0

I have read all the existing discussions on piracy and hardware support, so this is not the same old question. I have a new twist on this old discussion. You can now purchase dongles for USB that allow you to put some of your important code into the dongle. If you have a complex algorithm and you put it into the dongle, someone would have to reverse engineer the contents of the dongle. If they tried to spoof the dongle, as was possible in the past, this would not work. All they can see is that data goes into a "black box" and result data comes out. It is no longer a matter of finding a jump true/false to bypass a license check in the source code.

Perhaps a mathematician with a lot of idle time on his hands could eventually reverse it, but that is an extreme level of interest! The other option is that the hardware dongle itself would need to be hacked. There are many protections against this built in, but this is probably the most effective approach.

So I want to take a scenario and see if I've missed something. I put the important part of my algorithm into the dongle to protect it. 6 doubles and 1 int go into the dongle, 1 double and 1 int are returned. This happens for thousands of data points. This is one of several functions of similar complexity. A hacker can see the rest of my assembly code (which I do as much as possible to obfuscate), but lets assume it is easily hacked. My question is, how hard is it to break into the dongle to access my assembly code in this proprietary hardware? Let's take as an example this companies product: http://www.senselock.com

I am not interested in lectures on how I'm inconveniencing customers and should open source my product, please. I am looking for a technical discussion on how a software/hardware engineer might approach extracting my assembly object from such a device. And I am not asking in order to hack one, but to know how much hassle I have as my discouragement against tampering. I know if there is a will, there is always a way. But at first glance it looks like it would take several thousand dollars worth of effort to bypass this scheme?

Given the response so far, I am adding some more specifics. The dongle has the following property, "Access to the chip is protected by PIN, and the maximum re-tries is pre-set by software developers. For instance, under a dictionary attack, once the number of re-tries exceed the pre-set value, the chip will trigger a self-locking mechanism". So to access the chip and thus the code inside it, you have to know the PIN, otherwise after let's say 10 tries you will be locked out. I personally can't see any way anyone could compromise this system. It doesn't matter what goes in or out, what matters is what runs inside the dongle ARM processor. Physical forced access would destroy the chip. Electrical access would require the PIN, or the chip locks up. How else could it be compromised?

tradetree
  • 354
  • 3
  • 20
  • Right off, I would not know how to do this but I am pretty sure there are people out there who would be able to rig a system so that they could monitor all traffic going to and from the dongle. Would having that information be enough to spoof it? – 500 - Internal Server Error Jan 05 '14 at 20:37
  • No. I assume they can see all traffic to and from the dongle. It can't be spoofed that way. The question is if there is a way to access the code inside of the dongle. It is a hardware / software technical question. – tradetree Jan 05 '14 at 22:13
  • From the manufacturer, "EAL 5+ in the global hi-tech sector, that practically enable EL with the outstanding effectiveness in resisting of major attacks such as Electronic Attack (SPA and DPA), Probe Attack (SiShell), Chip Dissection and Debug Port." - Someone thought I did not do enough research, but that is why I'm posting the question. This is not my area of expertise! Is it someone else's? This looks to me like it is very hard to break into such a dongle. Let me repeat, the question is NOT if you can/can't spoof the dongle, but if you can READ the dongle? – tradetree Jan 05 '14 at 22:20
  • If the delivered dongle only is accessed to let input data being processed by the dongle's processor and receive output data - yes, then it can be a solid protection. It is not safe to use as external memory. All must integrated in a single chip. The data processed should be non-repeatable. – Joop Eggen Jan 06 '14 at 00:15
  • Yes, this is stock market data going in, with algorithmic results data based on an intractably complex manipulation of inputs (blackbox), going back out. Thanks for the help. – tradetree Jan 06 '14 at 15:17

2 Answers2

1

I pretty much agree with your point of view that all dongles could be hacked, it just the matter of time and cost. If your encryption scheme is well-designed the EAL 5+ chip should be secure enough to prevent your software form malicious attacks.

And I think if you can READ the dongle it's probably means you already hacked the dongle, or it proofs there is a fatal vulnerability in the encryption scheme.

BTW, the link you give above is not work. Are you referring to this dongle? http://www.senselock.com/en/productinfor.php?nid=180&id=142&pid=

Rebecca Wu
  • 21
  • 2
  • Yes, I updated the link in the question to just go to the main company page. I also could not afford, or did not wish to leave anything to chance regarding protecting my IP, so I have a new approach. I am now not distributing my code in any form, even within a dongle. Instead my server serves out the results of my algorithm with a local database to store old values. If you are looking at older values then they are fast and right in the local database. For new values the server has to provide them, after authentication of course. No intellectual property leaves my server. – tradetree Mar 28 '14 at 21:11
-1

there are companies(such as break-ic.com) which have the list of mcu which they can break. after breaking they give you only hex files. in this case(mcu)every manufacturer has its own disassembler because of hardware architecture of every mcu core and there is no guarantee that your desire disassembler is exist!!!
so you must search for dongles which they have unbreakable mcu or their mcu has no disassembler. or you can build you own dongle!!

peiman sh
  • 1
  • 1