Principles and Methods of USB dongle cracking

Hardware Encryption locks, the common "dongle", can be roughly divided into three methods for dongle cracking, one is to clone or copy hardware, one is to debug and track decryption through SoftICE and other debug tools, one is to write InterceptionProgramModify the communication between software and dongle.


Hardware cloning and replication are mainly targeted at dongles Made in China. Because Chinese dongles do not have the manufacturing capability of core encryption chips, some of them use general chips on the market, and hackers analyze the chip circuit.
And the content written in the chip, you can immediately copy or clone a completely identical dongle. However, foreign dongles cannot use this method. Foreign dongles use their own hardware with good security.
It is usually difficult to copy the chips, and the domestic dongle is also using the imported smart card chip. Therefore, this hardware clone decryption method is less and less useful.

For debugging and cracking, the compiler generatesCodeThere are also more and more methods. The complexity of tracking and debugging cracking through disassembly and other methods has become higher and higher, and the cracking cost is also higher. At present, few people are willing to spend a lot of energy on such complicated cracking, unless the software to be cracked has a high value. Currently, encryption locks (dongles) are mainly used to decrypt and crack data between applications and encrypted dynamic libraries. This method is cost-effective and easy to implement. Encryption locks (dongles) with single chip microcomputer and other chips as the core have a good decryption effect.
Since the application interface (API) of the encryption lock (dongle) is basically open, it is easy to download the programming interface API, user manual, and other related information of the dongle from the Internet, you can also learn about the latest developments in dongle technology.
For example, a famous American dongle from a well-known Chinese supplier, all of its programming materials can be obtained from the Internet, we know that this encryption lock (dongle) has 64 memory units, 56 of which can be used by users. Each of these units can be used as one of the three types:Algorithm, Data value, and counter.
The data value is easy to understand. The data value is the data stored in a read/write unit. Just like the data stored in a hard disk, you can use the READ function to read the data in the unit, you can also use the write function to save your information to the storage unit.
A counter is a unit in which a software developer can use the decrement function to reduce the value by one. When a counter is associated with an active algorithm, if the counter is zero, the deactive algorithm is closed.

The algorithm unit is hard to understand. The algorithm (algorithm) is such a technology. You use the query (querydata) function to access it, where querydata is a query.
Value. The preceding function has a return value. The encrypted program knows a set of such query value/return value pairs. The preceding function is used to check the existence and authenticity of the dog where encryption is required. For the unit specified as an algorithm
It cannot be read or modified. Even if you are a legal user, I understand that this technology not only increases the complexity of the program, but mainly aims to deal with cracking using the simulator technology.
All API function calls of this encryption lock (dongle) will return values. If the return value is 0, the operation is successful.

Therefore, the idea of cracking came out, that is, to use our own tools (such as VB and Vc) to re-compile a DLL dynamic library file that is the same as the dongle API, which also contains read,
Write and other functions included in all APIs. The parameters and return values are the same as those of the original functions. All functions return zero. Then the query and read functions are processed, and the returned application software needs
.
After this new DLL file is compiled successfully, the original DLL file will be replaced directly. When the application software is run again, all the operations of the software accessing the dongle will be intercepted, the interception program will always return the correct data to the software, thus simulating dongle running. After the above introduction, you can basically understand our common encryption lock basic cracking methods, and the most common lock-free patch cracking method is the third method.

The two common types of locks are drive-free and non-drive-free, which correspond to the third types of DLL file cracking and replication lock cracking respectively,

The biggest feature of a drive lock is that after installing the program and necessary drivers (this is the official driver), you still need to apply a patch. This patch has many names, what is the so-called patch upgrade, new version driver, and so on? Actually, they are all cracking supplements.
Ding, but after secondary encryption, the encryption lock needs to be verified. Of course, this is also an action to promote sales. In fact, the encryption lock is just a decoration and only verifies the encryption of patches, so the price is extremely low.
Lian.
No Drive lock can directly use genuine programs, and is generally the same as the genuine Lock Core encryption lock copy.
Although you can't see any problems with these two locks at ordinary times, you may have noticed the details. If you have these two locks, no matter whether your software sends any request, return the number 0 to the software to achieve the purpose of cracking. I would like to ask if the software developer needs to return 1 if it causes bad results. Isn't it a serious error?
Therefore, the purchase of structural computing software should be dominated by Replication locks, unless there is no replication locks available to consider a drive lock. General software, such as drawing software construction materials, does not need to be so strict. If there is a drive without a drive, it is the same, so there is no need to pursue perfection.

In fact, the dongle technology is not very advanced, because the main lock cores and internal files are provided by professional hackers and factories, selling locks only writes data files to an empty lock using special software, so they do not exist.
Advanced technology is not advanced. If he is so advanced, you can try to crack the bug and test it. His results will be the same as those of any store.
Here, we would like to remind you that you should pay attention to the locks with encrypted locks. In fact, this is the most important thing. Different prices of the locks vary, and some profiteers use the customer's unfamiliar knowledge to record the issue, or use the old lock core as the new lock core for sale, so you must choose a high reputation, do not open the customer's buyer.