Build your own dongle

[redbull]

I found this design project on Amtel AVR 2004 design contest web site.

hxxp://www.circuitcellar.com/avr2004/DA3824.html

Intelligent Security Serial Dongle

The ATmega8L-8AI microprocessor-based Intelligent Security Serial Dongle effectively restricts access to a computer or embedded system. The low-cost design uses an MD5-based challenge-response authentication procedure augmented by a random number generator. No external power source is needed.
(RS-232)

for cracking dongle it is useless.

for protecting some software use Matrix-Dongle

it is cheaply and good.

hxxp://www.matrixlock.de/

[taos]

Quote:

Originally Posted by redbull

I found this design project on Amtel AVR 2004 design contest web site.

hxxp://www.circuitcellar.com/avr2004/DA3824.html
The ATmega8L-8AI microprocessor-based Intelligent Security Serial Dongle effectively ... by a random number generator.
No external power source is needed.(RS-232)

You can make a similar project with PIC (16F87X,etc...) I made one last year.
Use a usb interface with the PIC (like USB to RS232 FT232 converter), the Quartz crystall oscilator and the power supply filtering capacitors.The cost maybe 5-9 $. Use virtual USB-serial drivers (you can use the USB like a com serial port). You don't need external supply (USB has a VDC line). Then you can do this:
Your EXE open virtual com port, send a string to the PIC ("0ABBAA00"), the PIC convert this into a string like ("CALL BBAA00" opcodes), send this string to your EXE, then your EXE writes this in memory a jumps.
It's like a VM engine, you can also shares info between PIC & EXE (HD serial,etc...), stores seeds in PIC flash memory, make jumps calculations,etc...
But any cracker can put a BP AFTER your send/receive ports commands and rebuild the EXE.
So the problem is that you can not execute x86 opcodes in the pic. If you stores some procedures of your EXE in the pic and then upload this to the EXE you make a hardware dependent dongle. So for a newbaby cracker you can use this but it's more easy to protect with Execryptor (for example) to avoid them.

[Hero]

It seems taos is really worked hard on this.
Suggesting PIC series in a very good suggestion,No programmer needed,In addition of very cheap microchips and simple circuit...
I think using PIC is a great idea too....

sincerely yours

[redbull]

Look it will be easy to fool I dont doubt it.

The idea is to prevent people from simply revesing the standard ones like Sentinel and the others.

PIC controllers are cheap, they have built in code protection (Although I have come across code to crack / reverse this, it is very processor specific).

I like your idea of using the chip as a VM to create the required instructions.

I wrote a paper a long time ago on functional verification, which is using special constant (but caluclated) numbers as key numbers in functions within the application, or take it to the next level where a "key file" can contain not only key information but corresponding assembler code to inject into your own process and run (it will only run correctly if the key file is 100% correct).

TERMPAK's protection is similar to that in some regards.

Taos, Thanks for the info on the FT232 chip, very very handy!!! I normally go through Max232 to convert TTL to RS232, and then would have run it over a Prolic RS232-USB convertor (as a virtual COM port) to connect to USB. Its nice to know about other USB chips and options out there. (of course nothing stops the "cracker" from hooking the CreateFile API and modifying the returns for your calls to the USB device)

Here is an implementation on the PIC16F84A of a standard idea to just return a magic number from a valid "serial".

We will assume that we read the value from the PC into the W register and write our return value into W as well.

Code:

MAGIC1 EQU 013h
MAGIC2 EQU 01Fh
ScratchByte EQU 020h
ResultByte EQU 021h
proc MangleNumber
xorlw MAGIC1
andlw MAGIC2
movwf ScratchByte, f
movlw 1                      ; Bad condition
btfsc ScratchByte, 7     ; if the 8th bit is low then not good (skip the addlw) 
addlw 1
btfsc ScratchByte, 1     ; if the 1st bit is low then not good (skip the addlw) 
addlw 4
xorwf ScratchByte,W
return
endp MangleNumber

The code assumes we are working with 8bit registers (which is not really the case on PIC16f84A).

After MangleNumber is executes W will contain the following

Code:

Pseudocode for above ASM:
W = (W xor 0x13);
tmp = 1;
if (W&1==1) {
tmp++;
}
if (W&128==128) {
tmp+=4;
}
// If all was correct (eg bit 7 and bit 1 were set) 
// tmp will equal 6
// else tmp could be 1, 2 or 5
W = W xor tmp;

Of course the above is easy to reverse, so use something like CRC8 or more exotic non-reversable routines to get your magic number.