Introduction to dongle

Edit this section

A dongle is a hardware device that looks like a USB flash disk. It is named as a locking device and has developed into a popular term for software protection, "dongle" is an encryption product that integrates software and hardware into the computer parallel port (the new dongle also has USB ports ). Generally, there are dozens or hundreds of bytes of non-volatile storage space for reading and writing. Now the newer dog also contains a single chip microcomputer. Software developers can exchange data with software dogs through interface functions (that is, reading and writing software dogs) to check whether software dogs are plugged into the interfaces; you can also directly use the tool that comes with the software dog to encrypt your EXE file (commonly known as "shell "). In this way, software developers can set multiple software locks in the software, and use the software dog as the key to open these locks. If the software dog is not inserted or the software dog does not match, the software cannot be executed normally.

The dongle exchanges data with the dongle during software execution to implement encryption. the dongle has a built-in Single-Chip circuit (also called CPU), which enables the dongle to have the ability to judge and analyze, and enhances the active anti-decryption capability. This encryption product is called "smart" dongle. The embedded MCU of the dongle contains an algorithm software dedicated to encryption. After the software is written into the MCU, it cannot be read again. This ensures that the dongle hardware cannot be copied. At the same time, encryption algorithms are unpredictable and irreversible. The encryption algorithm can convert a number or character into an integer, such as dogconvert (1) = 12345, dogconvert (A) = 43565.

Dongle is an intelligent software protection tool provided for software developers. It contains a hardware installed on the computer parallel port or USB port, and a set of interface software and tool software for various languages. Based on hardware protection technology, dongle aims to protect software and data against illegal use of intellectual property rights.

In fact, in programming, a file named. Key is added to a small storage tool. In this way, you must first access the key to access something.

Edit the working principle of this section

　　How the dongle works:

The dongle exchanges data with the dongle during software execution to implement encryption. the dongle has a built-in Single-Chip circuit (also called CPU), which enables the dongle to have the ability to judge and analyze, and enhances the active anti-decryption capability. This encryption product is called "smart" dongle. The embedded MCU of the dongle contains an algorithm software dedicated to encryption. After the software is written into the MCU, it cannot be read again. This ensures that the dongle hardware cannot be copied. At the same time, encryption algorithms are unpredictable and irreversible. The encryption algorithm can convert a number or character into an integer, such as dogconvert (1) = 12345, dogconvert (A) = 43565. Next, we will give an example to illustrate the use of single-chip microcomputer algorithms.
For example, a program has the following sentence: A = FX (3 ). The program obtains the value of variable A according to constant 3. So we can rewrite the original program as follows: a = FX (dogconvert (1)-12342 ). Therefore, constant 3 will not appear in the original program, and the value is dogconvert (1)-12342. In this way, only the software compiler knows that the actual call constant is 3. If there is no dongle, The dogconvert function cannot return the correct result. The result of the calculation formula A = FX (dogconvert (1)-12342) is certainly not correct. This encryption method prevents pirated users from using the software. It is more gentle, concealed, and hard for decrypted users to consider than warning or suspending the encryption method when illegal use is detected. In addition, the dongle also has read and write functions that can be used to read and write the memory inside the dongle. So we can write 12342 in the formula to the memory of the dog, so that the value of a is completely dependent on the results of the dogconvert () and dogread () functions, making decryption difficult. However, in general, the encryption algorithm of the dongle is less difficult than some public encryption algorithms, such as des, because the decrypted will face many difficulties before reaching the encryption algorithm of the dongle.

Edit the development process of this section

With the development of decryption technology, the single-chip microcomputer encryption dog is gradually eliminated by the market due to its simple algorithm, small storage space, and easy hardware replication. Domestic dongle manufacturers headed by Beijing rainbow World Information Technology Co., Ltd. developed a solution with better stability and larger storage space (up to 64 K) effectively prevent the fourth-generation dongle of hard cloning-"smart card" dongle with its original "code porting" principle, it has been used by large domestic commercial software developers such as Qingzhou software, Kingdee, yonyou, caxa, guanglianda, smart computing, Luban ...... .

Taking the world's first Smart Card encryptor-cutting IV as an example, we will briefly introduce the principle of "code porting.

The encryption principle of "code porting" is a brand new and trusted software protection model. The working principle is as follows:Some codes in the software have been compiled and "transplanted" into the encryption lock hardware. The software does not have a copy of the code.

In this software protection solution, the key code and data of PC-side application software are "lost" and securely transplanted to the hardware of the precision IV encryption lock for protection. When necessary, the application software can use the function call engine to instruct precision IV to run key code and data in the hardware and return results, so as to still complete all the functions of the entire software. Since there is no copy of the code and data on the PC end, the decryption cannot guess the algorithm or steal data, thus greatly ensuring the security of the entire software system. In short, jingrui IV provides a set of trusted solutions to theoretically ensure the security of Software encryption.

Edit this protected Programming Language

The programming languages that dongle can protect are constantly changing with the development of computer hardware and operating systems.

In the 1980s S, personal computers were primarily at, 286, and other models. A man-machine operating system is mainly dos, while a enterprise server operating system mainly uses Novell's Netware. Engineers developing dongle protection software must modify the int21 and int10 methods of DOS to encrypt the EXE files under DOS, or provide specific APIs, provides encryption for programming languages such as Turbo C, Fortran, and basic. In some cases, engineers who develop dongle protection software may use dos debug to directly write. com files.

Since then, the man-machine operating system has gone through upgrades such as Windows, Windows 95, Windows 2000, Windows NT, and XP, and the methods to protect EXE files are also from DOS resident programs, to write methods such as VxD and SYS. The programming language also covers: MASM, Turbo C, Vc, Watcom C for NetWare, Watcom C for x86, ndp c for x86, NDP Fortran, Visual FoxPro, clipper, lisp for AutoCAD, etc.

With the increasing hardware processing capability of dongle and the popularization of computer USB ports, software protection is gradually dependent on general encryption algorithms instead of encryption programming skills of encryption software. Using Dynamic Link Libraries and controls can meet the protection requirements of most programming tools and software. Dongle manufacturers are freed from customizing APIs for different programming tools and software one by one.

Edit the application case of dongle technology in this section

1. guanglida cost software

2. Future cost software (Jiangsu)

3. qinghuasville cost software

4. Clever computing cost software

5. Luban cost software

Edit use and maintenance for this section

The current decryption technology removes legal and moral factors. It is a scientific field from an academic point of view. Like encryption technology, it is constantly improving.

What is the decryption method for dongle?

1. Hardware Replication

Copy the hardware, that is, the decrypted copies the same encryption lock as sentinel superpro. Since the encryption lock uses the ASIC chip technology dedicated by rainbow, it is very difficult to copy the encryption lock, and the cost is too high.

2. Listening

The decrypted uses the parallel listening program for decryption. The working mechanism is as follows:

The listener records the query string sent by the application to the parallel port and the response string sent back by the encryption lock. When the encryption lock is removed, if the program sends a query string to the concurrent port to confirm the identity, the listener returns the recorded response string. The program considers that the encryption lock is still in the parallel port, and the application is decrypted as a legal user.

3. printer sharing

Insert the encryption lock into the printer sharing device. multiple computers use the encryption lock on the printer sharing device. (The confrontation strategy will be briefly described later)

4. Debug

Decrypts decompilers such as debug, modifies program source code, or skips query comparison. The application is decrypted.

Several encryption policies

1. In response to the above listening and debugging decryption methods, I recommend that you make full use of the Encryption Policy of API function calls of dongle developers:

A. For the parallel listening program

1) perform algorithm query on the encryption lock

& Oslash; verify the correct query response

The user generates a large number of query response pairs, such as 200. During the program running, a pair of "345ab56e"-"200" is randomly sent to the activated encryption algorithm unit in the 63749128 pair ". When the query string "345ab56e" is returned, the actual response string returned by an algorithm unit should be "63749128". If so, the program considers that the encryption lock is a legal user and continues to run, otherwise, terminate the program.

& Oslash; random non-activation algorithm verification

Send a randomly generated query string to the inactive encryption lock algorithm unit, for example, "7ab2341". If the inactive algorithm unit has a query, a response string is generated. Therefore, the response string "7ab2341" is returned. Check whether the response string is the same as the query string in the program. If the response string is the same, it indicates that the encryption lock is still on the port. Continue to run the program.

& Oslash; random activation algorithm verification

Assume that the listener understands the above mechanism. That is, the same response string is returned if any query string needs to be sent to the non-active encryption algorithm. Send a randomly generated query string to the activated encryption algorithm unit, for example, "345ab56e". Because it is an activation algorithm, the response string must be different from the query string. Therefore, if the response string "7253abcd" is returned, check whether the response string is different from the query string in the program. If the response string is different, it indicates that the encryption lock is still in the parallel port and continues to run the program.

The above three encryption policies are used in the program at the same time. They are consistent with each other and complement each other. Even if the listener records some of our query responses.

2) time-sharing Query

You can group query response pairs. For example, 120 pairs are divided into four groups. Each 30-to-one group. The first group is used in the first three months, the second group is used in the third month, and so on. The Listener records the first three months. The program will still be unavailable after the third month of the second month.

You can also generate another 100 pairs of "Temporary Committee members". Each operation will randomly extract one pair for use with the above groups. The record procedure cannot be fully recorded within three months. The program cannot be used either.

3) random read/write storage units

To prevent the listening program, the policy is: a random number generated by a random function at the startup of the program, which is assumed to be "98768964 ". Write this number in the specified 18 # unit. When the program is running, every time we read Unit 18 # Before calling a function program, the number determines whether the number of data records is "98768964 ". Because the number of writes is randomly generated, the listener cannot record the random number written at the startup. The number returned by the listener must be an unmatched number. You can determine whether the user is a legal user. The Sentinel superpro encryption lock can be repeated for more than 0.1 million times. That is to say, you can use one hundred years to write three times a day.

2. Encryption Policy for the printer sharer

To prevent the print sharer, the policy is: when the program starts, a random number is generated by using a random function, which is assumed to be "7762523a ". Write this number in the specified 34 # unit. When the program is running, every 34 # unit is read before calling a function program to determine whether it is the number of "7762523a ". To determine whether the user is a legal user. Because the number of writes is randomly generated, and other illegal users using the print sharer will write a different random number as soon as they enter. The program of the first user is considered invalid when verifying whether it is the number of data written by the first user. Therefore, it is only a program in one stage. (For example, the Sentinel superpro encryption lock opened by rainbow can be repeated more than 0.1 million times. That is to say, you can write three times a day for one hundred years .)

3. Security Policies for encryption locks tracked by debug

1) Dispersion Method

For debug tracking. Before calling each important function module, we recommend that you query the encryption lock and verify the identity. If identity verification is performed only at the beginning of the program, the debug tracing program can easily skip the Verification Section, and some bad users can unplugging the encryption lock on other computers after verification.

2) latency Method

There are three steps to verify a specific query:

& Oslash; query response string

& Oslash; compare whether the response string and query string match

& Oslash; perform the corresponding steps

We recommend that you perform the preceding three steps in a delayed manner. It is recommended that the three-step scheme be kept away from each other, and even be placed in different subprograms or functions. For example, after "query gets response string" is executed, "compare response string and query string matching" are executed at intervals of 50 ". Assume that the program needs to call a function. Then, execute "execute the corresponding steps" in this function ". In this way, the program is more difficult to crack.

3) Holistic Approach

Use the response string as the data in the program.

For example, if the return value is "87611123", the program needs "123. You can subtract "87611123" from "8761000" to get "123 ". In this way, any modifications to the encryption program will disrupt the program.

4) confusion

Generally, the program performs the corresponding verification steps. If the verification is illegal, the user will exit. In this way, code features are easily discovered. As a result, the program is disordered by continuing to execute useless operations after an illegal user is known. To confuse the decrypted.

The above are several feasible encryption policies that software developers can use to protect software using hardware dongles (encryption locks.