is there any way to write protect micro sd card with password through programming (Java/C)?
primarily I wanted to set a password to micro sd card and the sd card should have access only if we provide the password.
I come to know that nokia mobile phones were doing this before, hope there is some way of doing this.
thanks in advance.
I'm pretty sure that the phones just encrypt the data (not technically lock it) and only they know how to unencrypted it. The closest that you could get to protecting the micro sd card would be to encrypt whatever you want to write on it. Hope this at least gave you an idea of how to go about this.
Phones use the CID number (card ID number written in ROM) of the SD or microSD card to encrypt the data and act as a key. So Lonnez is right, you need to encrypt the data, not write protect it. The other part of this, is having a device which can read the CID number and spit it out. Nexcopy.com has one for bulk use (manufacturing) but I suspect you would like a single card reader solution, not bulk.
You should also contact the SDCard Association as they could help you out with a more specific answer reg the ability to wp SD media. sdcard.org
Related
I am developing a winform that has a login page of some sort. I wanted to enable more then 2 types of authorization, just incase the user forgets his/her email:password combonation. I have added phone numbers, but I am curious to know if I can add fingerprint scanners, microphones and cameras into the mix. Is there a way to do that. I have read this post, but I am unsure if it works with any type of scanner, because the person who asked the question specifically named a single fingerprint scanner. Any help would be appreciated, Thanks Bye!
I'm looking for something that allow me to get devices (pc, Mac, phone and tablet) unique id like a MAC address can be.
I need to track all logins into a protected area but i'm unable to find an unique id with whom I can identify the used device.
I need that because I want the user to register their devices and then let them login only with that. Thanks
You can’t really. It would be a huge security/privacy risk to do that. However, there some things that you could do to get close:
Add a cookie to that device with a UUID
Fingerprinting - Use all available browser settings available to JS such as browser agent, installed fonts etc. to build up a unique-ish profile of a device (Note. Apple try to prevent this in the latest version of Safari)
IP address. It’s not perfect but is can do something and there are ways to remove a small degree of obfuscation. This is an example in PHP: How to get Real IP from Visitor?
Combining all of these things together should be able to give you something close to what you want. It may not completely protect it, but it will offer some form of it.
JavaScript is a high level programming language which can not help you storing such information. Same applies to PHP as well.
However, you might want to consider making use of cookies to achieve your goal. You can use a cryptographic algorithm and store it in a cookie, and you have a unique identifier.
I am looking for some good technical overview of how prepaid cards work. This post provides some basic answers but I would like to learn more.
I am helping with a project where we are going to be issuing prepaid cards that end users will use to pay for services. We don’t plan on using any third party processor. We will write our own software.
Can anyone point me to some technical resources so that I can learn more about industry standards? Some of my questions are:
What are standard scheme for the account number?
Barcode: Do they play any role in the card activation? Isn’t it just a code to look up the item at the Point of Sale?
Card activation: Is there more to it than validating that the account number exists in the database and has not been validated before etc.?
Unlock the PIN: Is this the same as flagging the account has been activated?
Thank you in advance!
The account number can be anything. Just don't use a simple incrementing number, such that it's trivial to guess account numbers.
The barcode serves as a sort of UPC for the card, though it'll have both the account number, and identifying information saying "this is a card for retailer X, in the amount of $Y"
The pin prevents someone from simply scanning the barcodes in bulk and "stealing" the amounts. Without the account number AND the pin, the card cannot be activated. Generally the pin is printed on the card under a scratch-off strip, or is otherwise hidden under packaging so that it can't be read without very obvious "damage" to the card or packaging.
I have developed a small software. I want to provide and run it commercially only. I want it to be run in the machines who have purchased it from me.
If someone copies it from my clients computer and runs it in next computer, I would like to stop functioning/running the software.
What can be the ways to prevent the piracy of my software?
Adaption of one of my previous answers:
There are a few ways to "activate" copied software to try to stop casual copying of the application.
In the most simplistic case, a registration code ("CD key") purchased from you, possibly via your website, and it is sent to the user who enters it into the program or installer. The whole process can basically be done offline; the program itself locally determines that the code is valid or invalid.
This is nice and easy, but it extremely vulnerable to key sharing - since there's no "phoning home" then the application cannot know that thousands of different people are all using the same key that they got off the internet or a serial library or their friend. It's also reasonably easy to make "keygens" which generate valid-seeming keys that were never actually issued by the developers.
Then we get into online registration. You still have some kind of code, but the program will phone home back to the server to determine whether the code is valid and usually unique. This stops basic key sharing, because the company knows if too many people from all over the world are all using the same key. Perhaps there is some kind of identification involved using MAC address, too, with infinite registrations allowed on the same hardware but maybe a limited number on what appears to be a different computer.
This is still pretty easy and stops simple key sharing. People will actually have to get into cracking the software or faking the server response to get past it.
