Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page New Dongle technology, using Smart Cards
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-27-2005, 04:51
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
  
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
SmartCards usage inside dongles cannot bring anything powerful simmply because of SmartCards acrhitecture.

Nevertheless of the fact that SmartCard can block the access to their OS, file system and core, it is still crackable because they are too slow to operate as virtual machines. Even if they would, you can always decompile/decrypt encrypted/translated code (look at XProtector, StarForce) because each protection, before the protection takes place, inserts own signatures (markers) inside the software to be protected. Of course I mean nowadays common technologies.

The other fact is that SmartCard is nothing fancy nowadays. You can use ASICs and FPGAs (e.g. using a so called secure bit, like in Xilinx devices) to perform much more flexible and powerful protection, with less effort.

There is still a big, unused hole in software protections. It is not about anti-dumping, anti-debugging and bla bla... It is about creativity.
Last edited by dyn!o; 04-27-2005 at 04:55.
Reply With Quote
  #2  
Old 04-27-2005, 21:08
Sarge
 
Posts: n/a
That is all very true.

I'm pointing out that there is a difference between a SmartCard, as used as a "badge" for, say, secure access through a locked door, and SmartCard technology as may be used in something still as critical, but not necessarily as urgent. SmartCards themselves have two "limitations", one is the time frame for action/reaction, and the other is the read range. But both of these are considered desireable by security geeks.

Using the technology as a dongle means that there is no significant urgency, as you normally have a "long" (many, many seconds) bootup time for the PC. And, given that there is usually some kind of wired connection from the card reader to the PC, it means relative ease of interception of the data as well as plenty of time to intercept the data and analyze it later. Of course, the typical big-company employee just wants to get his job done, and doesn't really care about things like that. Nevertheless, I expect you are right, and, regardless of the data itself, the actual implementation of the protection method is where the creativity must be focused. I would think
biometrics is where the efforts will be.

sarge
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 07:44.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )