Penetration Testing mailing list archives
Re: How secure are dongles for copy-protection?
From: <shampster () mail 3xT org>
Date: Mon, 4 Jun 2001 23:02:56 -0700 (PDT)
On Mon, 4 Jun 2001, Harold Thimm wrote:
I'm looking for any information on incorporating dongles into a software package for copy protection. In particular, I'm looking for information on the Rainbow Technologies Sentinel, but advice on dongle-based copy protection in general is appreciated. How easy/difficult is it to break this kind of copy-protection? Are there any known weaknesses in the dongle-type systems themselves (as opposed to implementation weaknesses?)
Dongle protected applications are (at least were) always fairly easy targets. One can typically just set breakpoints on serial/parallel IO events and follow the code back to the application/dongle API level. At that point it doesn't matter that your protection scheme has a 'hardware' element to it. If you are planning on just using a 'IsDongleHere()' -- you typically only need to change one byte to turn a conditional jump into an unconditional one to break the protection. More complex schemes, that store data on the key itself -- only raise the bar slightly, since it's usually pretty easy to see what needs to be force-fed back to the application to make it happy. Reading the time off the dongle (for time-limited protection schemes) are equally hackable due to it being so easy to set breakpoints on serial/parrallel IO events. Without knowing more details about what you are trying to accomplish -- I'd suggest using some form of proven cryptography system as your method of implementation. Look at http://www.searchlores.org/protec/protec.htm . . . and STFW for old fravia.org essays on reversing dongled applications.
Are there any dongle-based protection schemes that have been cracked, and if so, how? (A pointer to a URL would be appreciated, if you have it.)
I haven't yet heard of one that _hasn't_ been cracked. The best way to learn how to protect your software is to learn how to reverse software yourself.
Thanks in advance. HAL ________________________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- How secure are dongles for copy-protection? Harold Thimm (Jun 04)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ben Meghreblian (Jun 05)
- <Possible follow-ups>
- RE: How secure are dongles for copy-protection? Jonah Kowall (Jun 05)
- Re: How secure are dongles for copy-protection? Victor A. Rodriguez (Jun 05)
- Re: How secure are dongles for copy-protection? Felix Huber (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)
- RE: How secure are dongles for copy-protection? Pedro Hugo (Jun 05)
- RE: How secure are dongles for copy-protection? c0ncept (Jun 05)
- Re: How secure are dongles for copy-protection? Jordan Frank (Jun 06)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 06)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)