How to record a serial number in an executable?

Question

I am trying to secure an application to only run from a specific USB disk. I have code to get the serial number from the device, but the only way I can make this work the way I want to is to manually code the serial number into the binary. Is there a way I could make a stub application that would modify the existing binary to insert the serial number into it after it's compiled? I've seen this done in C++ in the past, but that was a long time ago and I cant quite remember how we did it back then.

Answer 1

Storing it in the assembly is a bad idea. Here is what I would do (and have done similar in the past):

1. Be sure you are signing your assemblies.
2. Create an XML document that contains your licensing data - in your case the serial number of the USB device.
3. Utilize the SignedXml library in .NET (implements XMLDSIG) to sign the licensing XML document that contains the serial number. You will use the same private key that is used to sign the assembly.
4. When your app starts up, it verifies that the signature of the XML file is valid using the public key that it was signed with (and is embedded in the assembly).

Obviously you don't ship your private key, so if the app needs to generate the XML config file itself (rather than it be a file you ship to the user) you will need to implement a web service.