How to get the serial number (and more) from an ftdi chip
Dave Scanlan
Posts: 160
[color=#008000][color=#008000]' HOW TO GET THE SERIAL NUMBER (AND MORE) FROM AN FTDI CHIP ' ' (VISUAL BASIC.NET 2005) '*************************************************************************************** 'IMPORTANCE: This example illustrates reading the manufacture's data on an FTDI chip. ' If a programmer can access the serial number on a FTDI chip used ' on a device such as a USB RFID reader, the programmer can protect ' the software from improper distribution. The software would then ' be useless without that specific RFID reader. ' 'REQUIREMENTS: (1) Microsoft Framework to at least Version 3.0. ' (2) Visual Basic.Net 2005 ' (3) Visual Basic.Net 2008 (NOT TESTED, BUT SHOULD WORK OK) ' (4) REFERENCES to both FTChipIDNet.dll and FTChipID.dll ' NOTE: These dll's have been stored in the Bin\Debug directory. '*************************************************************************************** 'WHAT ID DATA ARE READ FROM THE ATTACHED FTDI CHIPS IN THIS EXAMPLE? ' (1) The number of USB devices using FTDI chips ' (2) Serial Number ' (3) Description ' (4) USB port location ' (5) Chip ID number ' NOTE: THE USB PORT MUST BE "CLOSED" WHEN READING FTDI CHIPS. ' ' Submitted by: Dave Scanlan ' Date of submission: December 9, 2009 ' ' Many thanks to Chris Savage (Parallax) for his helpful comments as to where to find ' the necessary dll's and programming information. ' ' The author/s assume/s no responsibility for the use of this code. This code is for ' educational purposes only. ''************************************************************************************** [/color][/color]
SEE THE FILE BELOW FOR THE CODE
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
661 x 347 - 41K
Comments
Stop by some time and say hello, okay? We need to show you what's been changing at Parallax. And, I don't think we saw you at the UPEW meeting last June, either.
Welcome!
Ken Gracey
Parallax Inc.
Thanks for the nice welcome back! It's great to be interacting again with my favorate company: Parallax.
When the semester is over, or before, I will take you up on your offer.
Dave Scanlan
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chris Savage
Parallax Engineering
Check out the new Savage Circuits TV!
·
Your help was appreciated and it's lots of fun getting involved again.
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
Thank you for the information. This opens up some interesting opportunities in the 'identification/protection' arena.
BTW -->' You must ADD a REFERENCE to FTChipIDNet.dll and FTChipID.dll in order to use this example.
I didn't have to do this, the app ran just fine.
Regards,
DJ
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
-Phil
When I teach courses on information systems, my main mantra is: ·"There is no such thing as a secure information system."
It is true that the serial numbering system on the FTDI chip only gives minor security benefits. However, the developer can achieve a much higher level of security with·extremely obfuscated source code. (See URL below.)·
http://sharptoolbox.com/categories/code-protectors-obfuscators
http://www.vilabs.com/(X(1)S(j2meha45vi5c5145kulrdbyx))/solutions/codetheft.aspx?gclid=CKa54NqK1J4CFShGagodBSuasA&AspxAutoDetectCookieSupport=1
Hopefully, unleashing one's creativity can make theft of the source code a very time-consuming·and expensive process.· I can think of four or five more ways to improve security that involve online updating and hidden code. If· we put our heads together, I am sure we could add six or·seven more ways.
BUT, as you know, there is no perfect solution to the potential theft·of·source code.· The idea is to make the theft process difficult and expensive, and to keep the source code program price below the price of the time and effort required to steal the source code.
In summary, having access to the FTDI chip's serial· number along with creative software security solutions will help deter theft.
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
Post Edited (Dave Scanlan) : 12/14/2009 1:43:52 AM GMT
If you were to use the code in another application, you would need to reference those two DLL's I listed.· The reason my code ran ok was because the two DLL's were already referenced in my program.· I should have been clearer.
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
Mr. Pi - "...those that don't know about MPROG." That's actually what I was thinking. The large target-market of my project definitely include non-technical people who would have no clue about the project's inner workings or the external tools available.
And yes, twiddling the FTDI info would just limit the amount piracy...but anything is betting than nothing?
DJ
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Post Edited (davejames) : 12/14/2009 4:58:19 PM GMT
RE: THE JACKPOT
With further research I found what we have been looking for: a unique and permanent ID on the FTDI chip. The chip's ID which can be read, using the program I submitted on this thread, is unique and permanent.
With this Chip-ID and an obfuscator, good protection for a developer's software can be provided. When I wrote the program, I did not know the properties of Chip-ID, but I had my suspicions.
http://www.ftdichip.com/Projects/FTDIChip-ID.htm
More security:
http://www.ftdichip.com/Documents/ProgramGuides/SafeGuard%20IT%20V1.0%2009_08_07.pdf
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
Post Edited (Dave Scanlan) : 12/17/2009 4:17:12 AM GMT
This is good news!
DJ
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chris Savage
Parallax Engineering
Check out the new Savage Circuits TV!
·
Hi Chris,
The Serial Number is the changeable number and the Chip-ID is the unique and permanent one.· The word "unique" is used to describe the Chip-ID, thus it is not just a part number, and the number is permanent...it can't be changed.
It is (optionally)·up to the distributer to set the Serial Number to whatever value the distributer desires,·if they indeed want to change it from the factory settings.
Great protection for the developer.
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
Thank-you for providing this nice VB.NET code example. I also seemed to miss the fact that a unique ID was created for each device by the manufacturer. I can certainly see this as being of use to tie hardware to PC side application software.
With regards
Mike.
Post Edited (Todd Chapman) : 12/19/2009 6:13:15 PM GMT
Thanks for the appreciation.
I plan to use the Chip-ID for tying my software to the device·for·protection and the changeable Serial Number as the device Serial Number that I will program starting with "xxx0001".
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
With both Spin and its assembly, I see no reason why one could not access the Chip-ID.
You will need to do some "digging" around.· Perhaps FTDI Corp might give you the roadmap, and·you supply the code.
Great project for Prop lovers.
Dave
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
··
Second is to simply program a PIC or AVR with a full-speed USB interface to emulate an FTDI chip and return the serial number of your choice. By looking at the driver code in the Linux kernel, you can very quickly get a handle on the URB structure required to emulate the device. You'd probably even manage it on the Propeller in Windows, as Windows does not obey the non-bulk endpoints for LOW_SPEED USB rules. The FTDI drivers are not incredibly fussy about what they walk to, as long as the urb's are formatted correctly.
Whatever man can create, man can undo.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Life may be "too short", but it's the longest thing we ever do.
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Chris Savage
Parallax Engineering
Check out the new Savage Circuits TV!
·