Penetration Testing mailing list archives
Re: How secure are dongles for copy-protection?
From: Ben Meghreblian <benmeg () benmeg com>
Date: Tue, 05 Jun 2001 18:07:50 +0100
At 19:43 04/06/01 +0000, you wrote:
I'm looking for any information on incorporating dongles into a software package for copy protection. In particular, I'm looking for information on the Rainbow Technologies Sentinel, but advice on dongle-based copy protection in general is appreciated.How easy/difficult is it to break this kind of copy-protection? Are there any known weaknesses in the dongle-type systems themselves (as opposed to implementation weaknesses?)
This site provides an overview of actual weaknesses in several popular dongle systems, although nothing technical can be found here :- http://www.soft-analysts.com/applications.html
Are there any dongle-based protection schemes that have been cracked, and if so, how? (A pointer to a URL would be appreciated, if you have it.)
HASP 3 was cracked in about 1998 AFAIK, by dumping the memory of the dongle and eventually finding, through luck/judgement/zen, 2 magic lookup tables. Read more about it (mostly quite technical) here:- http://hackjaponaise.cosm.co.jp/archives/websites/fravia/bayu_2.htm
Also of interest, in terms of your 'how?' question, is this:- http://hackjaponaise.cosm.co.jp/archives/websites/fravia/project3.htm
As you correctly state, the weakest point is the software developer's implementation of the dongle's APIs. It is interesting to note that in several articles I have just been reading, the crackers themselves advise that the developers/company would save a great deal of time and money by not using dongles, and instead implementing a keyfile or other method of copy protection. Obviously these are also vulnerable to attack, but if the dongle developer has not written his code well, a keyfile would actually cause a cracker a lot more trouble.
Of interest in terms of dongles in general is the fact that late last year, under a ruling by the DCMA title "Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies", it is perfectly legal to reverse engineer and patch dongle protected programs, and not only that, but you will encounter several legal companies offering this 'service' http://cryptome.org/dmca102700.txt
I would disagree with Jonah's comment that "many hackers can easily make dongleemulators for various packages" - AFAIK it had been done a few times, but even amongst the very best, dongles remain the Everest of cracking.
Cheers, Ben
Thanks in advance. HAL ----------Get your FREE download of MSN Explorer at <http://explorer.msn.com>http://explorer.msn.com
http://benmeg.com Home 020 8892 8744 PGP: 5950 6447 2FB2 3314 F57D 82B2 7EF8 B51A 2DE5 5E08This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
Current thread:
- How secure are dongles for copy-protection? Harold Thimm (Jun 04)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ben Meghreblian (Jun 05)
- <Possible follow-ups>
- RE: How secure are dongles for copy-protection? Jonah Kowall (Jun 05)
- Re: How secure are dongles for copy-protection? Victor A. Rodriguez (Jun 05)
- Re: How secure are dongles for copy-protection? Felix Huber (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)
- RE: How secure are dongles for copy-protection? Pedro Hugo (Jun 05)
- RE: How secure are dongles for copy-protection? c0ncept (Jun 05)
- Re: How secure are dongles for copy-protection? Jordan Frank (Jun 06)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 06)
- Re: How secure are dongles for copy-protection? Daniel Roethlisberger (Jun 06)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)