New Dongle technology, using Smart Cards
 

Yesterday I received a new dongle, which is using a brand new technology in dongle, Smart Cards. Vendor is the Chinese Feitian Technologies and the product is Rockey 5.

http://www.ftsafe.com/products/viewproduct.php?p=rockey5

According to FT, the smart card runs an operating system bundled on the card (COS). Storing parts of code into the card and executing them inside the COS make things very complicated for crackers, while Smart card technology is not an easy thing.

I can see in the next year crackers talking in this forum for cryptography and analysis rathen than debugging and reverse engineering.

Been there, done that.

One good thing, if the vendor is Chinese, he won't be using DES.

Anyway, about the COS: The credential can, in fact, hold an application. But it is typically not an execuable app in the manner you might normally think of it.
What there IS, is a short routine on the credentail that is akin to a file control system; it accesses, reads and writes blocks of memory. Of course, the most significant memory block is the one containing the Identification Number. All this happens
after the authentication handshaking, which typcially uses some kind of encryption. This is the reason this type of transaction is so slow; there is a lot of
data to pass in both directions and the bandwidth is very low on this type of communication. The communication frequency is typically 13.56 MHZ on the most recent SmartCards,
and thus the range (distance between dongle and credential] is short.

Just some FYI

Sarge

SmartCards usage inside dongles cannot bring anything powerful simmply because of SmartCards acrhitecture.

Nevertheless of the fact that SmartCard can block the access to their OS, file system and core, it is still crackable because they are too slow to operate as virtual machines. Even if they would, you can always decompile/decrypt encrypted/translated code (look at XProtector, StarForce) because each protection, before the protection takes place, inserts own signatures (markers) inside the software to be protected. Of course I mean nowadays common technologies.

The other fact is that SmartCard is nothing fancy nowadays. You can use ASICs and FPGAs (e.g. using a so called secure bit, like in Xilinx devices) to perform much more flexible and powerful protection, with less effort.

There is still a big, unused hole in software protections. It is not about anti-dumping, anti-debugging and bla bla... It is about creativity.

baatazu this is really old news if you ask me :P But i think protection is really good.I also have the key here but so fare i was not able to crack it :) Ok i confess i didnt even try it :P

To dyn!o : I must agree with you , i still think its duable.You just need to create virtual OS of smart card dongle ,copy all bytes from dongle key and insert that code into real app.HOw hard it can be to download all bytes :P

After you did all this you can start reversing or cracking the dongle part.When you are
done , you can all youself Smart Cards MAster :P

P:S.: sounds simple but it isnt :P


BYe NeO

That is all very true.

I'm pointing out that there is a difference between a SmartCard, as used as a "badge" for, say, secure access through a locked door, and SmartCard technology as may be used in something still as critical, but not necessarily as urgent. SmartCards themselves have two "limitations", one is the time frame for action/reaction, and the other is the read range. But both of these are considered desireable by security geeks.

Using the technology as a dongle means that there is no significant urgency, as you normally have a "long" (many, many seconds) bootup time for the PC. And, given that there is usually some kind of wired connection from the card reader to the PC, it means relative ease of interception of the data as well as plenty of time to intercept the data and analyze it later. Of course, the typical big-company employee just wants to get his job done, and doesn't really care about things like that. Nevertheless, I expect you are right, and, regardless of the data itself, the actual implementation of the protection method is where the creativity must be focused. I would think
biometrics is where the efforts will be.

sarge

Hey that chinese smart card dognel just arrived to the europian market. So its new here ;) Actually, I was comparing the new technology with the old dongle technologies. Im not telling that its the best protection. But its something requires more than medium skills. I dont believe that generic emulators will be out (as crackers did for HASP4 for example). That RSA public/private (private stored inside the smart card) will bring lot of troubles to developers and will take long time to study and analyze that thing. Im almost sure that the cracker must have at least good skills on cryptography to prevent (or remove) this protection.

It is not about cryptography. It is about the way of code encryption/decryption (or translation in case of virtual machines, own environments, virtual CPUs, etc.). You can use any algorithm, even hybrid, and you will lose becuase in some moment your code has to be detranslated/decrypted. Till the day someone will propose a new way of abstraction, everything will be crackable in a short time. The hardest software protections take now ~10 days for the deprotection on the first approach and then ~10 hours for the deprotection after getting acquainted with it. That is too short.