Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: How secure are dongles for copy-protection?

Re: How secure are dongles for copy-protection?

From: <shampster_at_mail.3xT.org>
Date: Tue, 5 Jun 2001 14:50:41 -0700 (PDT)

On Tue, 5 Jun 2001, Ryan Permeh wrote:
> the only types of dongle protection that don't completely suck are those
> that take information from the machine and perform a specific set of
> operations on the dongle(prefereably a cryptographic operation, a hash or
> crypte/decrypt) purely in hardware on the dongle. This means that the
> cracker either has to reverse the entire crypto algorithm(using black box
> techniques like known plaintext attacks), including finding the keyed value
> on the dongle, or use a hardware lab to actually reverse the hardware.

. . . Not if all this trickery ends in a function returning a 0 for
failure and a 1 for success . . .
What does the software do with the hash
once it's passed back to the application? Compare it to a constant?
Hopefully not. Use the returned value as a pointer to the next code
segment? Better, but usually still not very difficult to break.

To completely emulate the dongle, the cracker does have to reverse the dongle.
But a cracker does not need to reverse the dongle to break the protection.

[snip]

>
>
> Signed,
> Ryan Permeh
> eEye Digital Security Team
> http://www.eEye.com/Retina -Network Security Scanner
> http://www.eEye.com/Iris -Network Traffic Analyzer
>
> ----- Original Message -----
> From: "Felix Huber" <huberfelix_at_webtopia.de>
> To: "Penetration Testers" <PEN-TEST_at_SECURITYFOCUS.COM>
> Sent: Tuesday, June 05, 2001 4:05 AM
> Subject: Re: How secure are dongles for copy-protection?
>
>
> > Hi,
> >
> > of course - the most dongle checks were cracked. I have seen 3DSMax and
> > other... For more information:
> > http://www.google.com/search?q=3Ddongle+cracked
> >
> >
> >
> > Regards,
> > Felix Huber
> >
> >
> > -------------------------------------------------------
> > Felix Huber, Web Application Programmer, Webtopia
> > Guendlinger Str.2, 79241 Ihringen - Germany
> > huberfelix_at_webtopia.de (07668) 951 156 (phone)
> > http://www.webtopia.de (07668) 951 157 (fax)
> > (01792) 205 724 (mobile)
> > -------------------------------------------------------
> > ----- Original Message -----=20
> > From: Harold Thimm=20
> > To: pen-test_at_securityfocus.com=20
> > Sent: Monday, June 04, 2001 9:43 PM
> > Subject: How secure are dongles for copy-protection?
> >
> >
> > I'm looking for any information on incorporating dongles into a =
> > software package for copy protection. In particular, I'm looking for =
> > information on the Rainbow Technologies Sentinel, but advice on =
> > dongle-based copy protection in general is appreciated.
> >
> > How easy/difficult is it to break this kind of copy-protection? Are =
> > there any known weaknesses in the dongle-type systems themselves (as =
> > opposed to implementation weaknesses?)=20
> >
> > Are there any dongle-based protection schemes that have been cracked, =
> > and if so, how?=20
> >
> >
> >
> > (A pointer to a URL would be appreciated, if you have it.)
> >
> > Thanks in advance.
> >
> > HAL
> >
> >
> >
>

-------------------------------------------------------------------------------
shampster / 3xT.org
Received on Jun 05 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos