Jump to content
  • Advertisement
Sign in to follow this  
ynm

Copyright protection, USB dongle?

This topic is 2016 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi everyone,

I saw some software using USB dongle as copyright protection.

I think if using hardware, hacker can't hack it (well, much harder to do) but still can patch it, so what is the method and advantage of this compare to using software only?

Is there anyway to protect software using USB dongle?

Regards

Share this post


Link to post
Share on other sites
Advertisement
Yeah, I remember the days when the salepeople from dongle companies were making a killing and we'd have a chain of these things hanging off our serial ports (this was before USB was invented).

I was even then easier to use archie to grab a cracked version of software because either your dongle was faulty, or they'd interfere with each other, or you could use only one at a time, or they didn't work at all with the particular version of hardware or OS you were running.

Short answer: no, there is no technical way to prevent software copying using DRM.

Share this post


Link to post
Share on other sites
As far as I know these things are still around.

They're basically a secure key store. The key used to encrypt is stored inside the dongle and never put into the computers RAM, not unlike the
TPM, making it as secure as it gets.

Unfortunately this can't overcome the fundamental issue of all DRM systems, namely, that at some point the unencrypted data needs to be in the RAM of the computer in order to be useful, and it can always be extracted from there.

Share this post


Link to post
Share on other sites
Many thanks,

It seems online games are far better protected than offline games, so I think about implementing USB dongle as a micro server like in online games, but I don't know how online games are protected. Any idea? Could this be done?
If somehow it could be done, then it is far better because it would allow LAN games with better latency and gaming experience

Regards

Share this post


Link to post
Share on other sites
online games can just check a license key against a database as a simple option.

Share this post


Link to post
Share on other sites

It seems online games are far better protected than offline games, so I think about implementing USB dongle as a micro server like in online games, but I don't know how online games are protected. Any idea? Could this be done?

The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other. Edited by Cornstalks

Share this post


Link to post
Share on other sites
I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

Share this post


Link to post
Share on other sites
Thank all,

The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other.

I don't know how iphone is jail broken, maybe their exploited software fault, but in microprocessor I haven't any case is hacked. The only method I know is take off IC's case, using microscope and UV light to read the state of the registers of the IC which only possible in lab condition and require expert skill.



I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

This is the problem which I am finding the solution.
While I believe the microprocessor is very hard to hack to know the algorithm or the encrypted key store in it, but if dongle only returns simple value like true of false to allow the software to run, it can be easily patched though emulation

Even though, the hacker still can not know the true algorithms and keys in dongle, so I am leaning to the idea of using random encrypted return value each time, which can not be emulation. But then the hacker can hack directly to the software to bypass checking step. So I think the dongle must return encrypted critical data which require engine to run, e.g parameters of functions..

Is there any software used similar method? Or any idea?

Regards Edited by ynm

Share this post


Link to post
Share on other sites

Thank all,
[quote name='Cornstalks' timestamp='1355071988' post='5008822']
The reason server-based games are a bit more "secure" (though plenty of people still hack the client and server is still vulnerable) is because you own the computer the server is running on (and thus have a great deal of control over it). As soon as you put the server on the player's computer (whether it's a USB dongle or not), you immediately take away that advantage and it's probably just as easy to hack and crack as any other.

I don't know how iphone is jail broken, maybe their exploited software fault, but in microprocessor I haven't any case is hacked. The only method I know is take off IC's case, using microscope and UV light to read the state of the registers of the IC which only possible in lab condition and require expert skill.



I imagine a dedicated hacker could still bypass a dongle through emulation. Though it would be pretty difficult and probably not worth it. Commercial forensic software such as EnCase use dongles for this exact purpose.

This is the problem which I am finding the solution.
While I believe the microprocessor is very hard to hack to know the algorithm or the encrypted key store in it, but if dongle only returns simple value like true of false to allow the software to run, it can be easily patched though emulation

Even though, the hacker still can not know the true algorithms and keys in dongle, so I am leaning to the idea of using random encrypted return value each time, which can not be emulation. But then the hacker can hack directly to the software to bypass checking step. So I think the dongle must return encrypted critical data which require engine to run, e.g parameters of functions..

Is there any software used similar method? Or any idea?

Regards
[/quote]

Just focus on making great software instead, good software sells, bad software don't, DRM is primarly useful to prevent second hand sales or to protect a highly anticipated title on launch. (If the pirates are willing to wait a few days/weeks extra to play your game any DRM you implement will be worthless).

Hacking protected devices are doable even without software exploits, (Google for mod-chips for older consoles), on devices like the iPhone it just isn't done because doing so would "ruin" the appearance of the device(and exploiting the software is easier anyway). the problem is that you still need to store the instructions that your dongle should run somewhere and it isn't that difficult to remove and read a memory chip.

Dongles also force you to use physical distribution of your software, which today will result in a far greater reduction in sales than piracy can manage.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!