Sometimes the program itself is partially/mostly encrypted and is only decrypted by the online registration step. Depending on how well this is obfuscated then it can be pretty difficult and time consuming to crack. Bioshock was a high-profile example of this - debuting with a brand new encryption/copy protection scheme that took around two weeks from release to be broken.
Finally, a particularly guarded application might stay in constant contact with the server, refusing to work at all if the connection is severed.
If you know for sure that all your users will all have reliable internet connections then it can be considered quite a strong way to protect the app, at the cost of privacy and some user distrust of the spyware.
In this case to get around the activation they would need to fake the server itself. Steam emulators and private WoW servers are an example of this.
And in the end, nothing is uncrackable.
In a nutshell: you can't.
Even very sofisticated systems (e.g. dongle keys) can be circumvented.
I guess your best call is to give a code to your customers and have an online check for that code, so that it cannot be used twice.
Of course, that can be circumvented too but...
As nico said you really can't.
A simple solution might be to generate (registration/activation) codes that are based on hardware or software installed on the particular computer - eg video card serial id or c:/windows creation time.
I have one idea may be it works.
What we can do, we will make an encorrupted database field and that field will be empty for the first time as soon as i install my software to some machine it will read the Mac Address + Mother Board Serial + Processor ID and make an encorrupted value with the combination of these three and write in to that field which i left empty for the first time use.
After that every time my application will read these three values and recreate the encrupptted value in the same manner and compare with the value of that database field. If the value of the database field and the value of the regenerated encrroupted field is equal, that means the computer is same other wise it is installed on some other machine in this case you delete all the code and can make the system unstable to punish the person also :) ...
Please let me know about your opinion about this idea.
The best way is to use some sort of hardware-locking in which your license code contains encrypted info about the machine on which it will run. Your software will then check for this info and match it with the current computer and if the match is successful, the license is deemed valid.
Sure, any scheme can be cracked by someone on the face of the planet, but that does not mean you shouldn't use a protection scheme.
If you are looking for a ready-made scheme for this, have a look at CryptoLicensing.
Companies such as ours (Wibu-Systems), Safe-Net, and Flexera (expensive) offer dongle-free solutions as well as ones based on hardware. But _simon was right in that a dongle is the only iron-clad protection. All software-based systems can be cracked; it's just that some are more difficult than others. Really good hardware-based solutions are effectively uncrackable. No one has yet cracked the CodeMeter stick unless the implementation was flawed.
How to get the phone number of the device in Symbian?
According to the GSM specs, only the IMSI is required to be available on the SIM card.
The actual phone number MSISDN is stored on the HLR database in the operator's network and does not need to be available on the SIM card or transmitted to the phone.
So no matter what technology you are using (Symbina, Java ...) you can never count on being able to consistently get your own phone number from the device or SIM. You might be lucky if the operator stores it on the SIM or if the phone provides the user with a possibility to enter it manually, but it does not have to be this way.
As Pat has said, although there are APIs for accessing the "own number" slot on the SIM, rarely in my experience is this slot filled.
The usual strategy for obtaining the phone number for a connected application is to send an SMS as part of a verification process. Either:
Programatically send an SMS from the handset to your server (lots of good SMS gateway interconnect providers out there). The SMS will arrive at your server 'from' the number of the handset (or the SIM to be more correct). Of course the SMS should contain some token so the server can link it with a given session/user.
This has the advantage that you don't need the user to enter their own phone number (which is fraut with subtle difficulties given few folks understand how to format numbers in E.164 format). One disadvantage is that the process can cost your user money (one SMS).
Have the user enter their phone number (web site or on the handset) and connect to your server, passing that phone number. Have the handset then wait for an SMS to arrive that you send from your server. If this SMS does indeed arrive, you have verified the phone number they entered as correct and valid. Obvious disadvantage is that this relies on the user to enter their number correctly - again, given the plethora of ways of writing phone numbers around the world, its not as trivial as it sounds to normalise numbers to E.164....
Alas, neither of these methods are bullet-proof, particularly because SMS is an unconnected transport. Depending on GSM network load, the load of your gateway provider, phase of the moon and direction of window blowing an SMS can take a second to a month to arrive (yes, I do have experience of the latter). The mean delivery time is often in the seconds, but you do have to play with the operation timeout and might have to tweak it on a geographical and GSM network basis.
[And no, don't rely on delivery reports - even more unreliable than SMS delivery]
FYI: Actually i have found this.
http://www3.symbian.com/faq.nsf/AllByDate/100335073FFD8FEF80256E3200571A49?OpenDocument
But the fact is, the phone number is not always stored in SIM. The operator chooses to do it or not!
You can't. Afaik.
Check this discussion:
http://discussion.forum.nokia.com/forum/showthread.php?t=65117
It is not generally possible to get the MSISDN from a Symbian device (or BREW, or any other platform). We've tried.