At 19:43 04/06/01 +0000, you wrote: >I'm looking for any information on incorporating dongles into a software >package for copy protection. In particular, I'm looking for information on >the Rainbow Technologies Sentinel, but advice on dongle-based copy >protection in general is appreciated. > >How easy/difficult is it to break this kind of copy-protection? Are there >any known weaknesses in the dongle-type systems themselves (as opposed to >implementation weaknesses?) > This site provides an overview of actual weaknesses in several popular dongle systems, although nothing technical can be found here :- http://www.soft-analysts.com/applications.html >Are there any dongle-based protection schemes that have been cracked, and >if so, how? (A pointer to a URL would be appreciated, if you have it.) HASP 3 was cracked in about 1998 AFAIK, by dumping the memory of the dongle and eventually finding, through luck/judgement/zen, 2 magic lookup tables. Read more about it (mostly quite technical) here:- http://hackjaponaise.cosm.co.jp/archives/websites/fravia/bayu_2.htm Also of interest, in terms of your 'how?' question, is this:- http://hackjaponaise.cosm.co.jp/archives/websites/fravia/project3.htm As you correctly state, the weakest point is the software developer's implementation of the dongle's APIs. It is interesting to note that in several articles I have just been reading, the crackers themselves advise that the developers/company would save a great deal of time and money by not using dongles, and instead implementing a keyfile or other method of copy protection. Obviously these are also vulnerable to attack, but if the dongle developer has not written his code well, a keyfile would actually cause a cracker a lot more trouble. Of interest in terms of dongles in general is the fact that late last year, under a ruling by the DCMA title "Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies", it is perfectly legal to reverse engineer and patch dongle protected programs, and not only that, but you will encounter several legal companies offering this 'service' http://cryptome.org/dmca102700.txt I would disagree with Jonah's comment that "many hackers can easily make dongle emulators for various packages" - AFAIK it had been done a few times, but even amongst the very best, dongles remain the Everest of cracking. Cheers, Ben > >Thanks in advance. > >HAL > > >---------- >Get your FREE download of MSN Explorer at ><http://explorer.msn.com>http://explorer.msn.com http://benmeg.com Home 020 8892 8744 PGP: 5950 6447 2FB2 3314 F57D 82B2 7EF8 B51A 2DE5 5E08 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 12:58:21 PDT