populer proteksi dengan dongle yang ditancepin di paralel port atau serial port. Isinya sih gak lain dari ROM (ada juga yang pake mcu) yang berisi kode-kode tertentu. Karena kode yang disimpan dan cara membacanya dirahasiakan makanya metode ini cukup efektif buat nge-jaga software.
Kalo pendekatannya dengan metode file yang diletakkan di flash disk, kan file itu bisa dengan gampang dicopy? Kalo pengamanannya di-pair dengan serial number flash disk, apa serial number itu gak bisa diubah? Trus gimana cara bacanya? Kebetulan untuk urusan USB flash disk, selain makenya, pengetahuan aku bener2 0.
Thanks sebelumnya,
Luthfi B Hakim
more 19 years ago
ZeAL
Ya, filenya bisa dicopy tapi [cmiiw] serial number gak bisa dirubah.. volume name yang bisa dirubah...
cara bacanya...
What is Volume's Serial Number? In short, the serial number of a (logical) drive is generated every time a drive is formatted. When Windows formats a drive, a drive's serial number gets calculated using the current date and time and is stored in the drive's boot sector. (The odds of two disks getting the same number are virtually nil on the same machine.) Here's a simple Delphi routine that gets the serial number of a disk (not the hard-coded manufacturer's hard drive serial number): ~~~~~~~~~~~~~~~~~~~~~~~~~ function FindVolumeSerial(const Drive : PChar) : string; var VolumeSerialNumber : DWORD; MaximumComponentLength : DWORD; FileSystemFlags : DWORD; SerialNumber : string; begin Result:=''; GetVolumeInformation( Drive, nil, 0, @VolumeSerialNumber, MaximumComponentLength, FileSystemFlags, nil, 0) ; SerialNumber := IntToHex(HiWord(VolumeSerialNumber), 4) + ' - ' + IntToHex(LoWord(VolumeSerialNumber), 4) ; Result := SerialNumber; end; (FindVolumeSerial ) ~~~~~~~~~~~~~~~~~~~~~~~~~ Usage is simple: ~~~~~~~~~~~~~~~~~~~~~~~~~ var C_DriveSerNumber : string; ... C_DriveSerNumber := FindVolumeSerial('c:') ; ~~~~~~~~~~~~~~~~~~~~~~~~~ Note: the GetVolumeInformation API function is declared in the Windows unit, hence there's no need to add any additional units in the uses list. Why would I need this number in my applications? You could use the volume serial number to enforce a weak form of application protection - create your application so that it refuses to run if the current disk (from where the application is executed) has a volume serial number that was different from the number of the hard disk on which it was first installed. Note, however, that users who upgrade their systems, or who restore from backups after a disk crash will have their volumes with different numbers.
more 19 years ago
DonVall
Sip! Aku udah bisa liat skenarionya. Sayangnya sekarang belum ada waktu buat implementasinya. :wink:
Tapi ada satu problem yang emang dari dulu belum sempat aku teliti, yakni kemungkinan untuk membuat serial number drive secara manual sehingga sama dengan yang diinginkan. Apa memang gak bisa? Apa memang tergantung dari hasil format? Kalo gitu, gimana cara program format drive nentukan serial number dan menge-set-nya ke drive tbs?
Atau mungkin kita bisa menggunakan 'hard coded manufacturer's hard drive serial number' atau 'hard coded manufacturer's flash drive serial number'. Nah yang ini mungkin lebih safe digunakan. Kalau yang ini gimana cara bacanya, ya? :oops: :oops:
more 19 years ago
ZeAL
sekedar alternatif...
mungkin bisa dikombinasikan dengan serial number dari disk...
Getting the BIOS serial number Copyright © 2000 Ernesto De Spirito SMImport - Native VCL components for importing data For a simple copy-protection scheme we need to know whether the machine that is executing our application is the one where it was installed. We can save the machine data in the Windows Registry when the application is installed or executed for the first time, and then every time the application gets executed we compare the machine data with the one we saved to see if they are the same or not. But, what machine data should we use and how do we get it? In a past issue we showed how to get the volume serial number of a logical disk drive, but normally this is not satisfying for a software developer since this number can be changed. A better solution could be using the BIOS serial number. BIOS stands for Basic Input/Output System and basically is a chip on the motherboard of the PC that contains the initialization program of the PC (everything until the load of the boot sector of the hard disk or other boot device) and some basic device-access routines. Unfortunately, different BIOS manufacturers have placed the serial numbers and other BIOS information in different memory locations, so the code you can usually find in the net to get this information might work with some machines but not with others. However, most (if not all) BIOS manufacturers have placed the information somewhere in the last 8 Kb of the first Mb of memory, i.e. in the address space from $000FE000 to $000FFFFF. Assuming that "s" is a string variable, the following code would store these 8 Kb in it: SetString(s, PChar(Ptr($FE000)), $2000); // $2000 = 8196 We can take the last 64 Kb to be sure we are not missing anything: SetString(s, PChar(Ptr($F0000)), $10000); // $10000 = 65536 The problem is that it's ill-advised to store "large volumes" of data in the Windows Registry. It would be better if we could restrict to 256 bytes or less using some hashing/checksum technique. For example we can use the SHA1 unit (and optionally the Base64 unit) introduced in the Pascal Newsletter#17.The code could look like the following: uses SHA1, Base64; function GetHashedBiosInfo: string; var SHA1Context: TSHA1Context; SHA1Digest: TSHA1Digest; begin // Get the BIOS data SetString(Result, PChar(Ptr($F0000)), $10000); // Hash the string SHA1Init(SHA1Context); SHA1Update(SHA1Context, PChar(Result), Length(Result)); SHA1Final(SHA1Context, SHA1Digest); SetString(Result, PChar(@SHA1Digest), sizeof(SHA1Digest)); // Return the hash string encoded in printable characters Result := B64Encode(Result); end; This way we get a short string that we can save in the Windows Registry without any problems. You can take it as a sort of "BIOS serial number". As an alternative to using SHA1 and Base64, you can use any checksum algorithm and binary-to-string conversion function of your liking. In the example below we use a simple algorithm that gets a 64-bit checksum and finally we convert it to a 16-chars string of hexadecimal digits: function GetBiosCheckSum: string; var s: int64; i: longword; p: PChar; begin i := 0; s := 0; p := PChar($F0000); repeat inc(s, Int64(Ord(p^)) shl i); if i < 64 then inc(i) else i := 0; inc(p); until p > PChar($FFFFF); Result := IntToHex(s,16); end; Displaying the BIOS information If we wanted to display the BIOS information we should parse the bytes to extract all null-terminated strings with ASCII printable characters at least 8-characters length, as it is done in the following function: function GetBiosInfoAsText: string; var p, q: pchar; begin q := nil; p := PChar(Ptr($FE000)); repeat if q <> nil then begin if not (p^ in [#10,#13,#32..#126,#169,#184]) then begin if (p^ =#0)and (p - q >= 8) then begin Result := Result + TrimRight(String(q)) +#13#10; end; q := nil; end; end else if p^ in then q := p; inc(p); until p > PChar(Ptr($FFFFF)); Result := TrimRight(Result); end; Then we can use the return value for example to display it in a memo: procedure TForm1.FormCreate(Sender: TObject); begin Memo1.Lines.Text := GetBiosInfoAsText; end; WARNING: The code presented in this article won't work on Windows NT/2000, although some information about the BIOS and the system hardware can be found in the Windows Registry under the key HKEY_LOCAL_MACHINE\Hardware\Description\System, but not enough to identify a machine as far as I know...truss... setelah googling beberapa menit, sayangnya (walau belum dicoba langsung), serial number drive BISA dirubah... Mungkin bisa dikombinasikan dengan computer name, BIOS serial number dan sebagainya...
more 19 years ago
deLogic
oiya, untuk akses memori BIOS di WinNT family, kalo gak salah ada address tertentu yang di block oleh system, jadi akan muncul exception..
CMIIW..
more 18 years ago
Apakekdah
dongle itu kaya blootooth...
emang mirip sama flesdis...
tapi bukan flesdis...
-
setiap dongle ada 1 master nah...
master dongle itu lah yang bakalan jadi data proteksi referensi elu...
gitu lho...
-
coba liat2x disini deh...
www.aks.com
ngomong2x udah setaun nih gak ada yang jawab... :lol:
more 18 years ago
taruna
..jelas dongle<> flesdis, cuma bentuk mirip & port yg dipake sama.
dan flesdis tidak bisa jadi dongle [cmiiw], kecuali resiko kebobolan tinggi bisa ditolerir . flasdis didesain sbg media penyimpanan yg tidak dilengkapi proteksi pembacaan spt chip mcu pada dongle.
tapi bagaimanapun, proteksi lewat hw lebih efektif selain proteksi via internet yg dipakai m$ (sw dipaksa "lapor" terus saat online :D ) meskipun pada akhirnya maling juga yang menang... :(
more ...
reply |
Report Obsolete
Last Articles
Last Topic
- PascalTalk #6: (Podcast) Kuliah IT di luar negeri, susah gak sih?
by LuriDarmawan in Tutorial & Community Project more 4 years ago - PascalTalk #5: UX: Research, Design and Engineer
by LuriDarmawan in Tutorial & Community Project more 4 years ago - PascalTalk #4: Obrolan Ringan Seputar IT
by LuriDarmawan in Tutorial & Community Project more 4 years ago - PascalTalk #2: Membuat Sendiri SMART HOME
by LuriDarmawan in Tutorial & Community Project more 4 years ago - PascalTalk #3: RADically Fast and Easy Mobile Apps Development with Delphi
by LuriDarmawan in Tutorial & Community Project more 4 years ago - PascalTalk #1: Pemanfaatan Artificial Intelligence di Masa Covid-19
by LuriDarmawan in Tutorial & Community Project more 4 years ago - Tempat Latihan Posting
by LuriDarmawan in OOT more 5 years ago - Archive
- Looping lagi...
by idhiel in Hal umum tentang Pascal Indonesia more 12 years ago - [ask] koneksi ke ODBC user Dsn saat runtime dengan ado
by halimanh in FireBird more 12 years ago - Validasi menggunakan data tanggal
by mas_kofa in Hal umum tentang Pascal Indonesia more 12 years ago
Random Topic
- Standard Gaji Kuli IT di Indonesia
by Ian_Benedict in OOT more 16 years ago - Turbo Delphi
by delphi_warrior in Hal umum tentang Pascal Indonesia more 17 years ago - tanya cara ngitung tanggal
by budhie_yk in Hal umum tentang Pascal Indonesia more 15 years ago - Mengetahui Nilai yang sama di dalam tabel
by onsir in MySQL more 17 years ago - Keyboard Character?Help
by Durman in Hal umum tentang Pascal Indonesia more 17 years ago - Menambah object baru saat aplikasi berjalan
by reza_elka in Tip n Trik Pemrograman more 13 years ago - ASK : Cara memasukkan checkbox / checklist ke dbgrid
by akbaaar in Hal umum tentang Pascal Indonesia more 12 years ago - Ngisi field No berurutan pd ttabel ?
by debby in Hal umum tentang Pascal Indonesia more 17 years ago - Crystal Report
by strike_set in Tip n Trik Pemrograman more 17 years ago - Track mouse buat remote admin
by mcrayeps in Form Enhancement & Graphical Controls more 17 years ago