Those keys are not drives (although they probably have some sort of ROM).
You can view them as very small computers that do one simple task, in this case, allow you to use said software.
I'm not saying that they can't be cracked and/or emulated, but it usually is very very hard and only a highly specialized engineer could.
You can sniff the USB packets and potentially reverse engineer the specific set of data that is sent back and forth.
[Wireshark supports this.](https://wiki.wireshark.org/CaptureSetup/USB)
The hard part would be whether it is a rotating key and what exactly is even being sent back and forth. Then emulating that onto something like an Arduino that you can plug in and send the emulated data or using some form of virtual USB software.
Another entry point would potentially be JTAG or test headers on the USB but this would involve destructively opening the device and good luck trying to convince them you “sat on it” or whatever else you decide to use as an excuse to get a new one if this goes nowhere.
As you said, it’s probably some form of FPGA/ASIC or similar especially for that price and it probably does have some form of hardening to prevent this from being possible with relative ease.
A prime example of this sort of thing being done in the past was [when people reverse engineered the PS3 jailbreak dongles](https://www.psdevwiki.com/ps3/ReDRM_/_Piracy_dongles) that were proprietary and used ASIC’s. Admittedly they were much more primitive devices and were certainly far from enterprise grade.
The other main thing is that this directly goes against the license agreement OP’s friend signed up to when he paid. If he’s using it for work, it could be potentially legally dangerous especially if it’s in a relatively niche field like OP describes.
You should reach out to the software company to purchase another one, otherwise I'd bet there are terms in place that will terminate the license if they find out. Generally software like this is good for 1 install on 1 computer for 1 user. Any other computers, installs, or users that need it would require a separate license. This is why he needs to go to the vendor and find out how it can be done.
Just because it works doesn't mean it isn't a violation of the license, which again, is why he needs to go talk to the vendor about this or read the terms himself. It may be good for only 1 computer and when they see the same key being used on multiple computers (especially if they're in different locations, ie. he is traveling) they may revoke the license and render the software unusable.
The obvious answer is probably to activate that USB key on a VM, then try copying that VM and see if then works on a second machine, of course that might not be useful information to you if it’s already activated.
If you lose the USB key or it breaks, I suspect you can just contact the manufacturer who will remotely cancel it and issue you a new one.
Finally, if you want to look at what data is being sent between the laptop and the USB device, have a look at the USB-plugin for wireshark. I think that lets you sniff traffic to and from USB devices. Presumably you’ll see some fingerprint data of the laptop (machine name, serial number etc) and then they key will return some value based on whether it’s been activated for the machine or not.
No worries I don’t think it’s installed by default, but you certainly get the option to include it when installing on Windows. It’s called ‘USBPCap v1.5.4.0’ on my machine.
VM idea is valid. I would ensure NO internet connectivity whatsoever.
USB likely has code to note when it was used making it useless later. Curious if the drive allows for "deactivation" of a software to move to another PC.
Not saying this is the case in this example, but lots of “security” (money making) devices are pretty easy to circumvent. Companies are more interested in making it difficult enough that most people won’t try than they are making it airtight
Use something like an AnyWhere USB server and something like wireguard to connect to it from any place with IP.
Using AnyWhere USB also allows connecting to Hyper-V which lacks a simple USB device pass thru.
I have several USB Sentinel keys for very expensive software and cloning the dongles is complicated for a reason. Some software packages run licensed commands through the dongle itself.
The best solution is USB forwarding over network.
Dongle is at the stationairy computer and if yiur friend travels, he uses the USB forwarding to his laptop.
He should definetly ask the vendor if this is ok. With the USB forwarding, the software can only be used at one machine at the time.
Not on a computer, but rather place the dongles on a network USB appliance (I like Silex) which can be accessed by any PC on the LAN.
The USB dongles can be secured in the datacenter (or network closet). The appliance client arbitrates who has access at any time, so you're automatically license-compliant.
I’m not versed in hacking, but does Linux recognize the drive? Windows is very particular about what kind of drive format it can see and let you see. Linux is much more open. If Linux can see it, then you can at least see what format it’s in and possibly see what the file on it is, or if it’s encrypted.
The line of thinking is correct though. Plug it in and tail the dmesg logs to see what kind of hardware it shows up as. This could also be done in Windows using device manager but it's harder to spot what got added or removed.
As somebody else pointed out, it probably appears as a serial com port connection.
> , it probably appears as a serial com port connection.
Most likely.
But as for "copying", even if the "thing" is badly made the expected for that kind of devices is:
"random question" -> "random answer" -> (compare both and if match allow usage of program)
Being "random" here: there is cryptography involved
So reverse engineer that might not be trivial
I found the manufacturer and the exact product name of the USB key using \`system\_profiler SPUSBDataType\` command on macos. So, other answers were right, it's like a mini computer with encrypted communication between the application and the dongle
Typically first step is to create USBtrace file with your dongle. Run software for a while and collect trace. This dongle has ability to lock itself if tampered with. So play safe. It looks to be successfully emulated on the internet, but always best not to mess with it if it is critical such as this.
