Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: How secure are dongles for copy-protection?

Re: How secure are dongles for copy-protection?

From: Ben Meghreblian <benmeg_at_benmeg.com>
Date: Tue, 05 Jun 2001 18:07:50 +0100

At 19:43 04/06/01 +0000, you wrote:
>I'm looking for any information on incorporating dongles into a software
>package for copy protection. In particular, I'm looking for information on
>the Rainbow Technologies Sentinel, but advice on dongle-based copy
>protection in general is appreciated.
>
>How easy/difficult is it to break this kind of copy-protection? Are there
>any known weaknesses in the dongle-type systems themselves (as opposed to
>implementation weaknesses?)
>

This site provides an overview of actual weaknesses in several popular
dongle systems, although nothing technical can be found here :-
http://www.soft-analysts.com/applications.html

>Are there any dongle-based protection schemes that have been cracked, and
>if so, how? (A pointer to a URL would be appreciated, if you have it.)

HASP 3 was cracked in about 1998 AFAIK, by dumping the memory of the dongle
and eventually finding, through luck/judgement/zen, 2 magic lookup tables.
Read more about it (mostly quite technical) here:-
http://hackjaponaise.cosm.co.jp/archives/websites/fravia/bayu_2.htm

Also of interest, in terms of your 'how?' question, is this:-
http://hackjaponaise.cosm.co.jp/archives/websites/fravia/project3.htm

As you correctly state, the weakest point is the software developer's
implementation of the dongle's APIs. It is interesting to note that in
several articles I have just been reading, the crackers themselves advise
that the developers/company would save a great deal of time and money by
not using dongles, and instead implementing a keyfile or other method of
copy protection. Obviously these are also vulnerable to attack, but if the
dongle developer has not written his code well, a keyfile would actually
cause a cracker a lot more trouble.

Of interest in terms of dongles in general is the fact that late last year,
under a ruling by the DCMA title "Exemption to Prohibition on Circumvention
of Copyright Protection Systems for Access Control Technologies", it is
perfectly legal to reverse engineer and patch dongle protected programs,
and not only that, but you will encounter several legal companies offering
this 'service' http://cryptome.org/dmca102700.txt

I would disagree with Jonah's comment that "many hackers can easily make dongle
emulators for various packages" - AFAIK it had been done a few times, but
even amongst the very best, dongles remain the Everest of cracking.

Cheers,

Ben

>
>Thanks in advance.
>
>HAL
>
>
>----------
>Get your FREE download of MSN Explorer at
><http://explorer.msn.com>http://explorer.msn.com

http://benmeg.com

Home 020 8892 8744

PGP: 5950 6447 2FB2 3314 F57D 82B2 7EF8 B51A 2DE5 5E08

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
Received on Jun 05 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos