The problem:
I want to put a piece of software on a USB stick. The software needs to be effectively unusable without the USB stick in the drive, save perhaps for hardware tampering.
The software will not be mass produced; it has niche appeal, and we are therefore talking about maybe 1000-10000 units sold over its lifetime.
The USB stick can be non-standard in some manner, as a standard USB stick is normally user readable. The software will be running from the USB stick without any installation required, and ideally, it must function on computers without an active internet connection.
Is this possible ? Is there any way to achieve this, even to a limited extent ?
Thank you.
You could add a preregistered key to this USB and make it read only.
You can make it a read-only USB stick via software, via hardware or both (google have tons of ways of doing it)
This key could be as complicated as you please, a simple static word saved on a file, or a mathematical function that generates a key based on a common variable (software on the USB stick that runs when requested or when plug in, that generates a key based on the computer uptime for instance, something that can be verified by your software).
Your software only runs when this key is validated. On the software side you can also make it simple (search for a file in all available USBs and read static keys from a file). And you can make it more secure and complex, such as protecting the key with a asynchronous data encryption. And making the software only accept a specific versions or meta data coming from the USB device connected to the computer before reading the key from it, such as a specific serial number, driver and model name, (to make sure is one of yours).
All those things though can be hacked if a person wants to. Offline security validations are hardly failproof, but definitely you can keep most average ppl out of the loop.
You only need to evaluate how difficult you think is worth making it to crack. depends on your public and how bad it is to you if it is cracked (think about how many hours and effort a guy need to employ to be able to crack it, and if you believe that is more than what your target is willing to spend than you are probably safe)