Re: How secure are dongles for copy-protection?

From: shampsterat_private
Date: Mon Jun 04 2001 - 23:02:56 PDT

Next message: Golden_Eternity: "RE: Is ipchains -y secure enough?"

Previous message: Victor A. Rodriguez: "Re: How secure are dongles for copy-protection?"
In reply to: Harold Thimm: "How secure are dongles for copy-protection?"
Next in thread: Felix Huber: "Re: How secure are dongles for copy-protection?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 4 Jun 2001, Harold Thimm wrote:

> I'm looking for any information on incorporating dongles into a software
> package for copy protection. In particular, I'm looking for information
> on the Rainbow Technologies Sentinel, but advice on dongle-based copy
> protection in general is appreciated.
>
> How easy/difficult is it to break this kind of copy-protection? Are there
> any known weaknesses in the dongle-type systems themselves (as opposed to
> implementation weaknesses?)

Dongle protected applications are (at least were) always fairly easy
targets.  One can typically just set breakpoints on
serial/parallel IO events and follow the code back to the
application/dongle API level.  At that point it doesn't matter that your
protection scheme has a 'hardware' element to it.

If you are planning on just using a 'IsDongleHere()' -- you typically
only need to change one byte to turn a conditional jump into an
unconditional one to break the protection.  More complex schemes, that
store data on the key itself -- only raise the bar slightly, since it's
usually pretty easy to see what needs to be force-fed back to the
application to make it happy.  Reading the time off the dongle (for
time-limited protection schemes) are equally hackable due to it being so
easy to set breakpoints on serial/parrallel IO events.

Without knowing more details about what you are trying to accomplish --
I'd suggest using some form of proven cryptography system as your method
of implementation.

Look at http://www.searchlores.org/protec/protec.htm
 . . . and STFW for old fravia.org essays on reversing dongled
applications.

>
> Are there any dongle-based protection schemes that have been cracked, and
> if so, how? (A pointer to a URL would be appreciated, if you have it.)

I haven't yet heard of one that _hasn't_ been cracked.
The best way to learn how to protect your software is to learn how to
reverse software yourself.

>
> Thanks in advance.
>
> HAL
>
> ________________________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>

Next message: Golden_Eternity: "RE: Is ipchains -y secure enough?"
Previous message: Victor A. Rodriguez: "Re: How secure are dongles for copy-protection?"
In reply to: Harold Thimm: "How secure are dongles for copy-protection?"
Next in thread: Felix Huber: "Re: How secure are dongles for copy-protection?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 10:03:37 PDT