There is no protocol that can't be faked with sufficiently fast bit-banging and a bit of glue circuitry to match the electricals. The question kind of makes me want to look into a CPLD/FPGA based software definable USB chip that doesn't do anything besides just puke up whatever serial number you set. Would be an opportunity to learn how to do those, too...
-p On Fri, Oct 24, 2008 at 2:48 PM, Andrew Becherer <[EMAIL PROTECTED]>wrote: > > On Fri, Oct 24, 2008 at 2:30 PM, Brian T. Rice <[EMAIL PROTECTED]> > wrote: > > > > See: https://256.makerslocal.org/wiki/index.php/USB_Auth > > (Ignore the SSL certificate warning.) > > > > The device reads the USB chip serial ID so it's not easily software- > > mockable. > > I've been wondering about that all day. Is it really not easily > software-mockable? I'm wondering what it would take to create a > "software defined" usb device capable of spoofing serial IDs. I have > noted a number of people using the USB ID for everything from lock > systems, to software protection tokens to OS login devices. This is > something I would like to look into. It doesn't seem safe to me. > > (If I were to undertake a project like this I would use public key crypto) > > -- > Andrew Becherer > > > > --~--~---------~--~----~------------~-------~--~----~ Website: http://saturdayhouse.org/ Post: [email protected] Unsubscribe: [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