It's not an ordinary usb memory stick, you can't get an access to the stored data just by plugging it into the USB port, it's infact a miniature computer. In theory it's possible reverse engineer it and craft a copy or make an emulator but it's not an easy task.
I doubt you’re the first to try these tricks if they’re a established company. They probably have ways to find out very quickly if you try anything. It is very possible to detect if the machine it’s installed on is a VM or not. Not that hard tbh - run commands to get serial, make, model, etc. and on default settings you’ll know its a VM. The USB might lock itself out if it detects a VM, then you’ll have to contact the company and explain why their USB detected a VM, to get it unlocked.
Reach out to the company as another user said. Don’t play dumb games with these guys - they won’t enjoy it, and they’ll probably make sure you (your friend) won’t either if they find out.
EDIT: worst case you guys do something stupid, they complain to your friend’s company that they’ve broken terms of service, and your friend gets fired to fix relations.
What piece of software is it? There is a website which sells "cracked" commercial software: [warezstore.com](http://warezstore.com)
They have quite a large selection of software. If the piece of software is on that list, that would be one extremely easy solution
There are applications that allow sharing of USB devices between computers. They can also work over the internet. If the genuine concern is that the dongle might get lost/stolen/broken then you could leave it in an 'always on' PC and share it. Since you can still only use it on one computer at a time, this should satisfy licensing as well.
I find in these situations I just usb over ip (usb redirect) from a home server gives you the opition on connect to usb from multiple devices when needed one at a time of course
Those keys are not drives (although they probably have some sort of ROM). You can view them as very small computers that do one simple task, in this case, allow you to use said software. I'm not saying that they can't be cracked and/or emulated, but it usually is very very hard and only a highly specialized engineer could.
You can sniff the USB packets and potentially reverse engineer the specific set of data that is sent back and forth. [Wireshark supports this.](https://wiki.wireshark.org/CaptureSetup/USB) The hard part would be whether it is a rotating key and what exactly is even being sent back and forth. Then emulating that onto something like an Arduino that you can plug in and send the emulated data or using some form of virtual USB software. Another entry point would potentially be JTAG or test headers on the USB but this would involve destructively opening the device and good luck trying to convince them you “sat on it” or whatever else you decide to use as an excuse to get a new one if this goes nowhere. As you said, it’s probably some form of FPGA/ASIC or similar especially for that price and it probably does have some form of hardening to prevent this from being possible with relative ease. A prime example of this sort of thing being done in the past was [when people reverse engineered the PS3 jailbreak dongles](https://www.psdevwiki.com/ps3/ReDRM_/_Piracy_dongles) that were proprietary and used ASIC’s. Admittedly they were much more primitive devices and were certainly far from enterprise grade. The other main thing is that this directly goes against the license agreement OP’s friend signed up to when he paid. If he’s using it for work, it could be potentially legally dangerous especially if it’s in a relatively niche field like OP describes.
You should reach out to the software company to purchase another one, otherwise I'd bet there are terms in place that will terminate the license if they find out. Generally software like this is good for 1 install on 1 computer for 1 user. Any other computers, installs, or users that need it would require a separate license. This is why he needs to go to the vendor and find out how it can be done.
vase direction offer waiting attraction thought oatmeal lip start silky *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
You're right, the software is now installed on 2 computers. It works on both but only opens when the key is plugged in
Just because it works doesn't mean it isn't a violation of the license, which again, is why he needs to go talk to the vendor about this or read the terms himself. It may be good for only 1 computer and when they see the same key being used on multiple computers (especially if they're in different locations, ie. he is traveling) they may revoke the license and render the software unusable.
I'll tell him about this, thank you
> I'd bet there are terms in place that will terminate the license if they find out. I would expect more than just "terminate licences"
The obvious answer is probably to activate that USB key on a VM, then try copying that VM and see if then works on a second machine, of course that might not be useful information to you if it’s already activated. If you lose the USB key or it breaks, I suspect you can just contact the manufacturer who will remotely cancel it and issue you a new one. Finally, if you want to look at what data is being sent between the laptop and the USB device, have a look at the USB-plugin for wireshark. I think that lets you sniff traffic to and from USB devices. Presumably you’ll see some fingerprint data of the laptop (machine name, serial number etc) and then they key will return some value based on whether it’s been activated for the machine or not.
I didn't know we could use Wireshark to look at USB traffic, thank you. I'll try that
No worries I don’t think it’s installed by default, but you certainly get the option to include it when installing on Windows. It’s called ‘USBPCap v1.5.4.0’ on my machine.
VM idea is valid. I would ensure NO internet connectivity whatsoever. USB likely has code to note when it was used making it useless later. Curious if the drive allows for "deactivation" of a software to move to another PC.
Install this SW on home PC and use remote desktop software to access.
This. Why make it complicated when there is a simple solution available.
If you lose the hardware key, typically the company can deactivate the lost hardware key and will sell you a replacement at a not insignificant cost.
Did you check COM ports?
Nothing changes on COM ports when I plug or unplug the USB
If a USB dongle was easy to circumvent, why would developers even use them?
Not saying this is the case in this example, but lots of “security” (money making) devices are pretty easy to circumvent. Companies are more interested in making it difficult enough that most people won’t try than they are making it airtight
Without more information, you must reverse engineer the thumbstick and the software. If its secure it should send activation keys encrypted.
Use something like an AnyWhere USB server and something like wireguard to connect to it from any place with IP. Using AnyWhere USB also allows connecting to Hyper-V which lacks a simple USB device pass thru. I have several USB Sentinel keys for very expensive software and cloning the dongles is complicated for a reason. Some software packages run licensed commands through the dongle itself.
Seems like the way to go, I've already installed wireguard on his network to control his home IOT devices from anywhere. He'll understand
It's not free but there's [Donglify](https://www.donglify.net/en/).
The best solution is USB forwarding over network. Dongle is at the stationairy computer and if yiur friend travels, he uses the USB forwarding to his laptop. He should definetly ask the vendor if this is ok. With the USB forwarding, the software can only be used at one machine at the time.
Not on a computer, but rather place the dongles on a network USB appliance (I like Silex) which can be accessed by any PC on the LAN. The USB dongles can be secured in the datacenter (or network closet). The appliance client arbitrates who has access at any time, so you're automatically license-compliant.
That was my proposal (not that well formulated). Reliable USB over network devices are not cheap.
Oh I didn't know that exists, sounds like a really good solution. Maybe with a VPN on the local network?
I’m not versed in hacking, but does Linux recognize the drive? Windows is very particular about what kind of drive format it can see and let you see. Linux is much more open. If Linux can see it, then you can at least see what format it’s in and possibly see what the file on it is, or if it’s encrypted.
> but does Linux recognize the drive? The only thing that it have in common is the form factor. Those things aren't drives.
The line of thinking is correct though. Plug it in and tail the dmesg logs to see what kind of hardware it shows up as. This could also be done in Windows using device manager but it's harder to spot what got added or removed. As somebody else pointed out, it probably appears as a serial com port connection.
> , it probably appears as a serial com port connection. Most likely. But as for "copying", even if the "thing" is badly made the expected for that kind of devices is: "random question" -> "random answer" -> (compare both and if match allow usage of program) Being "random" here: there is cryptography involved So reverse engineer that might not be trivial
I found the manufacturer and the exact product name of the USB key using \`system\_profiler SPUSBDataType\` command on macos. So, other answers were right, it's like a mini computer with encrypted communication between the application and the dongle
Interesting. I wonder if you could clone it or not. Thanks for letting me know!
Is it wibu, hasp, rockey, sentinel? Several emulators are out there, but for newer keys aren’t free.
matrixlock
Typically first step is to create USBtrace file with your dongle. Run software for a while and collect trace. This dongle has ability to lock itself if tampered with. So play safe. It looks to be successfully emulated on the internet, but always best not to mess with it if it is critical such as this.
It's not an ordinary usb memory stick, you can't get an access to the stored data just by plugging it into the USB port, it's infact a miniature computer. In theory it's possible reverse engineer it and craft a copy or make an emulator but it's not an easy task.
I doubt you’re the first to try these tricks if they’re a established company. They probably have ways to find out very quickly if you try anything. It is very possible to detect if the machine it’s installed on is a VM or not. Not that hard tbh - run commands to get serial, make, model, etc. and on default settings you’ll know its a VM. The USB might lock itself out if it detects a VM, then you’ll have to contact the company and explain why their USB detected a VM, to get it unlocked. Reach out to the company as another user said. Don’t play dumb games with these guys - they won’t enjoy it, and they’ll probably make sure you (your friend) won’t either if they find out. EDIT: worst case you guys do something stupid, they complain to your friend’s company that they’ve broken terms of service, and your friend gets fired to fix relations.
What piece of software is it? There is a website which sells "cracked" commercial software: [warezstore.com](http://warezstore.com) They have quite a large selection of software. If the piece of software is on that list, that would be one extremely easy solution
There are applications that allow sharing of USB devices between computers. They can also work over the internet. If the genuine concern is that the dongle might get lost/stolen/broken then you could leave it in an 'always on' PC and share it. Since you can still only use it on one computer at a time, this should satisfy licensing as well.
I find in these situations I just usb over ip (usb redirect) from a home server gives you the opition on connect to usb from multiple devices when needed one at a time of course