Protecting an XPe image on Compact Flash from unauthorised copying

[Guest]

Can XPe be locked to a particular machine to prevent unauthorised copying
(locked to MAC address, disk volume ID ??).

The reason I ask is we have developed an XPe CF image for a customer to be
sold with the embedded board, but this customer also buys buys the bare board
and we know he has had a few "licencing anomolies" in the past when OS
activation was not required.

 

[Mike Warren]

Can XPe be locked to a particular machine to prevent unauthorised
copying (locked to MAC address, disk volume ID ??).

The reason I ask is we have developed an XPe CF image for a customer
to be sold with the embedded board, but this customer also buys buys
the bare board and we know he has had a few "licencing anomolies" in
the past when OS activation was not required.

Do you need to lock the image or your software?

We solve the problem by including security code on a micro-controller
which is needed in the device anyway.

You could to something similar with a USB dongle.

Using the volume ID is easy but not very secure.

 

[Guest]

Can XPe be locked to a particular machine to prevent unauthorised

Do you need to lock the image or your software?

We solve the problem by including security code on a micro-controller
which is needed in the device anyway.

You could to something similar with a USB dongle.

Using the volume ID is easy but not very secure.

Volume ID would probably be acceptable to stop casual duplication.

How do I put that locking into XPe ?

 

[Mike Warren]

Volume ID would probably be acceptable to stop casual duplication.

How do I put that locking into XPe ?

As far as I know, it would have to be in a program. Do you have a
custom shell?

If not, you could make a small program (eg. a service) that checks if
the volume ID is what it should be and if not, shuts down or reboots
the machine.

Bear in mind that the volume ID will most likely change if the CF is
reformatted and can be easily changed with a hex editor.

 

[Guest]

Volume ID would probably be acceptable to stop casual duplication.

As far as I know, it would have to be in a program. Do you have a
custom shell?

If not, you could make a small program (eg. a service) that checks if
the volume ID is what it should be and if not, shuts down or reboots
the machine.

Bear in mind that the volume ID will most likely change if the CF is
reformatted and can be easily changed with a hex editor.

I was hoping there might be something simple to prevent our CF image being
end user copied.

 

[Ralph A. Schmid, dk5ras]

Bear in mind that the volume ID will most likely change if the CF is
reformatted and can be easily changed with a hex editor.

There are even small tools "for dummies" to change the volume ID.

Ralph.

 

[Guest]

There are even small tools "for dummies" to change the volume ID.

Locking to disk ID would do, as I suspect most preople would be unaware of
how its done and how to work around.

Any thoughts on how to implement easily ?

 

[Adam Nofsinger]

Can XPe be locked to a particular machine to prevent unauthorised copying
(locked to MAC address, disk volume ID ??).

The reason I ask is we have developed an XPe CF image for a customer to be
sold with the embedded board, but this customer also buys buys the bare board
and we know he has had a few "licencing anomolies" in the past when OS
activation was not required.

It seems to me that the First Boot Agent (FBA) automatically "seals"
your run-time image, making it only boot up on that particular device.
To do what you are afraid your customers may do, they would need you to
give them a "cloneable" run-time image, where the FBA seal phase hadn't
been executed yet, and the image had the "cloning tools" component
installed.

Once you get your device working, just try using the CF card in another,
similar device. I imagine it won't boot, as you would like!

Adam N
ims3k.com

 

[Mike Warren]

It seems to me that the First Boot Agent (FBA) automatically "seals"
your run-time image, making it only boot up on that particular
device. To do what you are afraid your customers may do, they would
need you to give them a "cloneable" run-time image, where the FBA
seal phase hadn't been executed yet, and the image had the "cloning
tools" component installed.

Once you get your device working, just try using the CF card in
another, similar device. I imagine it won't boot, as you would like!

Unfortunately that's not the case. As long as the hardware is the same
type the image will still run. There can be issues in a network
environment because a duplicate will have the same SID but even that is
easy to correct with NewSID.exe.

 

[Stefanie Niefer]

I was hoping there might be something simple to prevent our CF image being
end user copied.

As I know, Silicon Systems sells CF-Cards, wich can be locked to a
special system. Useing the cf in an other system may not work anymore.
But this will not prevent a copy of the image. Maybe they got a
solution, wich can help you. They told, they got solutions for
military, where no information should fall in to enemy hands.

http://www.siliconsystems.com/silicondrivesecure/index.aspx#

Steffi