I find thumb-screws and hot pokers work quite well.
For goodness sake, what a stupid thing to post without any kind of context.
Copy protection software and hardware systems such as these:
http://www.strongbit.com/execryptor.asp
http://rockey.com.my:80/prod-dongle-rockey6.php
What else is available? How well do these two work?
How much does the product sell for?
How technically sophisticated are they?
Is there an open source competitor?
How ethical are they?
Are they in a mass market?
Are they in a sort of market that would monitor cracking site?
Is this the sort of market (e.g. like popular music) where the public
perception of what the law should be is much more liberal than what it is?
How much are they prepared to put up with in terms of increased
unreliabilty, inflexibility and built in obsolescence?
What is the useful life of the product?
[Pruning neesgroups; bogus newsgroup; nested scope ]
The context should have been along the lines of
"I'm an IT manager and want to stop my users from installing pirate
software ..."
"I want to prevent my kids from ..."
"I'm a software developer working in/on ... and I want to ..."
"I want the ability to scan a network to determine ..."
>
>
My last message was as completely unambiguous as anyone
could possibly be, you are just being too picky.
If a system can be devised that is uncrackable (like rockey6
may be) this is moot.
>
> How much does the product sell for?
>
The price range for products in this category is $500 to
$20,000 per seat.
> How technically sophisticated are they?
If a system can be devised that is uncrackable (like rockey6
may be) this is moot.
>
> Is there an open source competitor?
No
>
> How ethical are they?
Varies too much to say. Client base probably has above
average ethics.
>
> Are they in a mass market?
Nche market.
>
> Are they in a sort of market that would monitor cracking
> site?
>
I don't know what this means.
> Is this the sort of market (e.g. like popular music) where
> the public perception of what the law should be is much
> more liberal than what it is?
No.
>
> How much are they prepared to put up with in terms of
> increased unreliabilty, inflexibility and built in
> obsolescence?
Copy protection schemes will probably be well tolerated
because available alternatives are very few.
life of the product?
However long graphical user interfaces are the norm, in
other words very long.
Nothing is uncrackable.
Everything can be cracked given enough motive and time and effort.
(including all of these obscuration exe packers). Ie. look at
Microsoft's software, which has a very high value of being copied, has
millions of $$ devoted to protection, and yet, crackers are still able
to use a variety of methods to get around copy restrictions in it.
Granted, alot of the methods lately require quite some hoops to jump
through now.
The main questions they are asking you about how much motive somebody
may have for what value you place on it. You're giving answers all
over the place to the point of being totally vague.
This sort of thing is totally about cost of protection vs. value received.
There is no one set answer cure all. Its all a tradeoff.
Also realize, you aren't talking amongst software developers here, but
people that study security in many different forms.
I think that has just now changed with the advent of
hardware dongles with processing power and memory. I think
that it is now at least theoretically possible to make copy
protection infeasible to crack.
>
> The main questions they are asking you about how much
> motive somebody
> may have for what value you place on it. You're giving
> answers all
> over the place to the point of being totally vague.
>
> This sort of thing is totally about cost of protection vs.
> value received.
> There is no one set answer cure all. Its all a tradeoff.
For a software package where a single seat costs $20,000
there is a lot of weight on the side of preventing cracking.
>I think that has just now changed with the advent of
>hardware dongles with processing power and memory. I think
>that it is now at least theoretically possible to make copy
>protection infeasible to crack.
Ha ha.
If a computer has to run it, the software can be cracked. No matter what.
They've had dongles with memory and CPUs on them for a long time.
Nothing new there. Most of the time, customers of these items
implement the most basic use of them thinking them highly secure when
in fact they can be easily defeated if they don't keep up their end of
the security configuration.
Would you make such blanket statements about bank vaults or safes
that can never be broken into? High security locks that can never be picked?
All of this is cost vs. effort tradeoff. How much do you want to
inconvience your legit users vs. protecting your assets?
Look at what others are doing in the same realm as you. I have
software/hardware appliances that costs more than that (running pretty
commodity hardware, all the costs are in the software). In general,
about as far as these vendors go is to provide a license file to me
after we buy it that gets put on the box, maybe tying it to the serial
number of the hardware I have.
Not if the computer that is running it is on the dongle and
100% totally inaccessible to any and all outside
observation.
>
> They've had dongles with memory and CPUs on them for a
> long time.
> Nothing new there. Most of the time, customers of these
> items
> implement the most basic use of them thinking them highly
> secure when
> in fact they can be easily defeated if they don't keep up
> their end of
> the security configuration.
>
> Would you make such blanket statements about bank vaults
> or safes
> that can never be broken into? High security locks that
> can never be picked?
How about cracking PGP encryption? Phil Zimmerman (PGP's
inventor) told me the computational complexity of this.
Cracking PGP is infeasible. It would take something like
trillions of years to crack a single message. If this kind
of technology could be directly applied to copy protection,
then copy protection would become uncrackable.
> Not if the computer that is running it is on the dongle and
> 100% totally inaccessible to any and all outside
> observation.
"It" would have to be the $20,000 application, not the copy protection
software. If only the copy protection code is there you simply trace the
program to where it tests the dongle, and bypass the test. I've heard
of this sort of thing being done simply because it was too much hassle
to get new licence keys when running on a temporary replacement machine.
If the dongle decrypts the program, you capture it after the decryption.
If you are desperate enough, you carefully disassemble the dongle and
read the code in a scanning electron microscope. There are, supposedly
techniques for making things self destruct, but they tend only to be
used in cryptographic engines, and I suspect some organisations know how
to defeat them.
>
> If a system can be devised that is uncrackable (like rockey6
> may be) this is moot.
If they have physical access to the hardware it is crackable by means
other than brute force.
>
> life of the product?
>
> However long graphical user interfaces are the norm, in
> other words very long.
There should be significant resistance to copy protection because the
product is likely to die prematurely. Dongles might be slightly better
than keys in the code, but they are still relying on your company
staying in business and interested in the product, neither of which is
common in the real world.
Nope it is not that simple. The software request the dongle
perform a complex operation that without which it cannot
proceed. In other words part of the software system being
protected in only available from the dongle.
> of this sort of thing being done simply because it was too
> much hassle to get new licence keys when running on a
> temporary replacement machine.
>
> If the dongle decrypts the program, you capture it after
> the decryption.
Not if the decryption is only done in the dongle, and only
the output of the computation is provided.
>
> If you are desperate enough, you carefully disassemble the
> dongle and
Nope as soon as the dongle is disassembled its internal
memory is erased.
> read the code in a scanning electron microscope. There
> are, supposedly techniques for making things self
> destruct, but they tend only to be used in cryptographic
> engines, and I suspect some organisations know how to
> defeat them.
http://www.mydigitaldefense.com/
Nope. I worked here as a software engineer, their system is
even uncrackable by its original designer.
As soon as the hardware is opened up its memory completely
erases.
>
>>
>> life of the product?
>>
>> However long graphical user interfaces are the norm, in
>> other words very long.
>
> There should be significant resistance to copy protection
> because the product is likely to die prematurely. Dongles
> might be slightly better
I think that there may be a way to apply uncrackable PGP
encryption to copy protection so that the copy protection
becomes uncrackable. Certainly if the whole application only
ran on the dongle, this would work.
> I think that there may be a way to apply uncrackable PGP
> encryption to copy protection so that the copy protection
> becomes uncrackable. Certainly if the whole application only
> ran on the dongle, this would work.
PGP uses the same sorts of algorithm as SSL. It is not a one time pad
system, so it is crackable. It may take unreasonably long on current
hardware, so a real attack would simply look for a weaker link.
Since the copy protection of the application would be
uncrackable if:
(1) The whole application ran on the dongle.
(2) The internal workings of the dongle are completely
inaccessible to outside observation.
Therefore any application that has a portion of itself run
on the dongle would be uncrackable to the same extent that
this portion can not be reverse-engineered.
Then you are protecting yourself from firmware privacy, not software
piracy, and you are selling hardware, not software.
In practice, though, there are relatively few commercial applications,
where there is a relatively small, stable, closely guarded secret;
encryption is probably the main one. The chances are that any useful,
non-encryption algorithm has only polynomial complexity in respect of a
black box attack on it.
In my experience, though, most commercial applications are either:
- dumbing down and adding a GUI front end to a subset of algorithms well
known in academia (the value is in the bulky user interface code);
- based on a rapidly changing set of data, in which case what is really
being sold is the service of researching and maintaining that data.
>
>
>Not if the computer that is running it is on the dongle and
>100% totally inaccessible to any and all outside
>observation.
Then its not a computer, you now have a black box, and protecting
it can be easier when you control the whole thing, although again,
if somebody made it, it can be taken apart. Dongles don't have enough
CPU power/memory on them to run the whole program, typical
sizes of dongles are 32k or 64k.
>How about cracking PGP encryption? Phil Zimmerman (PGP's
>inventor) told me the computational complexity of this.
>Cracking PGP is infeasible. It would take something like
>trillions of years to crack a single message. If this kind
>of technology could be directly applied to copy protection,
>then copy protection would become uncrackable.
The main protection offered by PGP is that the private key stays in
the hands of the sender. In a computer system, you will need to be
running this without a physical visit by you each time the end user
wants to run the program to provide the private key needed to unlock it.
Even so, the computing power needed to crack a PGP message is rapidly
coming down in time, but still, the main thing is a computer program
can't use public key encryption easily, because you will need to
embed a private key in the binary as well as the public key seen.
I have seen some license systems utilize GPG to sign their license files.
One way to circumvent this system is to find the GPG private key that is
embedded inside the program code (usually pretty easy to find),
replace it with one of your own, and now you can sign any license file
you want to provide the code and the code will happily accept it as
its own.
This is the basis of all hardware copy protection dongles for the last
20+ years?
And usually in the end, the protected app usually ends up doing
something like
lcall DongleAPI(0xbafa0193,0xbeef000f)
cmp eax,0xc0ffee23
Whereas the crack promptly patchs over this with
lea eax,0xc0ffee23
cmp eax,0xc0ffee23
Yes, they can go through and try to obfuscate where this DongleAPI is
called, but in the end, they are usually easy to find for most apps.
>Not if the decryption is only done in the dongle, and only
>the output of the computation is provided.
And the program code then shows what it is expecting, and the cracker
just patches out the call to make it look just like what the code
is expecting..
>Nope as soon as the dongle is disassembled its internal
>memory is erased.
There are ways to circumvent that. There are FIPS standards laying out
what makes a physically secure package, usually these cards (mostly
used for ATMs and such) are fairly large packages, small brick sized.
And yet, usually attacks usually don't have to go that far.
> http://www.mydigitaldefense.com/
>Nope. I worked here as a software engineer, their system is
>even uncrackable by its original designer.
The original designer is a always poor choice for attacking a
system. They are usually very biased that their design is perfect, and
can never be circumvented..
It is stored on the dongle in encrypted form. The dongle
erases all of its memory when disassembled.
>
> Even so, the computing power needed to crack a PGP message
> is rapidly
> coming down in time, but still, the main thing is a
> computer program
> can't use public key encryption easily, because you will
> need to
> embed a private key in the binary as well as the public
> key seen.
>
> I have seen some license systems utilize GPG to sign their
> license files.
> One way to circumvent this system is to find the GPG
> private key that is
> embedded inside the program code (usually pretty easy to
> find),
> replace it with one of your own, and now you can sign any
> license file
> you want to provide the code and the code will happily
> accept it as
> its own.
>
When the private key is stored on the dongle in encrypted
form, and the execution of the dongle can not be traced,
then the private key is safe.
>It is stored on the dongle in encrypted form. The dongle
>erases all of its memory when disassembled.
Okay, then the cracker loads up the program with the dongle. Then
captures the image of the running decrypted program in memory and
writes a new loader around the decrypted program image.
Or, since the output will be the same each time the dongle runs it,
he captures the output of the dongle, and bypasses the use of the
dongle after the first time it is used by patching around the API call
to decrypt something, feeding his captured input instead.
You can't trust that a cracker will never have access to hardware
you provide to end customers.
No, not this at all. This may be the way that it is
typically done, but, this is NOT what I am proposing.
Four 32 bit parameters in and four 32 bit result values out.
2^128 possible results. The correct result is required for
the correct execution of the program. It is not simply a
license check value, it is data required by the program.
>
> Yes, they can go through and try to obfuscate where this
> DongleAPI is
> called, but in the end, they are usually easy to find for
> most apps.
>
>>Not if the decryption is only done in the dongle, and only
>>the output of the computation is provided.
>
> And the program code then shows what it is expecting, and
> the cracker
> just patches out the call to make it look just like what
> the code
> is expecting..
Sure and the cracker only has to test 2^128 combinations and
then provide a lookup table of 2^128 32-bit integers.
> Or, since the output will be the same each time the dongle
> runs it,
> he captures the output of the dongle, and bypasses the use
> of the
> dongle after the first time it is used by patching around
> the API call
> to decrypt something, feeding his captured input instead.
2^128 possible outputs is too many to bypass.
Make a distributed system. Require the user to connect to some service.
Only deliver results.
Yours,
VB.
--
Ceci n’est pas une pipe: |
Yes that would be a very effective solution. If the input
data is provided to this service, and the output data is
encrypted, and only the dongle knows how to decrypt this
data, and each piece of data is only decrypted within the
dongle, then copy protection may be close to uncrackable.
You don't need a dongle then.
I would need the dongle to hide the decryption process. I am
aiming to be as uncrackable as possible.
You don't need an decryption process, only authentication.
From a copy protection point of view you may be correct.
From an intellectual property protection point of view there
would still be a gap in protection if the data was not
encrypted and decrypted within black boxes.
There is no such thing as a software black box. Your authentication
software has to be secure even if you're pulicizing the source code.
If you're searching for a solution for business purposes, just send a
mail.
A software black box is software that is implemented as
inaccessible firmware.
That would not prevent an authorized user from making
unauthorized copies, here is more on the dongle idea:
http://www.halfbakery.com/idea/copy_20protection_20dongle
There ain't no such thing like an inaccessable firmware. But, be happy:
in a distributed system, you don't need any.
Maybe I used the wrong terms, a self contained computer with
the only access available through mutually authenticated
encrypted communication over the airwaves, with all of its
software and data stored in volatile ram that is erased
whenever the unit is in any way physically tampered with.
>
> Sure and the cracker only has to test 2^128 combinations and
> then provide a lookup table of 2^128 32-bit integers.
>
Only if the overall application depends on an NP-complete step, with
random internal parameters. Encryption may well be the only such
application.
I didn't follow the reference given earlier, but I did wonder whether
this whole thread was actually a sales pitch. I'd point out that smart
cards have been in active service for decades. All current mobile
phones use them and so do most bank cards. My rapid transit ticket
does, and so do many sporting season tickets.
> software and data stored in volatile ram that is erased
> whenever the unit is in any way physically tampered with.
Tamper resistant security modules are an even older idea than smart
cards, although mainly used in military contexts and for ATMs.
The reliance on batteries will make them relatively fragile and limit
their life. I suspect government agencies have some expertise in
defeating the self destruct on such devices.
>
>
> Sure and the cracker only has to test 2^128 combinations and
> then provide a lookup table of 2^128 32-bit integers.
>
Which they can do as, presumably, the application needs frequent access
to the calculation, unlike a pure authentication device, which will
typically lock out after three attemps.
Further to the note on polynomial time problems, in many real world,
non-encryption, cases it will be possible to interpolate between
parameter sets, which is probably all that the dongle does.
> > Make a distributed system. Require the user to connect to
> > some service.
> > Only deliver results.
> Yes that would be a very effective solution. If the input
> data is provided to this service, and the output data is
> encrypted, and only the dongle knows how to decrypt this
> data, and each piece of data is only decrypted within the
> dongle, then copy protection may be close to uncrackable.
and what for information does that dongel send to the service?
Is it confidential? How can I trust a program/dongle that sends
privat information over the internet? I have to trust the software
100% that it's not sending MY privat information.
no working internet, no working program!?
no firm, program stops working?
Why should I buy such software?
Four 32-bit integers are encrypted on a web app, and only
decrypted one at a time in the dongle. The encryption
process always changes because it begins with a different
random number. The random number is encrypted and stored
somewhere in a large data set. The dongle knows where the
random number is, but reads the whole data set anyway.
> >> Yes that would be a very effective solution. If the input
> >> data is provided to this service, and the output data is
> >> encrypted, and only the dongle knows how to decrypt this
> >> data, and each piece of data is only decrypted within the
> >> dongle, then copy protection may be close to uncrackable.
> >
> > and what for information does that dongel send to the
> > service?
> > Is it confidential? How can I trust a program/dongle that
> > sends
> > privat information over the internet? I have to trust the
> > software
> > 100% that it's not sending MY privat information.
> >
> > no working internet, no working program!?
> >
> > no firm, program stops working?
> >
> > Why should I buy such software?
