Ryan Permeh <ryan_at_eEye.com> wrote:
> 1. Take a key issued by vendor. This is the "liscence" key
> offered in most scenarios.
> 2. Pipe this key to the dongle.
> 3. perform cryptographic transformation on the issued "liscence
> key". this cryptographic transform could be a
> hash/crypt/decrypt depending on situation. Potentially this
> could be multiple transformation. The closer to hardware
> configured the better.
> 4. return the value of the transformation(s) from the dongle to
> the program.
> 5. use this as a key to uncrypt the codesegment of the
> executeable(the .text segment of the pe or whatever format
> you need).
This is still vulnerable to the replay attack. You just look at
the output of the dongle and replay that to the software; it
requires no attack on the dongle itself. I come to the conclusion
that dongle based protection systems cannot be perfect. Either you
can replay the dongle output; or you can attack the part of the
software that does the same operation as the dongle in order to
verify the result.
Cheers,
Dan
--
Daniel Roethlisberger <daniel_at_roe.ch>
PGP Key ID 0x8DE543ED with fingerprint
6C10 83D7 2BB8 D908 10AE 7FA3 0779 0355 8DE5 43ED
Received on Jun 06 2001
Intro
