RE: How secure are dongles for copy-protection?

["Pedro Hugo" <fractalg () highspeedweb net>]

Hi,
Maybe a bit offtopic but I got interested in this
"Also, keep in mind that if you use off the shelf componenets for your
dongle/algorithm, someone spending the time and money to crack yours may
in turn crack all derivitive and corrolated products, making the worth
of cracking your scheme potentially more valuable than just cracking
your software(ie, look at the decss scenario.  one implementation fell,
and with that information, all soon fell)."

If you saying bad things about off the shelf protections you does eEye
uses off the shelf protections in their software to prevent the lazy
"crackers" to crack your trials ? If I'm not mistaken you guys are using
PCGUARD (or maybe it's ASPACK)... Whatever is it, it's of course cracked
in a hurry by the warez scene...
Ok we all now software protection is a bit of a lost battle because we
should always keep in mind that 'if it run's it's crackable'. This being
held true for the latest years and should keep for the next ones :). So
why you guys do not develop some new stuff to protect your software and
offer some new solutions to your customers ?
About cryptology, lately the shareware world is invaded by crypto algos
like RSA but most implementations are weak and fail. The same idea goes
for dongles. Most implementations of dongles in software are weak with
examples like a simple jne check and it's cracked. Most software vendors
just don't keep enough time to study the dongle and implement it in a
good way. If the dongle is used in a good way, then it can give some
hard time to crack it. The usual is plug and pray the dongles and off we
go :)
Hum... maybe I got lost in my ideas :)
Now some goodies for people interested in the reverse engineering world.
www.suddendischarge.com (the unpackers heaven)
zencrack2.cjb.net (crackz website ! very good info on dongles)
tsehp.cjb.net (the old fravia site now maintained by tsehp! - another
good place)

Best Regards,
Pedro Hugo

-------------------------------------------------------
Pedro Hugo
Director of Unix Server Administration
Director of Ecommerce Solutions for Genesis II Networks
HighSpeedWeb Support Team
fractalg () highspeedweb net
ICQ # 38178251
http://www.highspeedweb.net
Genesis II Networks LLC
I-Business card at http://www.genesis2net.com/g2n
-------------------------------------------------------

 

-----Original Message-----
From: Ryan Permeh [mailto:ryan () eEye com] 
Sent: terça-feira, 5 de Junho de 2001 19:24
To: Felix Huber; Penetration Testers
Subject: Re: How secure are dongles for copy-protection?


the only types of dongle protection that don't completely suck are those
that take information from the machine and perform a specific set of
operations on the dongle(prefereably a cryptographic operation, a hash
or
crypte/decrypt) purely in hardware on the dongle.  This means that the
cracker either has to reverse the entire crypto algorithm(using black
box techniques like known plaintext attacks), including finding the
keyed value on the dongle, or use a hardware lab to actually reverse the
hardware.  This has been doen a few times, by both academic groups and
security groups like atstake.  you don't only want to look at dongle
research, but also smartcard research and all of the other hardware
authentication methods since most of the techniques to authenticate a
user using a fob and authenticating software using a fob are basically
the same.

This basically works down to a time/money scheme, just like most crypto
adversary equations.  Is the data you are protecting(you program in this
sense) worth the value of spending time and money to protect in this
manner? will an adversary think it valueable enough to do the work to
break this scheme?  This is all assuming a "perfect" implementation, of
course, where breaking the algorithm/key on the dongle is the easiest
way in, and not just subverting control of the application.  Also, keep
in mind that if you use off the shelf componenets for your
dongle/algorithm, someone spending the time and money to crack yours may
in turn crack all derivitive and corrolated products, making the worth
of cracking your scheme potentially more valuable than just cracking
your software(ie, look at the decss scenario.  one implementation fell,
and with that information, all soon fell).


Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer

----- Original Message -----
From: "Felix Huber" <huberfelix () webtopia de>
To: "Penetration Testers" <PEN-TEST () SECURITYFOCUS COM>
Sent: Tuesday, June 05, 2001 4:05 AM
Subject: Re: How secure are dongles for copy-protection?


> Hi,
>
> of course - the most dongle checks were cracked. I have seen 3DSMax 
> and other... For more information: 
> http://www.google.com/search?q=3Ddongle+cracked
>
>
>
> Regards,
> Felix Huber
>
>
> -------------------------------------------------------
> Felix Huber, Web Application Programmer, Webtopia
> Guendlinger Str.2, 79241 Ihringen - Germany
> huberfelix () webtopia de     (07668)  951 156 (phone)
> http://www.webtopia.de     (07668)  951 157 (fax)
>                                          (01792)  205 724 (mobile)
> -------------------------------------------------------
>   ----- Original Message -----=20
>   From: Harold Thimm=20
>   To: pen-test () securityfocus com=20
>   Sent: Monday, June 04, 2001 9:43 PM
>   Subject: How secure are dongles for copy-protection?
>
>
>   I'm looking for any information on incorporating dongles into a = 
> software package for copy protection. In particular, I'm looking for =

> information on the Rainbow Technologies Sentinel, but advice on = 
> dongle-based copy protection in general is appreciated.
>
>   How easy/difficult is it to break this kind of copy-protection? Are 
> = there any known weaknesses in the dongle-type systems themselves (as

> = opposed to implementation weaknesses?)=20
>
>   Are there any dongle-based protection schemes that have been 
> cracked, = and if so, how?=20
>
>
>
>   (A pointer to a URL would be appreciated, if you have it.)
>
>   Thanks in advance.
>
>   HAL