> >
> >
> Because it saves $50,000 per year, and the next best
> alternative to my $500 program costs $9000.
oh dear, $ 50,00 per year. Not bad for a program that's not yet
on the market; an alpha release.
Sorry, in that case I prefer only a dongle without any internet use.
Use my CPU id and maybe some other hardware as identification.
I have computers not connected to the internet for security reasons.
That's make your software useless I think.
We still don't know what your software should do. You could ask
$500 for a sniffin dongle and because all the info is encrypted we
don't know what the dongle is sending. Nice gadget ;-).
We pay you $ 500 and we save $ 50,000 because you don't attack
our computers if your bots detect your dongle.
Software piracy is part of the internet; you have to life with it.
Your solution ( internet encrypted dongle spy ) has no future.
> The leading automated testing application Quick Test
> Professional replaces three full time human testers and
> costs only $20,000. I am going to be selling this same sort
> of system for $500.00. Because my price is so much less
> than the competition, I want to do everything that I can to
> completely eliminate piracy.
if your device is an instrument like that Beverly Crusher uses
you have to worry more about industrial software patents then
piracy.
The competition will eliminate you, just like M$ has eliminate
a lot of good software tools. Buy the company and shut it down.
>>
> I have a patent on this technology. I am going for two or
> three patents.
>
As I understand patents, you have to reveal enough detail to allow other
to implement the invention, which means the secret part of the algorithm
cannot be essential to the patented invention without revealing enough
of its structure to considerable facilitate reverse engineering the
dongle's critical functions.
Patents are a reward for revealing what would otherwise be trade secrets.
I also suspect a lot of people here are uneasy with software patents.
>
Yes, that just occurred to me in the last few days. Because
of this I may cancel my pending patent and just keep the
current one. The pending patent reveals many more details of
significant development that occurred after the first patent
was filed.
The copy protection that one of my competitors uses is to
sell the license for such an enormous price that he can
afford to spend a few hours getting to know his prospective
customers before releasing any software or users manuals.
The prospective customer must also prove who they really are
before any sale is even considered.
> Yes, that just occurred to me in the last few days. Because
> of this I may cancel my pending patent and just keep the
> current one. The pending patent reveals many more details of
> significant development that occurred after the first patent
> was filed.
that's not the whole story.
You also have to think about the way your program works.
Uses it a database? Lots of patents blocking the free use in your program.
Uses it ( genetic ) algorithms? Uses it neural networks? Uses it expert
systems?
How does it proces the scan information ( if it use a scanning device ).
Etc, etc. and a lot of patents block the free use in whatever program.
Very frustrating and it's shouldn't be allowed because nice software never
sees
the market.
> The copy protection that one of my competitors uses is to
> sell the license for such an enormous price that he can
> afford to spend a few hours getting to know his prospective
> customers before releasing any software or users manuals.
> The prospective customer must also prove who they really are
> before any sale is even considered.
you could also include a scrambled algorith in your software with a
nummer, name of the seller or something like that.
Just like a lot of software programs the program stops working
if you know it's an illegal version.
That requires an internet connection and you know who was
responsible for that 'evaluation copy'.
But I still think a dongle with some nice scrambled tricks does the trick.
I don't have to worry about all that
http://www.seescreen.com/Unique.html
My invention mostly just uses a couple of very old processes
to achieve a brand new result.
(1) Deterministic Finite Automaton
(2) Binary Search
The new result is 100% accurate character glyph recognition
at display screen resolutions that is at least 100-fold
faster than alternatives. Also the next best 100-fold slower
alternative is only about 90% accurate.
>
>> The copy protection that one of my competitors uses is to
>> sell the license for such an enormous price that he can
>> afford to spend a few hours getting to know his
>> prospective
>> customers before releasing any software or users manuals.
>> The prospective customer must also prove who they really
>> are
>> before any sale is even considered.
>
> you could also include a scrambled algorith in your
> software with a
> nummer, name of the seller or something like that.
> Just like a lot of software programs the program stops
> working
> if you know it's an illegal version.
> That requires an internet connection and you know who was
> responsible for that 'evaluation copy'.
> But I still think a dongle with some nice scrambled tricks
> does the trick.
>
>
The dongle might be too slow to be practical, and neither of
the dongle companies respond to my repeated emails.
I may just use conventional try before you buy trialware
protection of a hobbled product, that is hobbled enough to
prevent any useful work, but, not so much that all the
features can not be tested.