Searching \ for '[BUY] USB Dongles' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=usb+dongles
Search entire site for: 'USB Dongles'.

Exact match. Not showing close matches.
PICList Thread
'[BUY] USB Dongles'
2007\01\16@142608 by James Newtons Massmind

face picon face
My main client is transitioning from a hardware to a software based system
(my fault <grin>). He is not at all comfortable with standard software
licensing (and in this specific case, I can see why) and so wants to include
a hardware locking key to control the use of the software. His clients won't
mind since they are used to the current hardware anyway. Other comments
regarding how evil dongles are should be tagged [OT], please.

The problem is that I can't seem to find any company that offers them in
medium small quantities ( low hundreds ), for reasonable prices ( e.g. < $20
each ) and releases source code samples for how to connect to them. I had
assumed there would be a DLL you include in your installation and you would
call if from your application, but everything seems to be much more complex
and secretive. We aren't trying to stop hackers here, just keep the users
honest.

Has anyone had any good experiences with this? I'd sure appreciate a
referral.

Thanks!

---
James.


2007\01\16@144512 by Robert Young

picon face

{Quote hidden}

James,

As I understand it, the FT232RL and FT245RL parts from FTDI can be used
to create such dongles.  I'm remembering this from a blurb I saw on
their web page.  May have been advertising hype, may have been an
application note.  Probably worth a quick look at http://www.ftdichip.com.

Another that comes to mind is Griffin Technologies.  Might also be worth
contacting them.  http://www.griftech.com.

Rob

2007\01\16@145843 by M. Adam Davis

face picon face
Well, I suspect the Rainbow has been considered and doesn't meet your
goals.  They seem to be one of the foremost in the business.

Echoing Rob, FTDI ( http://www.ftdichip.com ) includes dongle
functionality in their latest USB chips.  They have code examples on
how to use them.  I haven't spent much time looking into them deeply
though, so it may be that it's just a serial number with no
authentication, or it may be more secure.

Either way, it would be an easy and cheap way of doing it.

Alternately, use a PIC and develop the system yourself.  Then sell it
online to others in your position.

-Adam

On 1/16/07, Robert Young <rwyoungspamKILLspamieee.org> wrote:
>
> > {Original Message removed}

2007\01\16@150210 by Robert Young

picon face
>
> James,
>
> As I understand it, the FT232RL and FT245RL parts from FTDI
> can be used to create such dongles.  I'm remembering this
> from a blurb I saw on their web page.  May have been
> advertising hype, may have been an application note.  
> Probably worth a quick look at http://www.ftdichip.com.
>
> Another that comes to mind is Griffin Technologies.  Might
> also be worth contacting them.  http://www.griftech.com.
>
> Rob
>

OK, just checked on Griffin Technology's web site and their main product
is intended to lock down a PC so that you can't use it at all unless the
magic dongle is plugged in.  Not what you described but still, give them
a phone call.  They might have some suggestions anyway.

Rob
(Not affiliated with GT Security but I do try to support local
businesses...)

2007\01\16@150857 by Jason Harper

picon face
Perhaps you could use Maxim/Dallas USB 1-Wire/iButton
adapters?  DS9490R or DS9490B are <$20 in qty 100, and
there's a free API and lots of sample code for talking
to them.  You wouldn't actually need to supply an
iButton, the adapters have a built-in unique serial
number chip.  For more security, you could use the -B
version adapter with a password-protected or SHA
iButton.

The downside is, of course, the usual problem with
buying Maxim products in small quantities...
    Jason Harper

2007\01\16@151715 by Wouter van Ooijen

face picon face
> The problem is that I can't seem to find any company that
> offers them in medium small quantities ( low hundreds )
> for reasonable prices ( e.g. < $20

IIRC the FT232RL can be used as dongle chip.

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: http://www.voti.nl
consultancy, development, PICmicro products
docent Hogeschool van Utrecht: http://www.voti.nl/hvu


2007\01\16@153113 by William Couture

face picon face
On 1/16/07, James Newtons Massmind <.....jamesnewtonKILLspamspam.....massmind.org> wrote:
> My main client is transitioning from a hardware to a software based system
> (my fault <grin>). He is not at all comfortable with standard software
> licensing (and in this specific case, I can see why) and so wants to include
> a hardware locking key to control the use of the software. His clients won't
> mind since they are used to the current hardware anyway. Other comments
> regarding how evil dongles are should be tagged [OT], please.
>
> The problem is that I can't seem to find any company that offers them in
> medium small quantities ( low hundreds ), for reasonable prices ( e.g. < $20
> each ) and releases source code samples for how to connect to them. I had
> assumed there would be a DLL you include in your installation and you would
> call if from your application, but everything seems to be much more complex
> and secretive. We aren't trying to stop hackers here, just keep the users
> honest.

I have no experience with this, but gmail's suggestions on your
email is:

http://www.microcosm.co.uk/dinkey.shtml

Which lists quantity 1 -- 99 at 12 Lbs (don't know how to generate
the British "pound" symbol) each.

Developers kit is 95 Lbs.

Bill

--
Psst...  Hey, you... Buddy...  Want a kitten?  straycatblues.petfinder.org

2007\01\16@153317 by Timothy Weber

face picon face
M. Adam Davis wrote:
> Well, I suspect the Rainbow has been considered and doesn't meet your
> goals.  They seem to be one of the foremost in the business.

I maintain a product that uses Rainbow Sentinel USB dongles.  Pretty
simple from the software side, but I don't know how much they cost or
what quantities are available.
--
Timothy J. Weber
http://timothyweber.org

2007\01\16@153359 by Tony Smith

picon face
{Quote hidden}

Can't help you on prices, but I did have a play with the keys from
http://www.aladdin.com a while back.  In short, a DLL they provided talked to the
key, and gave you a Yes/No signal.  I didn't have any problem getting them
to work under VB or C++.  You had to load a custom driver too (no big deal).

These were read/write, so you could store serial numbers, name, keys,
algorithms etc.  Can handle multiple application too.  Simplest
implementation is test for the key in as many places as possible.

There's a bunch of different versions, some with counters for time limts or
# of uses, network variants etc.

You could always stick a loop-back connector in the serial port...

Tony

2007\01\16@154439 by Vitaliy

picon face
William Couture wrote:
> Which lists quantity 1 -- 99 at 12 Lbs (don't know how to generate
> the British "pound" symbol) each.
>
> Developers kit is 95 Lbs.

GBP (Great Britain Pound) is an accepted currency abbreviation (like USD and
CAD).

Best regards,

Vitaliy

2007\01\16@155827 by Bob Axtell

face picon face
James Newtons Massmind wrote:
{Quote hidden}

Why not roll your own? I'd do it with a 3.3V i2c  RAM device, like a
MC24C00. This can be done in SOT23-6
so would fit into a VERY tiny potted parallel port. Make most of the
port pins simply fuel a 3.3V power supply thru
diodes. Rather than keep the data constant, I would constantly change it
according to the software you write to
read and write to it. In this way, regardless of the actual data
present, the dongle being present does most of the
protection.

--Bob  

2007\01\16@155929 by Herbert Graf

flavicon
face
On Tue, 2007-01-16 at 11:25 -0800, James Newtons Massmind wrote:
> My main client is transitioning from a hardware to a software based system
> (my fault <grin>). He is not at all comfortable with standard software
> licensing (and in this specific case, I can see why) and so wants to include
> a hardware locking key to control the use of the software. His clients won't
> mind since they are used to the current hardware anyway. Other comments
> regarding how evil dongles are should be tagged [OT], please.
>
> The problem is that I can't seem to find any company that offers them in
> medium small quantities ( low hundreds ), for reasonable prices ( e.g. < $20
> each ) and releases source code samples for how to connect to them. I had
> assumed there would be a DLL you include in your installation and you would
> call if from your application, but everything seems to be much more complex
> and secretive. We aren't trying to stop hackers here, just keep the users
> honest.
>
> Has anyone had any good experiences with this? I'd sure appreciate a
> referral.

Are the machines internet connected? Perhaps a software license type
system is easier to implement, something like the online activation
microsoft does.

TTYL

2007\01\16@162224 by Peter van Hoof

face picon face
How about rolling your own with something like the SiLabs toolstick (<$11 a piece).
I'm sure you could code protect them ( you can have a nice flasjing light on them as well.

Peter van Hoof

{Original Message removed}

2007\01\16@171115 by Bob Axtell

face picon face
Bob Axtell wrote:
{Quote hidden}

Oops, you wanted USB dongles. Sorry.

--Bob

2007\01\16@224955 by Radhakrishnan R.

flavicon
face
Hi,
Go to http://www.aladdin.com/hasp/default.asp and try to locate a
reseller near you.
Hope this helps.
regards,
rk

{Original Message removed}

2007\01\17@044047 by Gerhard Fiedler

picon face
Vitaliy wrote:

> William Couture wrote:
>> Which lists quantity 1 -- 99 at 12 Lbs (don't know how to generate the
>> British "pound" symbol) each.
>
> GBP (Great Britain Pound) is an accepted currency abbreviation (like USD and
> CAD).

Actually, not only accepted but /the/ standardized currency code

http://en.wikipedia.org/wiki/ISO_currency_codes

Gerhard

2007\01\17@053439 by Alan B. Pearce

face picon face
>> Why not roll your own? I'd do it with a 3.3V i2c  RAM device, like a
>> MC24C00. This can be done in SOT23-6
>>  so would fit into a VERY tiny potted parallel port. ...
>>
>Oops, you wanted USB dongles. Sorry.

However that doesn't mean it couldn't be implemented with an FT245 type
chip, or one of their later ones which ISTR can be configured with an I2C or
SPI interface instead of parallel.

2007\01\17@085600 by Robert Ammerman

picon face
I have used, with success, a product call 'Dinkey Dongle'. I have used two
versions: the first was parallel port based, the current is USB.

Very simple to use as a 'wrapper' around your application. For a little more
effort embedding it in your app, you can get significantly more security.

Highly recommended.


Not sure about $$ in your QTY.
Bob Ammerman

[a copy sent offlist to James as he was the original poster]

2007\01\17@112505 by Lucas Korytkowski

flavicon
face
We've consedered making our own.  But first we started to brain-storm how
many ways a dongle can be defeated.
A Dongle without much protection in the communication/driver/dll interface
will only "inconvenience" (limit the number of copies they can run for free)
the legit end-user and make it a rather simple challenge for the cracker.
Here are the highlights:

- USB analyzer.  Log and emulate the dongle communications via cloned
hardware or software driver.  (There used to be quite a few companies that
did this for popular packages at a fraction of the cost of the original
software).
- Man in the middle attack. Log the communications between the app and the
driver.  Create a "proxy" between the driver and app to respond correctly,
or replace the dll/driver altogether.
- Patch the software to negate any tests against the dongle.  Even if you
sprinkle the routines all over, copy-paste, inline, etc.  A search and
replace can easily defeat this.

Solution highlights:
- Have secure, encrypted communications between the dongle and the
end-software, not using a DLL, but a linked library.
- Have the driver validate itself and the dongle via "pseudo random" or
encrypted signature that can't be easily duplicated, challenge-response with
random seeds, etc.
- The software (both driver and user app) should employ an anti-debugger
check to make it difficult to trace through the software for dongle checks.
- Have another app encrypt the software and add a bootstrapper to decrypt
the app via dongle.  Cannot execute the program without a valid dongle.
Cannot even disassemble software as it is encrypted.


Now that we had a list of security issues, we decided to look for 3rd party
hardware dongles instead.  As we were not going to resell the dongles and
the dongle project would be quite involved.

Another issue to keep in mind when selling your own dongle is that if the
developer API is available, crackers will experiment and find ways around
it.

Unfortunately the dongle prices are not <$20.  If don't know what the cost
of the application will be, or how popular it will be (niche market versus
generalized app), but the cost of having a certian number of packages
pirated instead of paid for may make the cost worthwhile.  

I know there's always the argument of "I really had no intention of
purchasing this package but..." or "I don't really need this many copies
but...", or "You don't trust me to use your software legitimately?", etc.
But in the end it comes down to return on investment in developing the
software and helping companies/people do "things" more efficiently, or at
least better!, or, ok how about differently??


{Original Message removed}

2007\01\17@144139 by Wouter van Ooijen

face picon face
> Solution highlights:
> (snip)

I would add: put a non-trivial part of your application inside the
dongle. If you do this well enough you can distribute your application
freely and just sell 'dongels'. In a way that is how I sell Wisp628's.

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: http://www.voti.nl
consultancy, development, PICmicro products
docent Hogeschool van Utrecht: http://www.voti.nl/hvu


2007\01\17@192158 by Richard Prosser

picon face
One word of warning. Don't make it too difficult for the user to
manage. I am getting very p*** off with the IAR compiler I am using as
the security hoops I have to jump through every time I re-install it
or update it makes me strongly consider dropping ot altogether.

Richard P

On 18/01/07, Wouter van Ooijen <EraseMEwouterspam_OUTspamTakeThisOuTvoti.nl> wrote:
{Quote hidden}

> -

2007\01\19@211259 by Josh Koffman

face picon face
On 1/16/07, Timothy Weber <twspamspam_OUTtimothyweber.org> wrote:
> M. Adam Davis wrote:
> > Well, I suspect the Rainbow has been considered and doesn't meet your
> > goals.  They seem to be one of the foremost in the business.
>
> I maintain a product that uses Rainbow Sentinel USB dongles.  Pretty
> simple from the software side, but I don't know how much they cost or
> what quantities are available.

We use Rainbow dongles. By the way, they're called Safenet now (just
in case you're trying to find them). They are pretty good, though
we're using an older dongle. They're releasing a new dongle package
that is supposed to be more physically robust. One thing to consider
is that USB dongles can be easily pocketed. Try to make sure you have
a method for locking it down or secure it somehow.

On our other product we use a software security product. The one we
chose has proven to be a mistake and we'll be fixing that soon. We're
considering moving to a unified system for both of our products.
Sentinel RMS seems to be an interesting solution, I think it supports
both soft and hard licencing.

Anyway, I think we pay about USD$26 for our current dongles, but we're
buying about 2500 a year.

Josh
--
A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
       -Douglas Adams

More... (looser matching)
- Last day of these posts
- In 2007 , 2008 only
- Today
- New search...