Re: How secure are dongles for copy-protection?

[<shampster () mail 3xT org>]

On Tue, 5 Jun 2001, Ryan Permeh wrote:
> the only types of dongle protection that don't completely suck are those
> that take information from the machine and perform a specific set of
> operations on the dongle(prefereably a cryptographic operation, a hash or
> crypte/decrypt) purely in hardware on the dongle.  This means that the
> cracker either has to reverse the entire crypto algorithm(using black box
> techniques like known plaintext attacks), including finding the keyed value
> on the dongle, or use a hardware lab to actually reverse the hardware.

. . . Not if all this trickery ends in a function returning a 0 for
failure and a 1 for success . . .
What does the software do with the hash
once it's passed back to the application?  Compare it to a constant?
Hopefully not. Use the returned value as a pointer to the next code
segment? Better, but usually still not very difficult to break.

To completely emulate the dongle, the cracker does have to reverse the dongle.
But a cracker does not need to reverse the dongle to break the protection.

[snip]

> Signed,
> Ryan Permeh
> eEye Digital Security Team
> http://www.eEye.com/Retina -Network Security Scanner
> http://www.eEye.com/Iris -Network Traffic Analyzer
>
> ----- Original Message -----
> From: "Felix Huber" <huberfelix () webtopia de>
> To: "Penetration Testers" <PEN-TEST () SECURITYFOCUS COM>
> Sent: Tuesday, June 05, 2001 4:05 AM
> Subject: Re: How secure are dongles for copy-protection?
>
>
> > Hi,
> >
> > of course - the most dongle checks were cracked. I have seen 3DSMax and
> > other... For more information:
> > http://www.google.com/search?q=3Ddongle+cracked
> >
> >
> >
> > Regards,
> > Felix Huber
> >
> >
> > -------------------------------------------------------
> > Felix Huber, Web Application Programmer, Webtopia
> > Guendlinger Str.2, 79241 Ihringen - Germany
> > huberfelix () webtopia de     (07668)  951 156 (phone)
> > http://www.webtopia.de     (07668)  951 157 (fax)
> >                                          (01792)  205 724 (mobile)
> > -------------------------------------------------------
> >   ----- Original Message -----=20
> >   From: Harold Thimm=20
> >   To: pen-test () securityfocus com=20
> >   Sent: Monday, June 04, 2001 9:43 PM
> >   Subject: How secure are dongles for copy-protection?
> >
> >
> >   I'm looking for any information on incorporating dongles into a =
> > software package for copy protection. In particular, I'm looking for =
> > information on the Rainbow Technologies Sentinel, but advice on =
> > dongle-based copy protection in general is appreciated.
> >
> >   How easy/difficult is it to break this kind of copy-protection? Are =
> > there any known weaknesses in the dongle-type systems themselves (as =
> > opposed to implementation weaknesses?)=20
> >
> >   Are there any dongle-based protection schemes that have been cracked, =
> > and if so, how?=20
> >
> >
> >
> >   (A pointer to a URL would be appreciated, if you have it.)
> >
> >   Thanks in advance.
> >
> >   HAL

-------------------------------------------------------------------------------
shampster / 3xT.org