Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How secure are dongles for copy-protection?

From: Daniel Roethlisberger <daniel () roe ch>
Date: Wed, 6 Jun 2001 17:11:11 +0200

Ryan Permeh <ryan () eEye com> wrote:

1. Take a key issued by vendor. This is the "liscence" key
   offered in most scenarios.
2. Pipe this key to the dongle.
3. perform cryptographic transformation on the issued "liscence
   key". this cryptographic transform could be a
   hash/crypt/decrypt depending on situation. Potentially this
   could be multiple transformation. The closer to hardware
   configured the better.
4. return the value of the transformation(s) from the dongle to
   the program.
5. use this as a key to uncrypt the codesegment of the
   executeable(the .text segment of the pe or whatever format
   you need).


This is still vulnerable to the replay attack. You just look at
the output of the dongle and replay that to the software; it
requires no attack on the dongle itself. I come to the conclusion
that dongle based protection systems cannot be perfect. Either you
can replay the dongle output; or you can attack the part of the
software that does the same operation as the dongle in order to
verify the result.

Cheers,
Dan


-- 
   Daniel Roethlisberger <daniel () roe ch>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED
Previous By Date Next
Previous By Thread Next

Current thread: