I need to check which key the user must hit to boot their PC from a USB key or a CD.
Does it depend on the BIOS maker, or on the maker/model of the motherboard?
I was told about the nice, open-source Speccy to get some information on the hardware, but is there a library that I could use to get the same info from a (.Net) program and tell users precisely which key to hit on their very own computer?
Thank you.
There is no way you'll be able to find this out without building a comprehensive library of every single type of motherboard and manufacturer ever made, including any BIOS updates that might change it.
You should just ask the user to follow on-screen instructions when their computer to boots to select the boot device, and maybe offer some likely suggestions ("It will ask you to press a function key...")
At the stage you want to press enter or key, .NET will never be available.
Related
I have a laptop with an integrated Smart Card reader (Broadcom). Applications I use insist on using specific Smart Card readers (USB tokens). Therefore I must insert that second SC reader in my system and I can't remove the first one.
The problem lies in a fact that those applications use only the default (first found) SD reader they find to query for Smart Card. And thus always report my SD reader as "empty".
I need to force them to read my "second reader" as it is my primary.
The question is: Is it possible to somehow select default card reader without disabling the other one? Is it possible to have Windows asking for which card reader to use?
I have Windows 10 1809 and I have noticed that the name of the default reader is dependent on which registry keys is alphabetically first under
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Calais\Readers
I added a space to the beginning of the key to the one I wanted to be listed first and this caused it to sort alphabetically first and become the default.
I've devised "a hacky" solution that worked for me, but I'm sure that is not really the proper one. I've changed Groups field from SCard$DefaultReaders to _dummy_SCard$DefaultReaders, in this registry location:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Calais\Readers\Broadcom Corp Contacted SmartCard 0
I've essentially disabled my Broadcom smartcard reader. This is working for Windows 10 64-bit and registry location is probably quite similar on 32-bit systems.
Note: Great utility that helped me was certutil -scinfo -v from the command line.
Due to my knowledge there is no clean centralized solution. The idea behind the PCSC architecture was, if several readers are connected, that you choose the one you want to connect to by identifiying the card you want to address. For the use case "more than one reader present, but application always wants a specific one, even without knowing something concerning the card" the application has to take care by itself. (Most achieve this by remembering, which one was chosen the last time.)
Let Say there are two identical systems. One of which has licence version of windows and I am ghosting entire drive into second computer's hdd. will windows ever come two know?
If that system is not connected to internet ?
Is CPU_ID unique Identifier or is it a cpu product ID.
I know mac address is unique in a system but I want to dig deeper in finding unique identifiers of system.
Take a look at this.
What should be the unique ID of a machine? Its motherboard ID? Windows Product ID?
I am working on visual C#.
The Kernel is compiled with specific drivers and the Kernel knows all the information about the hardware including their firmware version and hardware Ids. (one of the reason for BSOD)
If you install a windows and change the HDD to another same set-up, windows might try to repair and work. However if you have TPM chip and Bitlocker enabled, windows will ask you for the BitLocker recover key as soon as you've changed the hardware setup. That's because windows kernel knows each hardware and their ID's and therefor changes in them.
In order to answer you intended question, don't bother trying to prevent privacy you will never succeed and there will be someone to crack it. Instead spend that time on your actual product and marketing. People who want's to steal, they will steal anyway or won't use. Spend your time for those who would want to buy your product.
Having said that, move important code to web service if you really that much worried.
I live in Estonia where citizens, e-residents etc can use their ID card to prove identity by signing documents, open encrypted files that are intended for a specific individual and so on.
For that purpose we here use card readers (of course).
The problem is, unlike USB mice, USB keyboards and such things, to get it work I need first to restart my Mac. In other cases keychain won't see this device and I won't be able to do anything with it.
Is there a way to make my ID card work and seen by keychain without restarting my machine every time I want to use it?
Maybe there's a way to somehow restart just keychain or something.
All right, that was easy enough.
If somebody experiences kind of same issue, just reset NVRAM and SMC.
How do applications like CloneDVD2 or AnyDVD know that the free phase is over, even if the application was uninstalled and then re-installed? Those applications don't require the user to login so that they could identify the user again.
Also on deinstalling them a window pops up asking whether the "registration files" should be kept or not. Even if they are not kept, the re-installed application knows the demo-time is over.
How is that technically realized?
Could be everything...
You might reverse the algorithm to find out.
But to name an example:
It's possible to generate a hash, based on unique hardware identifiers, of your hardware configuration and send that over the internet to a database.
If your hash exists over there, the software knows you ran it before.
An other option is leaving tracking information inside of your OS. So the checkbox: delete register information, isn't deleting everything.
To test:
1) Switch GPU or CPU :P
2) Format & Reinstall computer
We have an auto update for our software that is installed via USB key (with the auto run). If I wanted to ensure that only authorized USB Keys were used, what's the best way?
Our installer is already signed, and it won't run otherwise. But I'm more wanting to inspect the USB Key for a signed installer, and if it's not there, just ignore, or even "Eject" the USB device.
And I should be able to tell the difference (in code) between a usb storage device, and say a camera, or keyboard.
I'm only wanting to disable non-authorized storage devices.
Thank you for your ideas.
non-authorized storage devices? This depends on how secure you want it to be. For the most secure level, it would consist of:
special firmware written to the flash drive to get extra "meta info" (read: expensive custom manufacturing of flash drives)
special windows driver to read that meta info from the flash drive
your program talking to that device driver to confirm it's authorized.
Or to the least secure level you have these options:
using a hidden file and a special key(possibly hashed time of last filesystem modification or something?) (dd breakable)
dropping below the filesystem level and recreating your own very simple filesystem.. (more security through obscurity though and dd could break that)
Also, for the "most secure" option, you really need a more secure way of running the program than auto-run and a device driver(which could be half-baked to make anything appear authorized). Why do you want it to only update from an authorized flash drive anyway?
You might be able to read the USB drive's serial number (assuming you get USB drives that have serial numbers; not all do). Then your application could call home to get the latest list of authorized serial numbers, and check to see if there is a match.
Earlz response is good, though I don't think you'd need custom manufacturing of flash drives... you would just need flash drives with some sort of unique firmware encrypted identifier. Perhaps something in the Kingston Data Traveler Line might do the trick. (I've never actually used one of these encrypted usb sticks, so I'm a bit foggy on the actual implementation details).