Searching \ for '[OT]:Dongle - aka node lock' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=dongle+aka+node
Search entire site for: 'Dongle - aka node lock'.

Exact match. Not showing close matches.
PICList Thread
'[ot]:Dongle - aka node lock'
2001\08\01@115358 by John Walshe

flavicon
face
Hi folks,
   I've just found an AutoCAD R13 dongle in the bottom of a box I got at a
factory clearout sale. It's one of those Rainbow Sentinel devices and I
can't tell what device is in it 'cos its a globbed die(it could be a pic ?)

Anyone got and ideas as to how it works? Can I read/write it to and use it
to protect any of my own software?
I did a web trawl (a short one!) but came up blank. Has anyone got any info
on these things?
Best regards
John

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\08\01@134103 by Matthew Fries

flavicon
face
I have a dongle here from an obsolete piece of 3M software. The enclosure
open quite easily, but it looks like this one has some sort of ASIC in
it. The chip inside is labelled "Aladdin", and there is a label on the
outside that says MemoHASP-1. Some web serching later, I found
http://www.hasp.com/. For this model, you can download some rudimentary
software to see if it works. I don't know if Autocad used the same kind.

BTW: HASP is an acronym for "Hardware Against Software Piracy". Pretty
clever.




On Wed, 1 Aug 2001, John Walshe wrote:

{Quote hidden}

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\08\01@142419 by Barry Gershenfeld

picon face
Rainbow makes several different implementations of dongles, depending
on your desire for fanciness and the size of your budget.  If you
are a developer you can get demo keys and they explain how
they work.  But the key you have will have been "customized"
by the AutoCAD people, probably even to assigning which
pins take data and which clock them through, as well
as some cipher keys in the scrambling algorithm.  So the best
you could probably hope for is to be able to characterize
what comes back after you send something through it,
and use that to lock your software, without ever actually
learning anything about how the insides work.

You might do better to find someone who could use an extra
AutoCAD 13 key, and swap 'em for a PIC develpment kit and
then roll your own.

Barry

At 04:39 PM 8/1/01 +0100, you wrote:
{Quote hidden}

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\08\02@040753 by Alan B. Pearce

face picon face
>Rainbow makes several different implementations of dongles, depending
>on your desire for fanciness and the size of your budget.  If you
>are a developer you can get demo keys and they explain how
>they work.  But the key you have will have been "customized"
>by the AutoCAD people, probably even to assigning which
>pins take data and which clock them through, as well
>as some cipher keys in the scrambling algorithm.  So the best
>you could probably hope for is to be able to characterize
>what comes back after you send something through it,
>and use that to lock your software, without ever actually
>learning anything about how the insides work.

I have never heard of software suppliers modifying the pinout of the dongles
provided by the dongle manufacturer. I would doubt this would actually
happen as they seem to use the control pins on the ports to send an I2C type
serial communication between the dongle and the port.

Early dongles used I2C EEPROM's as discrete chips. Slightly later ones used
the bare chip bonded straight to the PCB with the epoxy blob over it, but
were essentially the same functionality as the discrete chip ones.

Later ones have some sort of chip which performs more like a smartcard
credit card and can provide some scrambling capability.

In all cases there seems to be a set of registers which contain the dongle
manufacturer/type, an identifier for the software manufacturer, and the
software manufacturers product identifier, and some sort identifier to allow
the dongle to apply to a single product or multiple products. The actual
placing of these registers in the address space differs from manufacturer to
manufacturer.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\08\02@104344 by Roman Black

flavicon
face
> On Wed, 1 Aug 2001, John Walshe wrote:
>
> > Hi folks,
> >     I've just found an AutoCAD R13 dongle in the bottom of a box I got at a
> > factory clearout sale. It's one of those Rainbow Sentinel devices and I
> > can't tell what device is in it 'cos its a globbed die(it could be a pic ?)
> >
> > Anyone got and ideas as to how it works? Can I read/write it to and use it
> > to protect any of my own software?
> > I did a web trawl (a short one!) but came up blank. Has anyone got any info
> > on these things?


