How do I get the Windows Surface unique Device ID?.
I tried the below API but device ID is changing based on Bluetooth settings:
HardwareIdentification.getPackageSpecificToken(nonce)
As answered here,
Windows.System.Profile.HardwareIdentification.GetPackageSpecificToken(null).Id
converted to a String will work to get the ID. Not sure if this is best practice, but it works nonetheless.
The ID is designed to change if certain system characteristics differ, you can parse out the members you wish to ignore.
However, the ASHWID changes if the hardware profile of the device
changes, such as when the user unplugs a USB Bluetooth adapter. The
back-end cloud service can verify the ASHWID and compare it with
previously reported values. Though the ASHWID varies, it can be parsed
to detect if the variance was simply due to a minor change such as an
addition of memory to the system
http://msdn.microsoft.com/en-us/library/windows/apps/jj553431.aspx
Related
I am trying to write a PC application (Windows, .NET) that identifies students on the basis of some card equipped with RFID identification to build lecture attendance registers. Currently I have a Stronglink SL040A RFID reader (http://www.stronglink-rfid.com/en/rfid-modules/sl040.html), which operates as a HID and sends the data as a series of keystrokes.
The system works perfectly with older cards like Mifare 1K classic (even with PayPass credit cards). The new student cards (and identity cards) issued by the Hungarian authorities, however, contain Mifare PlusX 4K chips, which seem to send a new key every time one uses the card. I have tried experimenting with the settings the configuration tool of the reader offers, but to no avail. I can make the 1K classic cards send a much longer key by changing the end block parameter but the PlusX 4K keeps sending the shorter, and painfully non-consistent, keys.
I am a physicist without a deeper understanding of these chips and RFID authentication in general – I am just trying to make a job done that seemed easy at the beginning. I have no intention of cracking or abusing these cards in any way, I am just trying to find some block of data on the card that stays consistent upon each use, does not require complicated authentication protocols but is unique between different cards.
Is it possible or is it against the philosophy of these chips? If possible, shall I have to buy a new reader or can I make it do what I need?
Your thoughts are much appreciated.
From the MiFare PlusX 4K datasheet:
Section 8.2:
There are three different versions of the PICC. The UID is programmed into a locked part
of the NV-memory reserved for the manufacturer:
• unique 7-byte serial number
• unique 4-byte serial number
• non-unique 4-byte serial number
Due to security and system requirements, these bytes are write-protected after being
programmed by the PICC manufacturer at production.
...
During personalization, the PICC can be configured to support Random ID in security
level 3. The user can configure whether Random ID or fixed UID shall be used. According
to ISO/IEC 14443-3 the first anticollision loop (see Ref. 5) returns the Random Number
Tag 08h, the 3-byte Random Number and the BCC, if Random ID is used. The retrieval of
the UID in this case can be done using the Virtual Card Support Last command, see
Ref. 3 or by reading out block 0.
From what you have described, it appears that the cards are running in Security Level 3, and unfortunately, the backwards-compatible part of the card only exists at lower security levels. The mentioned command of Virtual Card Support Last is also only available after level 3 authentication.
I'm afraid what you want to do appears impossible unless you can use the ISO/IEC 14443-4 protocol layer, which I think would let you authenticate at level 3? The relevant data appears to be in section 8.7, and involves AES authentication.
My data set is pretty basic. Lets assume I have a document with device data, and I have additional documents with associated ports, hardware modules, etc. This data is larger than the 20MB document limit, and I also don't want to pull a huge document to make a change to small detail on a port anyway. Device details are kept in the device document, like its location, name, hardware type etc.
I can easily use views to get ports associated to a device, hardware pieces, etc. Thats no problem at all, parameterized views help with this basic listing. However, for a larger complex search I would have to either have a view for most popular values, and pull down entire documents for more complex searches, which gets unsustainable really fast. I would have to pull all devices in location dallas, and then pull all ports of type available for each device, pull the document if I want a detail thats not in the view, etc. Tons of memory consumption and slow.
Does elastic search provide the capabilities required to say, search for a document of type server with location dallas that has ten or more documents linked back to it of type port with status as available, media type fiber etc?
I hope this makes sense. Thanks!
I created an AIR app which sends an ID to my server to verify the user's licence.
I created it using
NetworkInfo.networkInfo.findInterfaces() and I use the first "name" value for "displayName" containing "LAN" (or first mac address I get if the user is on a MAC).
But I get a problem:
sometime users connect to internet using an USB stick (given from a mobile phone company) and it changes the serial number I get; probably the USB stick becomes the first value in the vector of findInterfaces().
I could take the last value, but I think I could get similar problems too.
So is there a better way to identify the computer even with this small hardware changes?
It would be nice to get motherboard or CPU serial, but it seems to be not possible. I've found some workaround to get it, but working on WIN and not on a MAC.
I don't want to store data on the user computer for authentication to set "a little" more difficult to hack the software.
Any idea?
Thanks
Nadia
So is there a better way to identify the computer even with this small hardware changes?
No, there is no best practices to identify personal computer and build on this user licensing for the software. You should use server-side/licensing-manager to provide such functional. Also it will give your users flexibility with your desktop software. It's much easier as for product owner (You don't have call center that will respond on every call with changed Network card, hard drive, whatever) and for users to use such product.
Briefly speaking, user's personal computer is insecure (frankly speaking you don't have options to store something valuable) and very dynamic environment (There is very short cycle on the hardware to use it as part of licensing program).
I am in much the same boat as you, and I am now finally starting to address this... I have researched this for over a year and there are a couple options out there.
The biggest thing to watch out for when using a 3rd party system is the leach effect. Nearly all of them want a percentage of your profit - which in my mind makes it nothing more than vampireware. This is on top of a percentage you WILL pay to paypal, merchant processor, etc.
The route I will end up taking is creating a secondary ANE probably written in Java because of 1) Transitioning my knowledge 2) Ability to run on various architectures. I have to concede this solution is not fool proof since reverse engineering of java is nearly as easy as anything running on FP. The point is to just make it harder, not bullet proof.
As a side note - any naysayers of changing CPU / Motherboard - this is extremely rare if not no longer even done. I work on a laptop and obviously once that hardware cycle is over, I need to reregister everything on a new one. So please...
Zarqon was developed by: Cliff Hall
This appears to be a good solution for small scale. The reason I do not believe it scales well based on documentation (say beyond a few thousand users) is it appears to be a completely manual process ie-no ability to tie into a payment system to then auto-gen / notify the user of the key (I could be wrong about this).
Other helpful resources:
http://www.adobe.com/devnet/flex/articles/flex_paypal.html
Just a quick question I have built the following code:
http://letterpool.testmode.co.uk/map.html
However with some users I am getting reports that people are getting around a 200-300 meter of their actual location.
Does any one know why ?
The W3C Geolocation API, which you're using to locate users on the test map, is intentionally agnostic to the method the browser uses to locate the device. This is a useful convenience since devices vary widely on how they locate (GPS, WiFi triangulation, cell tower triangulation, IP geolocation, manual entry, etc.) and your website probably doesn't want to deal with all of those details.
However, if you're not happy with the accuracy, there are a few options you can take advantage of that may help. The enableHighAccuracy option will hint to the device that it should prefer to use up a little more power in order to get a more precise location. You're currently using the latitude and longitude of the return value, but the API also returns an accuracy value, so you can see whether the position you're receiving is precise or not. You could also use watchPosition which will continually update the location and may eventually get a precise enough fix for your purposes (most mobile devices tend to start with low accuracy and get more refined over a few seconds or minutes).
Because geo-location is not accurate and never has been. They are probably getting the location of the closest junction box.
With me, it found the data center where my ISP operates from - miles away.
See this article.
Geolocation of course depends on the available position measurement methods. If the browser only has the IP address then it will be very inaccurate, but if it has access to a a GPS device like in a smartphone it will be pretty good.
A friend of mine brought up this questiont he other day, he's recently bought a garmin heart rate moniter device which keeps track of his heart rate and allows him to upload his heart rate stats for a day to his computer.
The only problem is there are no linux drivers for the garmin USB device, he's managed to interpret some of the data, such as the model number and his user details and has identified that there are some binary datatables essentially which we assume represent a series of recordings of his heart rate and the time the recording was taken.
Where does one start when reverse engineering data when you know nothing about the structure?
I had the same problem and initially found this project at Google Code that aims to complete a cross-platform version of tools for the Garmin devices ... see: http://code.google.com/p/garmintools/. There's a link on the front page of that project to the protocols you need, which Garmin was thoughtful enough to release publically.
And here's a direct link to the Garmin I/O specification: http://www.garmin.com/support/pdf/IOSDK.zip
I'd start looking at the data in a hexadecimal editor, hopefully a good one which knows the most common encodings (ASCII, Unicode, etc.) and then try to make sense of it out of the data you know it has stored.
As another poster mentioned, reverse engineering can be hairy, not in practice but in legality.
That being said, you may be able to find everything related to your root question at hand by checking out this project and its' code...and they do handle the runner's heart rate/GPS combo data as well
http://www.gpsbabel.org/
I'd suggest you start with checking the legality of reverse engineering in your country of origin. Most countries have very strict laws about what is allowed and what isn't regarding reverse engineering devices and code.
I would start by seeing what data is being sent by the device, then consider how such data could be represented and packed.
I would first capture many samples, and see if any pattern presents itself, since heart beat is something which is regular and that would suggest it is measurement related to the heart itself. I would also look for bit fields which are monotonically increasing, as that would suggest some sort of time stamp.
Having formed a hypothesis for what is where, I would write a program to test it and graph the results and see if it makes sense. If it does but not quite, then closer inspection would probably reveal you need some scaling factors here or there. It is also entirely possible I need to process the data first before it looks anything like what their program is showing, i.e. might need to integrate the data points. If I get garbage, then it is back to the drawing board :-)
I would also check the manufacturer's website, or maybe run strings on their binaries. Finding someone who works in the field of biomedical engineering would also be on my list, as they would probably know what protocols are typically used, if any. I would also look for these protocols and see if any could be applied to the data I am seeing.
I'd start by creating a hex dump of the data. Figure it's probably blocked in some power-of-two-sized chunks. Start looking for repeating patterns. Think about what kind of data they're probably sending. Either they're recording each heart beat individually, or they're recording whatever the sensor is sending at fixed intervals. If it's individual beats, then there's going to be a time delta (since the last beat), a duration, and a max or avg strength of some sort. If it's fixed intervals, then it'll probably be a simple vector of readings. There'll probably be a preamble of some sort, with a start timestamp and the sampling rate. You can try decoding the timestamp yourself, or you might try simply feeding it to ctime() and see if they're using standard absolute time format.
Keep in mind that lots of cheap A/D converters only produce 12-bit outputs, so your readings are unlikely to be larger than 16 bits (and the high-order 4 bits may be used for flags). I'd recommend resetting the device so that it's "blank", dumping and storing the contents, then take a set of readings, record the results (whatever the device normally reports), then dump the contents again and try to correlate the recorded results with whatever data appeared after the "blank" dump.
Unsure if this is what you're looking for but Garmin has created an API that runs with your browser. It seems OSX is supported, as well as Windows browsers... I would try it from Google Chromium to see if it can be used instead of this reverse engineering...
http://developer.garmin.com/web-device/garmin-communicator-plugin/
API Features
Auto-detection of devices connected to a computer Access to device
product information like product name and software version Read
tracks, routes and waypoints from supported recreational, fitness and
navigation devices Write tracks, routes and waypoints to supported
recreational, fitness and navigation devices Read fitness data from
supported fitness devices Geo-code address and save to a device as a
waypoint or favorite Read and write Garmin XML files (GPX and TCX) as
well as binary files. Support for most Garmin devices (USB, USB
mass-storage, most serial devices) Support for Internet Explorer,
Firefox and Chrome on Microsoft Windows. Support for Safari, Firefox
and Chrome on Mac OS X.
Can you synthesize a heart beat using something like a computer speaker? (I have no idea how such devices actually work). Watch how the binary results change based on different inputs.
Ripping apart the device and checking out what's inside would probably help too.