Penetration Testing mailing list archives
Re: How secure are dongles for copy-protection?
From: <shampster () mail 3xT org>
Date: Tue, 5 Jun 2001 14:50:41 -0700 (PDT)
On Tue, 5 Jun 2001, Ryan Permeh wrote:
the only types of dongle protection that don't completely suck are those that take information from the machine and perform a specific set of operations on the dongle(prefereably a cryptographic operation, a hash or crypte/decrypt) purely in hardware on the dongle. This means that the cracker either has to reverse the entire crypto algorithm(using black box techniques like known plaintext attacks), including finding the keyed value on the dongle, or use a hardware lab to actually reverse the hardware.
. . . Not if all this trickery ends in a function returning a 0 for failure and a 1 for success . . . What does the software do with the hash once it's passed back to the application? Compare it to a constant? Hopefully not. Use the returned value as a pointer to the next code segment? Better, but usually still not very difficult to break. To completely emulate the dongle, the cracker does have to reverse the dongle. But a cracker does not need to reverse the dongle to break the protection. [snip]
Signed, Ryan Permeh eEye Digital Security Team http://www.eEye.com/Retina -Network Security Scanner http://www.eEye.com/Iris -Network Traffic Analyzer ----- Original Message ----- From: "Felix Huber" <huberfelix () webtopia de> To: "Penetration Testers" <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, June 05, 2001 4:05 AM Subject: Re: How secure are dongles for copy-protection?Hi, of course - the most dongle checks were cracked. I have seen 3DSMax and other... For more information: http://www.google.com/search?q=3Ddongle+cracked Regards, Felix Huber ------------------------------------------------------- Felix Huber, Web Application Programmer, Webtopia Guendlinger Str.2, 79241 Ihringen - Germany huberfelix () webtopia de (07668) 951 156 (phone) http://www.webtopia.de (07668) 951 157 (fax) (01792) 205 724 (mobile) ------------------------------------------------------- ----- Original Message -----=20 From: Harold Thimm=20 To: pen-test () securityfocus com=20 Sent: Monday, June 04, 2001 9:43 PM Subject: How secure are dongles for copy-protection? I'm looking for any information on incorporating dongles into a = software package for copy protection. In particular, I'm looking for = information on the Rainbow Technologies Sentinel, but advice on = dongle-based copy protection in general is appreciated. How easy/difficult is it to break this kind of copy-protection? Are = there any known weaknesses in the dongle-type systems themselves (as = opposed to implementation weaknesses?)=20 Are there any dongle-based protection schemes that have been cracked, = and if so, how?=20 (A pointer to a URL would be appreciated, if you have it.) Thanks in advance. HAL
------------------------------------------------------------------------------- shampster / 3xT.org
Current thread:
- How secure are dongles for copy-protection? Harold Thimm (Jun 04)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ben Meghreblian (Jun 05)
- <Possible follow-ups>
- RE: How secure are dongles for copy-protection? Jonah Kowall (Jun 05)
- Re: How secure are dongles for copy-protection? Victor A. Rodriguez (Jun 05)
- Re: How secure are dongles for copy-protection? Felix Huber (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)
- RE: How secure are dongles for copy-protection? Pedro Hugo (Jun 05)
- RE: How secure are dongles for copy-protection? c0ncept (Jun 05)
- Re: How secure are dongles for copy-protection? Jordan Frank (Jun 06)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 06)
- Re: How secure are dongles for copy-protection? Daniel Roethlisberger (Jun 06)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 06)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)
- Re: How secure are dongles for copy-protection? Maximiliano Caceres (Jun 06)