Penetration Testing mailing list archives
Re: How secure are dongles for copy-protection?
From: Daniel Roethlisberger <daniel () roe ch>
Date: Wed, 6 Jun 2001 17:11:11 +0200
Ryan Permeh <ryan () eEye com> wrote:
1. Take a key issued by vendor. This is the "liscence" key offered in most scenarios. 2. Pipe this key to the dongle. 3. perform cryptographic transformation on the issued "liscence key". this cryptographic transform could be a hash/crypt/decrypt depending on situation. Potentially this could be multiple transformation. The closer to hardware configured the better. 4. return the value of the transformation(s) from the dongle to the program. 5. use this as a key to uncrypt the codesegment of the executeable(the .text segment of the pe or whatever format you need).
This is still vulnerable to the replay attack. You just look at the output of the dongle and replay that to the software; it requires no attack on the dongle itself. I come to the conclusion that dongle based protection systems cannot be perfect. Either you can replay the dongle output; or you can attack the part of the software that does the same operation as the dongle in order to verify the result. Cheers, Dan -- Daniel Roethlisberger <daniel () roe ch> PGP Key ID 0x8DE543ED with fingerprint 6C10 83D7 2BB8 D908 10AE 7FA3 0779 0355 8DE5 43ED
Current thread:
- Re: How secure are dongles for copy-protection?, (continued)
- Re: How secure are dongles for copy-protection? Ben Meghreblian (Jun 05)
- RE: How secure are dongles for copy-protection? Jonah Kowall (Jun 05)
- Re: How secure are dongles for copy-protection? Victor A. Rodriguez (Jun 05)
- Re: How secure are dongles for copy-protection? Felix Huber (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)
- RE: How secure are dongles for copy-protection? Pedro Hugo (Jun 05)
- RE: How secure are dongles for copy-protection? c0ncept (Jun 05)
- Re: How secure are dongles for copy-protection? Jordan Frank (Jun 06)
- Re: How secure are dongles for copy-protection? shampster (Jun 05)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 06)
- Re: How secure are dongles for copy-protection? Daniel Roethlisberger (Jun 06)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 06)
- Re: How secure are dongles for copy-protection? Ryan Permeh (Jun 05)
- Re: How secure are dongles for copy-protection? Maximiliano Caceres (Jun 06)