Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: How secure are dongles for copy-protection?
From: <shampster () mail 3xT org>
Date: Mon, 4 Jun 2001 23:02:56 -0700 (PDT)

On Mon, 4 Jun 2001, Harold Thimm wrote:


I'm looking for any information on incorporating dongles into a software
package for copy protection. In particular, I'm looking for information
on the Rainbow Technologies Sentinel, but advice on dongle-based copy
protection in general is appreciated.

How easy/difficult is it to break this kind of copy-protection? Are there
any known weaknesses in the dongle-type systems themselves (as opposed to
implementation weaknesses?)


Dongle protected applications are (at least were) always fairly easy
targets.  One can typically just set breakpoints on
serial/parallel IO events and follow the code back to the
application/dongle API level.  At that point it doesn't matter that your
protection scheme has a 'hardware' element to it.

If you are planning on just using a 'IsDongleHere()' -- you typically
only need to change one byte to turn a conditional jump into an
unconditional one to break the protection.  More complex schemes, that
store data on the key itself -- only raise the bar slightly, since it's
usually pretty easy to see what needs to be force-fed back to the
application to make it happy.  Reading the time off the dongle (for
time-limited protection schemes) are equally hackable due to it being so
easy to set breakpoints on serial/parrallel IO events.

Without knowing more details about what you are trying to accomplish --
I'd suggest using some form of proven cryptography system as your method
of implementation.

Look at http://www.searchlores.org/protec/protec.htm
 . . . and STFW for old fravia.org essays on reversing dongled
applications.





Are there any dongle-based protection schemes that have been cracked, and
if so, how? (A pointer to a URL would be appreciated, if you have it.)


I haven't yet heard of one that _hasn't_ been cracked.
The best way to learn how to protect your software is to learn how to
reverse software yourself.





Thanks in advance.

HAL

________________________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]