I have a laptop with an integrated Smart Card reader (Broadcom). Applications I use insist on using specific Smart Card readers (USB tokens). Therefore I must insert that second SC reader in my system and I can't remove the first one.
The problem lies in a fact that those applications use only the default (first found) SD reader they find to query for Smart Card. And thus always report my SD reader as "empty".
I need to force them to read my "second reader" as it is my primary.
The question is: Is it possible to somehow select default card reader without disabling the other one? Is it possible to have Windows asking for which card reader to use?
I have Windows 10 1809 and I have noticed that the name of the default reader is dependent on which registry keys is alphabetically first under
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Calais\Readers
I added a space to the beginning of the key to the one I wanted to be listed first and this caused it to sort alphabetically first and become the default.
I've devised "a hacky" solution that worked for me, but I'm sure that is not really the proper one. I've changed Groups field from SCard$DefaultReaders to _dummy_SCard$DefaultReaders, in this registry location:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Calais\Readers\Broadcom Corp Contacted SmartCard 0
I've essentially disabled my Broadcom smartcard reader. This is working for Windows 10 64-bit and registry location is probably quite similar on 32-bit systems.
Note: Great utility that helped me was certutil -scinfo -v from the command line.
Due to my knowledge there is no clean centralized solution. The idea behind the PCSC architecture was, if several readers are connected, that you choose the one you want to connect to by identifiying the card you want to address. For the use case "more than one reader present, but application always wants a specific one, even without knowing something concerning the card" the application has to take care by itself. (Most achieve this by remembering, which one was chosen the last time.)
Related
I want to create an application or modify USB in a way so that, upon insertion into any PC, I can get the information that PC was inserted.
eg. upon insertion, I can read PC name and make an API call with this as post data so I'm able to know that my USB was inserted in some PC. But this should happen right away as USB is read by the machine, so even if the user formats it thereafter, it should not matter.
If it was earlier windows, I could write autorun and that would work. But I want this detection mechanism for Windows 7 and above.
I have done some research on the topic but could not find any reliable content. Some articles were related to USB based hacking attacks by changing wiring (USB hardware, to harm the computer) or something like that. But I totally don't want to do that. Just the detection, that USB was used.
Let Say there are two identical systems. One of which has licence version of windows and I am ghosting entire drive into second computer's hdd. will windows ever come two know?
If that system is not connected to internet ?
Is CPU_ID unique Identifier or is it a cpu product ID.
I know mac address is unique in a system but I want to dig deeper in finding unique identifiers of system.
Take a look at this.
What should be the unique ID of a machine? Its motherboard ID? Windows Product ID?
I am working on visual C#.
The Kernel is compiled with specific drivers and the Kernel knows all the information about the hardware including their firmware version and hardware Ids. (one of the reason for BSOD)
If you install a windows and change the HDD to another same set-up, windows might try to repair and work. However if you have TPM chip and Bitlocker enabled, windows will ask you for the BitLocker recover key as soon as you've changed the hardware setup. That's because windows kernel knows each hardware and their ID's and therefor changes in them.
In order to answer you intended question, don't bother trying to prevent privacy you will never succeed and there will be someone to crack it. Instead spend that time on your actual product and marketing. People who want's to steal, they will steal anyway or won't use. Spend your time for those who would want to buy your product.
Having said that, move important code to web service if you really that much worried.
I live in Estonia where citizens, e-residents etc can use their ID card to prove identity by signing documents, open encrypted files that are intended for a specific individual and so on.
For that purpose we here use card readers (of course).
The problem is, unlike USB mice, USB keyboards and such things, to get it work I need first to restart my Mac. In other cases keychain won't see this device and I won't be able to do anything with it.
Is there a way to make my ID card work and seen by keychain without restarting my machine every time I want to use it?
Maybe there's a way to somehow restart just keychain or something.
All right, that was easy enough.
If somebody experiences kind of same issue, just reset NVRAM and SMC.
I am using DirectInput8 in a project at work that monitors various components of the pc. To monitor joysticks we use DirectInput8. The data is retrieved by enumerating all joysticks with DI8DEVCLASS_GAMECTRL as the type and DIEDFL_ATTACHEDONLY as a flag. Recently it was brought to my attention that we were having multiple joysticks showing up. First I looked at the xml file we store the components in between reboots. There were two entries for the joysticks, Logitech Extreme 3d pro, and each had a unique product guid. I backed the file up and removed it, effectively forcing a rescan of the machine next time the app started after I rebooted the machine. I was able to get the same problem to occur and logged out the guids and they are different for each. The system only has a single joystick plugged in however it plugs in through a usb hub. Is the hub affecting the guids I am seeing? I could also only get this to occur maybe 1 out of 5 attempts.
Example:
Joystick Product GUID: 3C6A972000000000504944564944
Joystick Instance GUID: 3C6A972097C11E3800144455354
Joystick Product GUID: DA83AFB000000000504944564944
Joystick Instance GUID: DA83AFB0D7B211E2800144455354
Had a similar issue... I just exported the DirectInput registry settings for the VID/PIDs I wanted to replicate GUIDs across machines.
So, in regedit navigate to:
[HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_[Whatever]&PID_[Whatever]\
Right click, choose Export to create the .reg file, the move it to the machine you want and double click.
This was a pain to find but after watching our testers I found they were logging into multiple user accounts and the GUID returned was different per user which is what caused the problem, would be nice if the documentation would be updated to reflect this.
I'm having the exact same problem as the original poster. To clarify his answer, its the instance GUID that is different for each user. And here is the MSDN documentation that incorrectly asserts that the InstanceGUID should stay the same on a given computer. Without someone from Mircosoft weighing in I don't know that I'll ever know the answer why this is - is it a bug or is the documentation incorrect.
The bottom line is you'll have a heck of a time sharing keybindings for a joystick among multiple users without a solution to this problem, which is my situation.
We have an auto update for our software that is installed via USB key (with the auto run). If I wanted to ensure that only authorized USB Keys were used, what's the best way?
Our installer is already signed, and it won't run otherwise. But I'm more wanting to inspect the USB Key for a signed installer, and if it's not there, just ignore, or even "Eject" the USB device.
And I should be able to tell the difference (in code) between a usb storage device, and say a camera, or keyboard.
I'm only wanting to disable non-authorized storage devices.
Thank you for your ideas.
non-authorized storage devices? This depends on how secure you want it to be. For the most secure level, it would consist of:
special firmware written to the flash drive to get extra "meta info" (read: expensive custom manufacturing of flash drives)
special windows driver to read that meta info from the flash drive
your program talking to that device driver to confirm it's authorized.
Or to the least secure level you have these options:
using a hidden file and a special key(possibly hashed time of last filesystem modification or something?) (dd breakable)
dropping below the filesystem level and recreating your own very simple filesystem.. (more security through obscurity though and dd could break that)
Also, for the "most secure" option, you really need a more secure way of running the program than auto-run and a device driver(which could be half-baked to make anything appear authorized). Why do you want it to only update from an authorized flash drive anyway?
You might be able to read the USB drive's serial number (assuming you get USB drives that have serial numbers; not all do). Then your application could call home to get the latest list of authorized serial numbers, and check to see if there is a match.
Earlz response is good, though I don't think you'd need custom manufacturing of flash drives... you would just need flash drives with some sort of unique firmware encrypted identifier. Perhaps something in the Kingston Data Traveler Line might do the trick. (I've never actually used one of these encrypted usb sticks, so I'm a bit foggy on the actual implementation details).