Clearly Peter has addressed the main points of proper implementation. Given that I have - without publishing the results - 'cracked' two different dongle systems in the past, I'd like to share my insights as well. User276 already hints, in part, at what the problem is. Many software vendors think that they purchase some kind of security for their licensing model when licensing a dongle system. They couldn't be further from the truth.
All they do is to get the tools that allow them to implement a relatively secure system (within the boundaries pointed out in Peters answer). What is the problem with copy protection in general? If a software uses mathematically sound encryption for its licensing scheme this has no bearing on the security of the copy protection as such. Well, you end up in a catch 22 situation.
You don't trust the user (because the user could copy the software), so you encrypt stuff or use encryption somehow in your copy protection scheme. Alas, you need to have your private key in the product to use the encryption, which completely contradicts the notion of mistrusting the user. Dongles try to put the private key (and/or algorithm and/or other ingredients) into hardware such that the user has no access in the first place. However, since many vendors are under the impression that they purchase security out of the box, they don't put effort into the correct implementation. Which brings me to the first example. It's a CAD program my mother was using.
Out of the knowledge that dongles connecting to LPT tend to fail more often than their more recent USB counterparts, I set out to 'work around' this one. That was around 2005. It didn't take me too long.
In fact I used a simple DLL placement attack (the name under which the scenario later became known) to inject my code. And that code wasn't all too elaborate. Only one particular function returned the value the dongle would usually read out (serial number), and that was it. The rest of the functions I would pass through to the original DLL which the dongle vendor requires to be installed along with the driver. The other dongle was a little before that.
The problem here was that I was working for a subcontractor and we had limited access only to the software for which we were supposed to develop. It truly was a matter of bureaucracy between the company that licensed the software and the software vendor, but it caused major troubles for us. In this case it was a little more challenging to work around the dongle.
First of all a driver had to be written to sniff the IRPs from and to the device. Then the algorithm used for encryption had to be found out. Luckily not all was done in hardware which provided the loop hole for us. In the end we had a little driver that would pose as the dongle. Its functionality was extended so far as to read out a real dongle, save the data (actually pass it to a user mode program saving it) and then load it back to pose as this dongle.
Conclusion: dongles, no matter which kind, if they implement core functionality of the program to which they belong will be hard to crack. For everything else it mostly depends on the determination and willingness to put in time of the person(s) that set out to work around the dongle. As such I would say that dongles pose a considerable hindrance - if implemented correctly - but in cases of negligence on part of the software vendor seeking to protect his creation also mere snake oil. Take heed from the very last paragraph in Peters answer.
But I would like to add one more thought. Software that is truly worth the effort of being protected, because it is unique in a sense, shouldn't be protected on the basis of customer harassment ( most copy protection schemes). Instead consider the example of IDA Pro, which can certainly be considered pretty unique software. They watermark the software to be able to track down the person that leaked a particular bundle. Of course, as we saw with the ESET leak, this doesn't help always, but it creates.
It'll be less likely that a cracker group gets their hands on a copy, for example. Problem description Let's make a couple of assumptions. Software is divided into functional components. Licenses are for functional components within that software package. Licenses can be based on time, on version or on a number of uses, i.e you may use the functionality until a set point in time, you may the functionality of the version you purchased or some minor derivative of it or you may use it a number of times.
There are two main scenarios you have to solve, where an attacker doesn't have access to a license and where he does. Attacker with no license The first scenario is where your attacker does not have access to a valid license to your product. This problem is easy to solve. Simply assign a separate encryption key to each of the functional licenseable parts of your software.
Encrypt each functional part with the encryption key designed for that part. Now you can distribute your software without worry of someone being able to decrypt functions they have not licensed since you never send them the key. Attacker with access to license The second scenario, which is much harder to solve, is when your attacker has a valid license to your software but he either wants to redistribute the functions he has licensed or to extend his license time wise. Now you need a reliable time source, this can be solved by:.
Logitech Dongle Software![]()
embedding a public key into a dongle and having the dongle issue a random challenge which must be forwarded to a time server. The time server responds by signing the current time and the challenge and returning it to the client which then sends it to the key and the key then updates its internal clock and unlocks.
updating the internal clock based on the time it has been plugged into the computer. The USB port supplies power to your dongle all the time while its plugged in. updating the internal clock based on timestamps sent from drivers installed on the machine its attached to. Only allow timestamps forward in time. Only allow movement backwards in time if the time source is a remote trusted time server supplying a signed timestamp. If your license is based on versions you actually have an attacked who does not have access to a license because your key derivation function for the functional unit takes both the identifier of the functional unit and the version of it as input.
Key distribution So once you have separate keys for each functional unit your licenses basically becomes a matter of distributing symmetric keys so that they can be sent to the dongle. This is usually done by embedding a secret symmetric key in the dongle, encrypting the license decryption keys with the shared secret key and then signing the encrypted key update files. The signed update files are then passed to the dongle which validates the signature on the update, decrypts the new keys with the shared symmetric key and stores them for later use.
Key storage All dongles must have access to secure storage in order to store license decryption keys, expiration timestamps and so on. In general this is not implemented on external flash memory or EEPROM. If it is it must be encrypted with a key internal to the ASIC or FPGA and signed such that it can not be changed. Plain text hole Once the user has a license to your functional component, even if he can't extract your secret key, he can use your dongle to decrypt that functional component. This leads to the issue that he may extract all your plain text and replace the decryption call with a direct call to the extracted plain text. Some dongles cover this issue by embedding a processor into the dongle.
The functional component is then sent encrypted over to the dongle which decrypts the component and executes it internally. This means that the dongle essentially becomes a black box and the functional components sent to the dongle needs to be probed individually to discover their properties. Oracles A lot of dongles are encryption and decryption oracles which leads to potential issues with, e.g the recent. Side channel attacks Besides the oracle issues you also have a lot of concerns with all of the so far well known.
OMG people, please don't believe this, it is not a true story First of all, no human on earth can deliver 7 babies such size.if really got 7, they will be very tiny.The people in this picture will not smile so happily if the babies were to be killed.some more China allow twins, triplets etc but the parents will be fined money.they will not kill them Also some people likes to make stories out of pictures.just for fun.because ppl like us believe in them and have mix feelings after that. Video melahirkan anak. “Kepada seluruh rakyat China dan para pemimpin kami yang terhormat, saya memohon maaf atas kelahiran bayi kembar kami yang memalukan dan tidak bertanggung jawab ini.” Ujar Jinan Ingat senang ker nak buat + lahirkan anak. Previously same scenario, I forgot 15 or 17 babies according to picture but actually all the babies are test tube babies from different moms and they were arranged together to take pictures just for the purpose of celebrating the success of the hospital.and stories were made saying the mom gave birth to all of them. OMG people, please don't believe this, it is not a true story First of all, no human on earth can deliver 7 babies such size.if really got 7, they will be very tiny.The people in this picture will not smile so happily if the babies were to be killed.some more China allow twins, triplets etc but the parents will be fined money.they will not kill them Also some people likes to make stories out of pictures.just for fun.because ppl like us believe in them and have mix feelings after that.
You also need to be concerned with any potential but undiscovered side channel. Decapsulation Be aware that there are a number of companies in the world who specialize in picking apart and auditing secure chips. Some of the most well known companies are probably Chris Tarnovsky of, now part of IOActive and.
This sort of attack is expensive but may be a real threat depending on the value of your target. It would surprise me if but a few, possibly none of, dongles today are able to withstand this sort of high budget attacker. Do they work Given a dongle which is based on strong encryption, isn't time based since you can not expire encryption keys based on time nor is time an absolute, free of any side channel attacks and executes the code on the chip, yes it will make discovering the underlying code equivalent to probing a black box. Most of the breaks that happen with these dongles are based on implementation weaknesses by the licensees of the hardware licensing system due to the implementer being unfamiliar with reverse engineering and computer security in general.
Also, do realize that even software where a majority of the logic is implemented on an internet facing server has been broken simply by probing the black box and inferring server side code based on client code expectations. Always prepare for your application to be broken and develop a plan for how to deal with it when it happens. As Peter has indicated, looking at how the dongle is used for security is the starting point to identify the attack vectors. In most cases, the software developers implementing the dongle security is the weakest point.
In the past when I have tested software with dongles, I have used free tools like ProcessMonitor and RegShot to identify simple vulnerabilities to defeat bad implementations of dongle security. I have seen software that on startup checks for the presence of dongle and then proceeds with its operation without using the dongle until its restarted.
In these cases, patching the application with OllyDbg is not that difficult to tell the app to run with full functionality as long as the dongle is NOT plugged in to the system. Kumpulan ost drama korea cinderella four knights. I have also seen software that allows a user to click on a button in the software so that the user doesn't have to have the dongle inserted. The software claimed that is an extra functionality like 'Remember Me' option.
RegShot and ProcessMonitor showed me that a file is written with some information and as long as the file is present in the expected folder, I can run the software on multiple systems without a dongle. Just because someone uses AES or Hardware Dongles or any XYZ doesn't mean they are secure. All that maters is whether they are implementing those security measure in the right manner assuming that there are now known (or 0-day vulnerabilities) in the security measure.
How to share USB dongle over LAN or Internet Software developers want to secure their products from copying; to that end they introduce dongles. Users want just the opposite – to make using software as simple and convenient as possible, no extra security layers or tricks, please. I hear both sides and there is one thing I can tell you: If we can’t avoid using dongles, we need to simplify working with them to the max. In this article I’ll tell you how to share USB dongle over network, what dongles are and how to duplicate a dongle. Contents.
Here is how you can use it:. Sign up a FlexiHub account and activate a free trial to be able to connect to the remote devices. Download and install the software on each of your PCs that need access to the shared dongle.
Launch FlexiHub, sign in using your newly created login credentials. Find the shared dongle on your other machine that needs access to a USB dongle and connect to it. You can clone USB dongle and use it as if it is attached to your machine directly. A free version of FlexiHub allows you to send the invites for connection to other users, which is very convenient if you have no opportunity to connect any remote HASP USB key or any other device by yourself. Also, you can always test a paid subscription for free for 7 days. Step-by-step instruction:.
Install the software after it to the machines that will share and access the remote USB dongle. Connect a USB dongle to the computer that will act as a server (share a device), start USB Network Gate and share it from there, what will make a device accessible to the clients (remote computers). Connect from any client computer to the shared device. Note:. With USB Network Gate it is possible to see what client a USB device is currently connected to, which will certainly be helpful, if a user forgets to disconnect the dongle. It is important to remember that only one computer will be able to use a shared device at a time.
What is a dongle? A software protection dongle is a device that allows you to protect content from accessing and copying. A hardware key has a product key or other protection mechanism. By attaching it to a computer or another electronic appliance a user can unlock software functionality or decode content or access a hardware device. Dongles are typically attached to a PC via parallel ports, although in Macs you can also use ADB ports. A dongle passes all data coming through the port it is attached to, so the ports can actually be used for other purposes.
It is not uncommon to attach several dongles to a single port. Why is a dongle called a dongle? There is a story that ‘dongles’ is derived from the name of a person who designed dongles first – Don Gall.
A good advertising trick, but actually nobody knows for sure why dongles are called dongles. An early dongle was a solid and non-dangling RS232 block, it’s only modern dongles that dangle, and only when attached to a key-fob or lanyard. According to the Oxford English Dictionary, dongle first appeared in reference to computer security systems sometime between 1980 and 1982, when someone was seeking a term for a doodad that dangled, dong-like, from a device—and dug up dongle. There are seven different theories that explain etymology of the term:.
Dv Dongle Software
An Arbitrary Coinage. A Phonesthetic Coinage.
A Corruption of the Word 'Dangle'. An Appropriation From Poetry. A Nerdy Hypothetical From a College Entrance Exam. A Cheeky Invention of an Ad Man (or Woman). The Result of Occam's Razor Etymology is 'Arbitrary'.
Types of dongles There are 5 types of USB dongles:. For Memory and Storage. For Security. For Wireless Internet Connections.
GPS Navigation dongles. Bluetooth Dongles. HASP dongles Perhaps the majority of modern dongles are used for Memory and Storage. Every other person would carry a USB flash drive or memory stick with files, documents, computer applications, etc. Term papers and assignment for printout, pictures from your last trip to the seaside, handy software tools to share with colleagues and friends are now conveniently stored on Flash drives instead of floppy disks and CDs.
Used for authentication, USB Security dongles help protect your hardware or software from unauthorized access. Networks and software applications can be designed in such a way that they cannot be accessed without a software key, i.e. Your security dongle. Electronic signatures are kept on such dongles. Wi-Fi USB dongles enable desktops and laptops with no internal Wi-Fi cards to connect to the Internet wirelessly.
It is mostly ultra-slim notebook models that require an external device, or rather software that allows computer’s OS to locate Wi-Fi signal. GPS technology has become an essential part of Smartphone software, and dongles for GPS Navigation are not much in demand these days. However if you don’t have your smartphone within reach, you still might find them useful GPS navigation USB dongles turn your laptop into a navigation system.
Powered entirely by a computer, they won’t let you down. Bluetooth Dongles pass information between two computers and more, smartphones, and other devices – no extra cables or cords are required. Link your computer or laptop to a network and connect to any external device – from a mobile phone to a keyboard. How to duplicate a USB dongle It is illegal to crack and duplicate hardware key, and please do not bother even googling this topic.
Software solutions that claim to backup dongles are actually emulators, crackers. Do not use such software, if you don’t want any legal issues. However there is a way to go about it. Check out, it provides you with fast, safe and legal way to share a single device between two computers.
I have read all the existing discussions on piracy and hardware support, so this is not the same old question. I have a new twist on this old discussion.
You can now purchase dongles for USB that allow you to put some of your important code into the dongle. If you have a complex algorithm and you put it into the dongle, someone would have to reverse engineer the contents of the dongle. If they tried to spoof the dongle, as was possible in the past, this would not work.
All they can see is that data goes into a 'black box' and result data comes out. It is no longer a matter of finding a jump true/false to bypass a license check in the source code. Perhaps a mathematician with a lot of idle time on his hands could eventually reverse it, but that is an extreme level of interest! The other option is that the hardware dongle itself would need to be hacked. There are many protections against this built in, but this is probably the most effective approach. So I want to take a scenario and see if I've missed something. I put the important part of my algorithm into the dongle to protect it.
6 doubles and 1 int go into the dongle, 1 double and 1 int are returned. This happens for thousands of data points. This is one of several functions of similar complexity. A hacker can see the rest of my assembly code (which I do as much as possible to obfuscate), but lets assume it is easily hacked. My question is, how hard is it to break into the dongle to access my assembly code in this proprietary hardware? Let's take as an example this companies product: I am not interested in lectures on how I'm inconveniencing customers and should open source my product, please.
I am looking for a technical discussion on how a software/hardware engineer might approach extracting my assembly object from such a device. And I am not asking in order to hack one, but to know how much hassle I have as my discouragement against tampering. I know if there is a will, there is always a way. But at first glance it looks like it would take several thousand dollars worth of effort to bypass this scheme? Given the response so far, I am adding some more specifics. The dongle has the following property, 'Access to the chip is protected by PIN, and the maximum re-tries is pre-set by software developers. For instance, under a dictionary attack, once the number of re-tries exceed the pre-set value, the chip will trigger a self-locking mechanism'.
So to access the chip and thus the code inside it, you have to know the PIN, otherwise after let's say 10 tries you will be locked out. I personally can't see any way anyone could compromise this system. It doesn't matter what goes in or out, what matters is what runs inside the dongle ARM processor. Physical forced access would destroy the chip. Electrical access would require the PIN, or the chip locks up.
How else could it be compromised? From the manufacturer, 'EAL 5+ in the global hi-tech sector, that practically enable EL with the outstanding effectiveness in resisting of major attacks such as Electronic Attack (SPA and DPA), Probe Attack (SiShell), Chip Dissection and Debug Port.' - Someone thought I did not do enough research, but that is why I'm posting the question. This is not my area of expertise! Is it someone else's?
How To Crack Dongle Protected Software
This looks to me like it is very hard to break into such a dongle. Let me repeat, the question is NOT if you can/can't spoof the dongle, but if you can READ the dongle? – Jan 5 '14 at 22:20. Yes, I updated the link in the question to just go to the main company page. I also could not afford, or did not wish to leave anything to chance regarding protecting my IP, so I have a new approach.
I am now not distributing my code in any form, even within a dongle. Instead my server serves out the results of my algorithm with a local database to store old values. If you are looking at older values then they are fast and right in the local database. For new values the server has to provide them, after authentication of course.
No intellectual property leaves my server. – Mar 28 '14 at 21:11.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |