Jump to content

  • Log In with Google      Sign In   
  • Create Account

Copyright protection, USB dongle?


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
13 replies to this topic

#1 ynm   Members   -  Reputation: 172

Like
0Likes
Like

Posted 09 December 2012 - 01:54 AM

Hi everyone,

I saw some software using USB dongle as copyright protection.

I think if using hardware, hacker can't hack it (well, much harder to do) but still can patch it, so what is the method and advantage of this compare to using software only?

Is there anyway to protect software using USB dongle?

Regards

Sponsor:

#2 Bregma   Crossbones+   -  Reputation: 5435

Like
4Likes
Like

Posted 09 December 2012 - 07:53 AM

Yeah, I remember the days when the salepeople from dongle companies were making a killing and we'd have a chain of these things hanging off our serial ports (this was before USB was invented).

I was even then easier to use archie to grab a cracked version of software because either your dongle was faulty, or they'd interfere with each other, or you could use only one at a time, or they didn't work at all with the particular version of hardware or OS you were running.

Short answer: no, there is no technical way to prevent software copying using DRM.
Stephen M. Webb
Professional Free Software Developer

#3 Rattenhirn   Crossbones+   -  Reputation: 1809

Like
4Likes
Like

Posted 09 December 2012 - 08:25 AM

As far as I know these things are still around.

They're basically a secure key store. The key used to encrypt is stored inside the dongle and never put into the computers RAM, not unlike the
TPM, making it as secure as it gets.

Unfortunately this can't overcome the fundamental issue of all DRM systems, namely, that at some point the unencrypted data needs to be in the RAM of the computer in order to be useful, and it can always be extracted from there.

#4 ynm   Members   -  Reputation: 172

Like
0Likes
Like

Posted 09 December 2012 - 09:39 AM

Many thanks,

It seems online games are far better protected than offline games, so I think about implementing USB dongle as a micro server like in online games, but I don't know how online games are protected. Any idea? Could this be done?
If somehow it could be done, then it is far better because it would allow LAN games with better latency and gaming experience

Regards

#5 6677   Members   -  Reputation: 1058

Like
0Likes
Like

Posted 09 December 2012 - 10:31 AM

online games can just check a license key against a database as a simple option.

#6 Cornstalks   Crossbones+   -  Reputation: 6991

Like
0Likes
Like

Posted 09 December 2012 - 10:53 AM

It seems online games are far better protected than offline games, so I think about implementing USB dongle as a micro server like in online games, but I don't know how online games are protected. Any idea? Could this be done?

The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other.

Edited by Cornstalks, 09 December 2012 - 10:53 AM.

[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

#7 TheChubu   Crossbones+   -  Reputation: 4756

Like
0Likes
Like

Posted 09 December 2012 - 01:23 PM

I've seen audio related software using those (ie, Pro Tools), its called iLok.

"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#8 BMO   Members   -  Reputation: 170

Like
0Likes
Like

Posted 09 December 2012 - 02:01 PM

I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

#9 ynm   Members   -  Reputation: 172

Like
0Likes
Like

Posted 10 December 2012 - 03:02 AM

Thank all,

The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other.

I don't know how iphone is jail broken, maybe their exploited software fault, but in microprocessor I haven't any case is hacked. The only method I know is take off IC's case, using microscope and UV light to read the state of the registers of the IC which only possible in lab condition and require expert skill.


I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

This is the problem which I am finding the solution.
While I believe the microprocessor is very hard to hack to know the algorithm or the encrypted key store in it, but if dongle only returns simple value like true of false to allow the software to run, it can be easily patched though emulation

Even though, the hacker still can not know the true algorithms and keys in dongle, so I am leaning to the idea of using random encrypted return value each time, which can not be emulation. But then the hacker can hack directly to the software to bypass checking step. So I think the dongle must return encrypted critical data which require engine to run, e.g parameters of functions..

Is there any software used similar method? Or any idea?

Regards

Edited by ynm, 10 December 2012 - 03:03 AM.


#10 SimonForsman   Crossbones+   -  Reputation: 6303

Like
0Likes
Like

Posted 10 December 2012 - 05:39 AM

Thank all,


The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other.

I don't know how iphone is jail broken, maybe their exploited software fault, but in microprocessor I haven't any case is hacked. The only method I know is take off IC's case, using microscope and UV light to read the state of the registers of the IC which only possible in lab condition and require expert skill.


I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

This is the problem which I am finding the solution.
While I believe the microprocessor is very hard to hack to know the algorithm or the encrypted key store in it, but if dongle only returns simple value like true of false to allow the software to run, it can be easily patched though emulation

Even though, the hacker still can not know the true algorithms and keys in dongle, so I am leaning to the idea of using random encrypted return value each time, which can not be emulation. But then the hacker can hack directly to the software to bypass checking step. So I think the dongle must return encrypted critical data which require engine to run, e.g parameters of functions..

Is there any software used similar method? Or any idea?

Regards


Just focus on making great software instead, good software sells, bad software don't, DRM is primarly useful to prevent second hand sales or to protect a highly anticipated title on launch. (If the pirates are willing to wait a few days/weeks extra to play your game any DRM you implement will be worthless).

Hacking protected devices are doable even without software exploits, (Google for mod-chips for older consoles), on devices like the iPhone it just isn't done because doing so would "ruin" the appearance of the device(and exploiting the software is easier anyway). the problem is that you still need to store the instructions that your dongle should run somewhere and it isn't that difficult to remove and read a memory chip.

Dongles also force you to use physical distribution of your software, which today will result in a far greater reduction in sales than piracy can manage.
I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#11 ynm   Members   -  Reputation: 172

Like
0Likes
Like

Posted 10 December 2012 - 09:51 AM


Thank all,


The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other.

I don't know how iphone is jail broken, maybe their exploited software fault, but in microprocessor I haven't any case is hacked. The only method I know is take off IC's case, using microscope and UV light to read the state of the registers of the IC which only possible in lab condition and require expert skill.


I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

This is the problem which I am finding the solution.
While I believe the microprocessor is very hard to hack to know the algorithm or the encrypted key store in it, but if dongle only returns simple value like true of false to allow the software to run, it can be easily patched though emulation

Even though, the hacker still can not know the true algorithms and keys in dongle, so I am leaning to the idea of using random encrypted return value each time, which can not be emulation. But then the hacker can hack directly to the software to bypass checking step. So I think the dongle must return encrypted critical data which require engine to run, e.g parameters of functions..

Is there any software used similar method? Or any idea?

Regards


Just focus on making great software instead, good software sells, bad software don't, DRM is primarly useful to prevent second hand sales or to protect a highly anticipated title on launch. (If the pirates are willing to wait a few days/weeks extra to play your game any DRM you implement will be worthless).

Hacking protected devices are doable even without software exploits, (Google for mod-chips for older consoles), on devices like the iPhone it just isn't done because doing so would "ruin" the appearance of the device(and exploiting the software is easier anyway). the problem is that you still need to store the instructions that your dongle should run somewhere and it isn't that difficult to remove and read a memory chip.

Dongles also force you to use physical distribution of your software, which today will result in a far greater reduction in sales than piracy can manage.

Thank you, I forgot modchip.

I work mainly in hardware, and try to find a way to sell my hardware, so please spare me if I concentrate on hardware solutions.

Well, I don't know how people hacked hardware and made modchip, but IMO, they must exploited unencryped parts, e.g communication between ICs in the system. IMO, directly hacking encrypted communication is not possible or my security knowledge has something wrong. In case everything is inside an simple IC then there is no way to hack it (reading very very hard). If I was wrong, please show me the right way.

And console systems like Xbox 360 and PS3 mainly distributed their products via physical discs, am I right? I am trying to bring a similar solution to PC systems. Also, if I was wrong, please point out for me

Regards

#12 swiftcoder   Senior Moderators   -  Reputation: 10364

Like
2Likes
Like

Posted 10 December 2012 - 10:03 AM

I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it.

Back in the days of serial dongles, you could just insert a set of jumps to bypass the dongle entirely.

One could even manage it without a debugger - 20 minutes tracing through a disassembly, and patch the executable with a hex editor.

Tristam MacDonald - Software Engineer @Amazon - [swiftcoding]


#13 Matias Goldberg   Crossbones+   -  Reputation: 3696

Like
0Likes
Like

Posted 10 December 2012 - 10:19 AM

In the audio software industry (particularly DAWs & industrement synths), the USB dongle as a DRM is still widely used, and a wide-spread cancer shall I say.
There's a lot of customer support around it (because dongle from "X" conflicts with dongle from "Y", or because you have "A" & "B" from the same developer, in which case there's a few steps to take to activate both using the same dongle)
Also these things get (rarely) broken and you have to pay for the replacement.

USB-dongle-based drm is crackeable, but cracks take a lot of time to come out (most of the time, the cracks aren't for the latest version); specially since this isn't mass market software and comes in many flavours (x86, x64, etc); which makes keeping the USB dongle sticked to your port a better alternative; specially if you're going to buy more products from the same dev. But sometimes it's easier to put the crack in a legit copy and forget about the dongle, leaving it stored in a safe place.

Well, I don't know how people hacked hardware and made modchip, but IMO, they must exploited unencryped parts, e.g communication between ICs in the system.

Yes, and no.
Ultimately everything boils to a "jmp" instruction. Advanced layers of drm is just about many "jmp"s in obfuscated places. Old gaming HW were very simple and relied on sending a simple signal to the CPU. Modchips just bypassed and always sent the signal.
Advanced dongle drm is about receiving encrypted, salted data and sending back unencrypted data (or partially encrypted data the sw can now decrypt). The hacker just has to emulate the dongle encryption features.

Edit: Which can be done by retrieving the private keys in the dongle (read below). If the encrypted data isn't salted, write a program to force the SW to send every possible message it can send to the dongle, and save the unencrypted data to map encrypted msg with unencrypted response. A savvy hacker can crack the sw to always use the same salt, and because he's writing the dongle emulator, the dongle will just send always the same salt. Remember, the hacker is in both ends (the dongle and the software).
If the permutations of messages that can be sent from SW to the dongle is nearly limitless, then the best option is to retrieve the hidden private keys. However, if your system relies too much on this, the USB bandwidth limit can become an issue for regular legit customers.

IMO, directly hacking encrypted communication is not possible or my security knowledge has something wrong.

Impossible as in "nearly impossible in terms of practice", then yes. Although if there's a vulnerability (you may want to watch the PS3's hacking videos on Youtube about how Fail0verflow found the root keys from PS3, during the Chaos Communication Congress) it will be easily hacked.

In case everything is inside an simple IC then there is no way to hack it (reading very very hard).

Reading it is very very hard like you said, but I want to emphatize it's not impossible.
Some advanced decryption schemes involve measuring number of cache misses to predict code paths being taken, other schemes are about reading voltage consumption, oscilation, noise (as in 'audible' noise), while other schemes are about freezing to low temperatures RAM modules (or similar technology) and cloning it's contents using forensic tools for later inspection.
At some point you're gonna need to store your private keys somewhere, or store partial unencrypted data somewhere. These techniques are designed to read those supposedly unreachable places; as long as the cracker has physical access to the device.
None of this is simple though, and requires A LOT of dedication. But it's not "impossible" to crack.

Edited by Matias Goldberg, 10 December 2012 - 10:28 AM.


#14 ynm   Members   -  Reputation: 172

Like
0Likes
Like

Posted 11 December 2012 - 04:18 AM

I am looking into your idea

Many thanks for the insight an helpful info




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS