This article describes the general ideas and methods for software dongle cracking. It may be strange that yesterday we just introduced the "Software encryption lock product evaluation". How can we introduce the knowledge of dongle cracking today? In fact, as a software developer, it is really important to study Software Encryption. However, it is also necessary to know more about encryption dog decryption and cracking. Encryption and cracking are like spear and shield, the more you know about decryption, the better the encryption code you write. You must know that encryption is always easier than decryption. Only by knowing yourself and yourself can you win a hundred battles.
Hardware Encryption locks, the common "dongle", can be roughly divided into three methods for dongle cracking, one is to clone or copy hardware, one is to debug and track decryption through SoftICE and other debug tools, one is to modify the communication between software and dongle by writing interception programs.
Hardware cloning and replication are mainly targeted at dongles Made in China. Because Chinese dongles do not have the manufacturing capability of core encryption chips, some of them use general chips on the market, after the hacker analyzes the chip circuit and the content written in the chip, he can immediately copy or clone a completely identical dongle. However, foreign dongles cannot use this method. Foreign dongles use chips developed by themselves with good security and are usually difficult to copy, in addition, Chinese dongles are also using imported Smart Card chips. Therefore, this hardware cloning and decryption method is less and less useful.
Due to the increasing complexity of the software for debugging and cracking, more and more code is generated by the compiler. The complexity of tracking debugging and cracking through disassembly and other methods has become higher and higher, and the cracking cost is also higher and higher, at present, few people are willing to spend a lot of energy on such complex cracking unless the cracked software has great value.
Currently, encryption locks (dongles) are mainly used to decrypt and crack data between applications and encrypted dynamic libraries. This method is cost-effective and easy to implement. Encryption locks (dongles) with single chip microcomputer and other chips as the core have a good decryption effect.
Since the application interface (API) of the encryption lock (dongle) is basically open, it is easy to download the programming interface API, user manual, and other related information of the dongle from the Internet, you can also learn about the latest developments in dongle technology.
For example, a famous American dongle from a well-known Chinese supplier, all of its programming materials can be obtained from the Internet, we know that this encryption lock (dongle) has 64 memory units, 56 of which can be used by users. Each of these units can be used as one of the three types: algorithm, data value, and counter.
The data value is easy to understand. The data value is the data stored in a read/write unit. Just like the data stored in a hard disk, you can use the READ function to read the data in the unit, you can also use the write function to save your information to the storage unit.
A counter is a unit in which a software developer can use the decrement function to reduce the value by one. When a counter is associated with an active algorithm, if the counter is zero, the deactive algorithm is closed.
The algorithm unit is hard to understand. The algorithm (algorithm) is such a technology. You use the query (querydata) function to access it, where querydata is the query value. The preceding function has a return value, the encrypted program knows a set of such query value/return value pairs. Use the above function to check the existence and authenticity of the dog where encryption is required. The software cannot read or modify the unit specified as an algorithm, even if you are a legal user. I understand that this technology not only increases program complexity, it is mainly used to deal with the attack using the simulator technology.
All API function calls of this encryption lock (dongle) will return values. If the return value is 0, the operation is successful.
Therefore, the idea of cracking came out, that is, using our own tools (such as VB and Vc) to re-compile a DLL dynamic library file that is the same as that of the dongle API, it also contains read, write, and other functions included in all APIs. The parameters and return values used are the same as those of the original functions. All functions return zero. Then, process the query and read functions and return the values required by the application software.
After this new DLL file is compiled successfully, the original DLL file will be replaced directly. When the application software is run again, all the operations of the software accessing the dongle will be intercepted, the interception program will always return the correct data to the software, thus simulating dongle running.
The above are some common ideas for cracking software dongles (encryption locks). For such cracking, software developers still have some corresponding countermeasures, in the next article "Software encryption lock programming skills", I will introduce how software developers can write secure and reliable code to invalidate this similar method of cracking.