Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How secure are dongles for copy-protection?

From: "Maximiliano Caceres" <core.lists.pentest () core-sdi com>
Date: 6 Jun 2001 12:11:15 -0300

From: "Ryan Permeh" <ryan () eEye com>


etc.  But basically, if the code is crypted, and the key comes from a
transformation on the fob, you really don't do "compares".  it's key info,
not compare info.  do not use fobs for handling yes/no issues.  use them

to

generate keys as appropriate to decode stuff.  This forces an attack on

the

crypto transforms on the key, which makes softice worthless, and makes the
attacker use more traditional methods (real ice, anti hardware tactics,
etc).



This is not a true. All the cracker has to do is just buy one license, step
through (with a debugger) the decrypting process and store each of the
decrypted code segments. Then assemble everything, patch any checks left for
the dongle, and distribute the unprotected software.

Where's the crypto attack?

cheers,
max/

--
Maximiliano Caceres - max () core-sdi com
Head Engineer - Core SDI
http://www.core-sdi.com
837f 5c16 635b 670c 0b2f  c29e 2216 a37f 2f68 7bf6




--- For a personal reply use max () core-sdi com
Previous By Date Next
Previous By Thread Next

Current thread: