From: "Ryan Permeh" <ryanat_private> > > etc. But basically, if the code is crypted, and the key comes from a > transformation on the fob, you really don't do "compares". it's key info, > not compare info. do not use fobs for handling yes/no issues. use them to > generate keys as appropriate to decode stuff. This forces an attack on the > crypto transforms on the key, which makes softice worthless, and makes the > attacker use more traditional methods (real ice, anti hardware tactics, > etc). > This is not a true. All the cracker has to do is just buy one license, step through (with a debugger) the decrypting process and store each of the decrypted code segments. Then assemble everything, patch any checks left for the dongle, and distribute the unprotected software. Where's the crypto attack? cheers, max/ -- Maximiliano Caceres - max@core-sdi.com Head Engineer - Core SDI http://www.core-sdi.com 837f 5c16 635b 670c 0b2f c29e 2216 a37f 2f68 7bf6 --- For a personal reply use max@core-sdi.com
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 12:11:27 PDT