Hi John, the problem with hardware dongles is that
they generally use a hardware port like the parallel
port.

These can be cracked by any decent cracker, they just
search the executable file for code that accesses that
port. Once found it's pretty easy to identify the two
exit points for the dongle code, ie dongle failed/dongle
passed. Then they just put a goto to the dongle passed
exit. Dongle no longer needed... That's why you see so
many CAD programs hacked and available on the net
unfortunately.

If I used a dongle I would pass a byte TO the dongle,
use a PIC in the dongle which encrypts that byte and
passes it back to the PC as one or more bytes. Then in
your main code break that byte(s) up into various segments
and process/test it later at different points in your
code, eliminating the easy "dongle passed" test.
This won't stop them, but takes it to expert level
cracking rather than bored uni student level.

The best code protection I saw was a friends surveying
software costing $5000+ US. Each week the software
scanned their PC, generated a number and they have to
ring the main office and get a second number. Then
it works for a week. And nobody has ever cracked it
yet. :o)
-Roman

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\08\02@123519 by Matthew Fries

flavicon
face
> The best code protection I saw was a friends surveying
> software costing $5000+ US. Each week the software
> scanned their PC, generated a number and they have to
> ring the main office and get a second number. Then
> it works for a week. And nobody has ever cracked it
> yet. :o)
> -Roman

What a pain in the neck! The only thing worse than expensive software is
expensive software that can never be maintenance-free.

It would make more sense if the software were to contain some
date-sensitive information, then I could justify registering it every
week. But in this age of quickly outdated software and failing software
companies, who knows if the company will even be around when you need to
use the softare.

The 3M software that we use where I work is similar, but it DOES contain
date sensitive information, so that makes the trouble worth
while. However, I think 3M realizes this and makes the registration
process more difficult in order to compensate. :-/

The software is updated with new data every quarter. The installation will
not proceed until you enter the correct response code to a randomly
generated number (which is based on the current time). When you call 3M's
tech support to get the code, you *HAVE* to leave your name and phone
number with an operator, and the technician calls you back. Sometimes it's
HOURS before they return your call, or even days. And when they do call,
they just leave a voicemail message, and the whole process starts over
again.

The crazy thing is, all this work just for some silly medical coding
program. Yes, it is safe from copying, but I can't think of why anyone in
their right mind would want to copy this program (unless they wanted to
start their own HMO....)

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\08\02@141123 by Dave

flavicon
face
Hey,

I reckon a really good dongle would be one that stored the 'key' parts of
the code internally. When a correct serial is passed to it and verified it
would return the correct, unencrypted code. Therefore a cracker couldn't
acheive anything as the program would be missing parts. A nice 64k eeprom
could store some essential code nicely hidden away from crackers.

I've written some self modifying code before, which is what the program
would need to do. I may have a go at making a dongle like this one day. Of
course, software updates would be a pain if any of the key areas were
altered, the dongle would also need an update :)

Regards,

David Stubbs

WEB: http://www.nti-uk.com
TEL UK: 07968 397782


> {Original Message removed}

2001\08\02@173008 by Barry Gershenfeld

picon face
>I have never heard of software suppliers modifying the pinout of the dongles
>provided by the dongle manufacturer. I would doubt this would actually
>happen as they seem to use the control pins on the ports to send an I2C type
>serial communication between the dongle and the port.
>
>Early dongles used I2C EEPROM's as discrete chips.

This was so simple that it wasn't even I2C.  And the software
writer didn't do the pin reassignment, you just requested
it as a configuration option when you had the dongle
made.  I'm sure you all realize that you use one of
the data lines as a clock, rather than the real strobe
line of the parallel port.

As the discussion of how to make or use dongles goes on
I'll mention that doing timing-dependent things is
another trick I've seen.

I forgot that we used another vendor before we used
Rainbow, so some of this may apply to the earlier
devices.

