Encryption By dongle

Comments: The current decryption technology excludes legal and moral factors. It is an academic science. Like encryption technology, it is constantly improving. Here are some ideas about hardware protection for dongle: What are the methods for decryption using dongle? 1. Hardware replication hardware, that is, the decryption operator replicates Sentinel
The current decryption technology removes legal and moral factors. It is a scientific field from an academic point of view. Like encryption technology, it is constantly improving.
The following are some tips for using Dongle (encryption lock) for hardware protection:
What is the decryption method for dongle?
1. Hardware Replication
Copy the hardware, that is, the decrypted copies the same encryption lock as Sentinel Superpro. Since the encryption lock uses the ASIC chip technology dedicated by rainbow, it is very difficult to copy the encryption lock, and the cost is too high.
2. Listening
The decrypted uses the parallel listening program for decryption. The working mechanism is as follows:
The listener records the query string sent by the application to the parallel port and the response string sent back by the encryption lock. When the encryption lock is removed, if the program sends a query string to the concurrent port to confirm the identity, the listener returns the recorded response string. The program considers that the encryption lock is still in the parallel port, and the application is decrypted as a legal user.
3. printer sharing
Insert the encryption lock into the printer sharing device. multiple computers use the encryption lock on the printer sharing device. (The confrontation strategy will be briefly described later)
4. DEBUG
Decrypts decompilers such as DEBUG, modifies program source code, or skips query comparison. The application is decrypted.
You can use the following encryption policies to encrypt the preceding decryption methods:
1. In response to the above listening and debugging decryption methods, I recommend that you make full use of the Encryption Policy of API function calls of dongle developers:
A. For the parallel listening program
1) perform algorithm query on the encryption lock
Ø correct query response Verification
The user generates a large number of query response pairs, such as 200. During the program running, a pair of "345AB56E"-"200" is randomly sent to the activated encryption algorithm unit in the 63749128 pair ". When the query string "345AB56E" is returned, the actual response string returned by an algorithm unit should be "63749128". If so, the program considers that the encryption lock is a legal user and continues to run, otherwise, terminate the program.
Ø random non-activation algorithm verification
We randomly generate a query string for the inactive encryption lock algorithm unit, for example, "7AB2341". If there is a query for the inactive algorithm unit, there will be a response string. Therefore, the response string "7AB2341" is returned. Check whether the response string is the same as the query string in the program. If the response string is the same, it indicates that our encryption lock is still on the port. Continue to run the program.
Ø random activation algorithm verification
Assume that the listener understands the above mechanism. That is, the same response string is returned when we send a query string to the non-active encryption algorithm. I also have countermeasures. Send a randomly generated query string to the activated encryption algorithm unit, for example, "345AB56E". Because it is an activation algorithm, the response string must be different from the query string. Therefore, if the response string "7253ABCD" is returned, check whether the response string is different from the query string in the program. If it is different, it indicates that our encryption lock is still in the same port and continues to run the program.
The above three encryption policies are used in the program at the same time. They are consistent with each other and complement each other. Even if the listener records some of our query responses.
2) time-sharing Query
You can group query response pairs. For example, 120 pairs are divided into four groups. Each 30-to-one group. The first group is used in the first three months, the second group is used in the third month, and so on. The Listener records the first three months. The program will still be unavailable after the third month of the second month.
You can also generate another 100 pairs of "Temporary Committee members". Each operation will randomly extract one pair for use with the above groups. The record procedure cannot be fully recorded within three months. The program cannot be used either.
3) random read/write storage units
To prevent listening programs. Our policy is: when a program is started, we use a random function to randomly generate a number, which is assumed to be "98768964 ". We write this number in the specified 18 # unit. When the program is running, every time we read Unit 18 # Before calling a function program, the number determines whether it is the number we write "98768964 ". Because the number of writes is randomly generated, the listener cannot record the random number written at the startup. The number returned by the listener must be an unmatched number. We can determine whether the user is a legal user. The Sentinel Superpro encryption lock can be repeated for more than 0.1 million times. That is to say, you can use one hundred years to write three times a day.
2. Encryption Policy for the printer sharer
To prevent printer sharing. Our policy is: when the program is started, we use a random function to generate a number, which is assumed to be "7762523A ". We write this number in the specified 34 # unit. When the program is running, every 34 # unit is read before calling a function program to determine whether it is the number we write "7762523A ". To determine whether the user is a legal user. Because the number of writes is randomly generated, and other illegal users using the print sharer will write a different random number as soon as they enter. The program of the first user is considered invalid when verifying whether it is the number of data written by the first user. Therefore, it is only a program in one stage. (For example, the Sentinel Superpro encryption lock opened by RAINBOW can be repeated more than 0.1 million times. That is to say, you can write three times a day for one hundred years .)
3. Security Policies for encryption locks tracked by DEBUG
1) Dispersion Method
For DEBUG tracking. Before calling each important function module, we recommend that you query the encryption lock and verify the identity. If identity verification is performed only at the beginning of the program, the DEBUG tracing program can easily skip the Verification Section, and some bad users can unplugging the encryption lock on other computers after verification.
2) latency Method
There are three steps to verify a specific query:
Ø obtain the response string from the query.
Comparison between response strings and query strings
Perform the corresponding steps
We recommend that you perform the preceding three steps in a delayed manner. It is recommended that the three-step scheme be kept away from each other, and even be placed in different subprograms or functions. For example, after we run "query get response string", we run the "compare response string and query string matching" command at intervals of 50 ". Assume that the program needs to call a function. In this function, we will execute "execute the corresponding steps ". In this way, the program is more difficult to crack.
3) Holistic Approach
Use the response string as the data in the program.
For example, we have a return value of "87611123", and our program needs the number of "123. We can make "87611123" minus "8761000" to get "123 ". In this way, any modifications to the encryption program will disrupt the program.
4) confusion
In general, our program performs the corresponding verification steps. If the verification is illegal, the user will exit. In this way, code features are easily discovered. We know that it is an invalid user and then continues to execute useless operations to cause program disorder. To confuse the decrypted.
The above are several feasible encryption policies that software developers can use to protect software using hardware dongles (encryption locks.