mellanox switches included an executable keygen in their firmware bundle. It could be used to both generate a key (given feature set) combined with a secret, but could also be used to validate what features a given key gave you (using the secret). Hence, the secret was stored in the binary and was easily visible with strings and one could then just use the tool itself to generate keys.
Sort of reminds me of the DEC PAKGEN tool to generate licenses for the VMS license management facility, which DEC distributed so third-party software vendors could issue licenses for their own software.
To prevent vendor A from creating licenses for vendor B's products, each DEC-issued PAKGEN license only authorized license generation for a specific named vendor's products.
As with all other DEC-supplied VMS software, PAKGEN was licensed through the VMS license management facility.
Thus if you could somehow get a PAKGEN license for the vendor name "DEC", you could use it to generate licenses for arbitrary DEC products.
Including PAKGEN itself.
And you could therefore generate licenses authorizing PAKGEN to generate licenses for arbitrary vendors' products.