Barry

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\08\07@104137 by Roman Black

flavicon
face
David Stubbs wrote:
Hi David, the trouble with selling dongle systems
is you really need to be supplying each of your
customers (and customer inquiries) with a lot
of the spec of the product, ie, HOW it will protect
their software.

You're probably giving away the best info the
hackers could want...
-Roman


{Quote hidden}

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\08\07@105120 by Dave

flavicon
face
Hi,

> Doh, replied to Dave not the PICList..

I never got this message. Strange. Oh well.

> > First off, you could just read the EPROM, but that requires

You would store the code in the eeprom in encrypted format. You could use
some fancy one way encryption thingy like winzip does on password protected
files. Nobody has managed to break this yet as far as I am aware. If you
used the serial they entered as the encryption key to decrypt the encoded
data in the eeprom of the dongle then an invalid serial would still generate
data to be sent back. This data is of course likely to cause adverse effects
when executed and would most likely result in a crash.

> > tool, far simpler to use software like "SoftICE" (If I
> > remember correctly) and just dump a memory image of the
> > running process once it has loaded the "secret code". Then it

I have used SoftICE on many occasions. There are many ways around SoftICE.
Also Sice does not handle self modifying code so well. Dumping the running
process would not work as the program would attempt to overwrite the code
with its code from the dongle on execution, messing everything up. Of course
this could be removed, with a lot of patching.

> > Basically, there is one simple rule to software copy
> > protection this - you can't do it unless you control and
> > monitor the hardware (as in a PIC etc where you can prevent
> > access to the code).

I agree, there will always be people with a lot of free time on their hands.
However, most crackers do not have much electronics knowledge. They think
they can read a few web sites on cracking winzip and mirc and be ready for
the world. Of course, there are the few exceptions who are willing to spent
unlimited amounts of time until they break it.. they probably deserve the
software though after all that effort. Still, nothing a new release of the
software and dongle code wouldn't fix :)

Also some dongle software update mechanism could be set up so the internal
code for the dongle could easilly be 'patched' when new software was
released. Of course, without ever letting the users know it is the dongle
being updated and not the software. Just to keep give the crackers an extra
challenge.

> > Sorry to put a damper on the idea, but its better finding
> > this out now then when your shipping the software :)

I wouldn't know the first step to take in actually making cash from a
product.

> > The most (I have or would do) is put a decent serial
> > number/key system in place. One that they can't simply

Depends on the product. A ?20 ($28) product definately does not need a
dongle costing nearly half as much to produce. However, a ?4000 ($5616)
product only sold to a small aount of clients definately justifies the extra
protection a dongle can provide.

Well, these are just my opinions. I may, and probably am a lot of the time,
be incorrect.

Regards,

David Stubbs

WEB: http://www.nti-uk.com
TEL UK: 07968 397782

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\08\07@205419 by Ashley Roll

flavicon
face
Hi All

> > Doh, replied to Dave not the PICList..
>
> I never got this message. Strange. Oh well.

Yep, for some reason it bounced back to me yesterday as undeliverable.. Oh
Well.

> > > First off, you could just read the EPROM, but that requires
>
> You would store the code in the eeprom in encrypted format.
> You could use some fancy one way encryption thingy like winzip does on
> password protected files. Nobody has managed to break this yet as far as I
am
> aware. If you used the serial they entered as the encryption key to
decrypt
> the encoded data in the eeprom of the dongle then an invalid serial would
> still generate data to be sent back. This data is of course likely to
cause
> adverse effects when executed and would most likely result in a crash.

The problem is that at SOME stage, the code has to be decrypted and placed
in memory on the computer so it can run. That is when it gets grabbed.

Now, I'm not saying this is easy. But to a sufficiently determined attacker
this wouldn't pose much of a challenge. All the code and the keys to decrypt
it are in your software for the taking :)

As for Winzip, I'm not sure, but I know the encryption in PKZip is very
poor. If you know some "plain text" (data from the files in the ZIP, like
file headers in EXEs images, name of the company in the word doc etc) it is
possible to crack it in very little time. I read about it in "Applied
Cryptography" by Schneier.

> > > tool, far simpler to use software like "SoftICE" (If I
> > > remember correctly) and just dump a memory image of the
> > > running process once it has loaded the "secret code". Then it
>
> I have used SoftICE on many occasions. There are many ways around SoftICE.
> Also Sice does not handle self modifying code so well.
> Dumping the running process would not work as the program would attempt to
> overwrite the code with its code from the dongle on execution, messing
> everything up. Of course this could be removed, with a lot of patching.

Fair enough, I've never used it.. Just an example of the kind of software
that you can get to help.

The problem is that in doing this you are simply hiding behind obscure
activities, but it is all there for someone to get at. All they need is a
reasonable tool. Actually it isn't too difficult to write your own. Just
attach to the running process (under windows) as a debugger and you have
full access to it.

> > > Basically, there is one simple rule to software copy
> > > protection this - you can't do it unless you control and
> > > monitor the hardware (as in a PIC etc where you can prevent
> > > access to the code).
>
> I agree, there will always be people with a lot of free time
> on their hands. However, most crackers do not have much electronics
> knowledge. They think they can read a few web sites on cracking winzip and
mirc and
> be ready for the world. Of course, there are the few exceptions who are
> willing to spent unlimited amounts of time until they break it.. they
probably
> deserve the software though after all that effort. Still, nothing a new
> release of the software and dongle code wouldn't fix :)

They don't need ANY knowledge about electronics, they just observe the
software and find out what it is doing.

Unfortunately, those few that "deserve it for breaking it" distribute it.
Its a badge of honour to them. And the harder it is to crack the more renown
they become for it.

I don't condone software piracy, but if you've never done this before its an
eye-opener. Go to your favourite search engine (altavista, google etc) and
type the name of your "copy protected" software and crack as the search
terms. (eg "+Autocad +crack") and see how many hits you get.

> Also some dongle software update mechanism could be set up so
> the internal code for the dongle could easilly be 'patched' when new
software was
> released. Of course, without ever letting the users know it
> is the dongle being updated and not the software. Just to keep give the
> crackers an extra challenge.

You could, but again if they cracked the first version (and it is already
out there on the priate sites) they will simple use the same techniques to
crack the new version.

This is because the only trusted hardware you have is the dongle, but you
can't trust what is attached to it. The attacker can see and do anything the
like to the computer in an effort to break your copy protection. At some
stage the stuff in the dongle gets onto the computer in a runnable
(unencrypted) form and then they have it.

> > > The most (I have or would do) is put a decent serial
> > > number/key system in place. One that they can't simply
>
> Depends on the product. A ?20 ($28) product definately does not need a
> dongle costing nearly half as much to produce. However, a
> ?4000 ($5616) product only sold to a small aount of clients definately
> justifies the extra protection a dongle can provide.

I agree that some software is worth more then others and that deserved at
least an attempt to protect it. However I don't believe that dongles offer
much protection. They only frustrate your legitimate uses.

If you have only a small number of users it could be possible to customise
the software in some innocuous way that is hidden and also have their
details in it that are shown at a splash screen, then at least you know
where the pirate version came from. The cracker is likely to only work out
how to change the obvious customisation and will never know the other one is
there as it won't affect the software.

The only way I can think of to sell software without the risk of piracy is
to sell access to it on an Internet "Application Service Provider" that you
control. And this opens a whole new can of worms. How many people would use
an ASP to design their next products :) Who do you trust :)

> Well, these are just my opinions. I may, and probably am a
> lot of the time, be incorrect.

As these are just mine. :)

My favourite motto from when I did some computer security consulting was
"Security through obscurity is no security at all".

Maybe someone out there who is writing commercial software would care to
give their opinion and experiences?

Cheers,
Ash.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


More... (looser matching)
- Last day of these posts
- In 2001 , 2002 only
- Today
- New search...