Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!munnari.oz.au!ariel!ucsvc.ucs.unimelb.edu.au!u3364521 From: U3364521@ucsvc.ucs.unimelb.edu.au (Lou Cavallo) Newsgroups: comp.sys.amiga Subject: Re: Copy protection (was Re: Awesome! No I am Pi**ed!) (LONG) Message-ID: <1372@ucsvc.ucs.unimelb.edu.au> Date: 10 Dec 90 03:06:34 GMT References: <1990Dec5.041002.453@sbcs.sunysb.edu> <1990Dec5.205822.216@evax.arl.utexas.edu> <1366@ucsvc.ucs.unimelb.edu.au> <1990Dec9.203048.7679@unlv.edu> Organization: I.A.E.S.R., Melbourne University Lines: 71 G'day, Eric J. Schwertfeger (maniac@cleanhead.cs.unlv.edu ) writes: *) 1. I've not seen or heard of pirated versions of Superbase for the Amiga. I *) [...] *) Question{s}: is it very easy (or hard) to overcome dongle protection? *) *) 2. If a decryption scheme was placed into a dongle device with a CPU it may *) [...] *) Question: if one has decryption code that does not reside in Amiga RAM *) (and hopefully not accessible by an Amiga run program) is it necessary *) to have all of the *decrypted* program reside in AmigaRAM? > 1) Yes, I've seen pirated SuperBase. It's done by making your > own dongle, which was so simple that I couldn't believe it when I was > first told how. Okay, fair enough. I can only imagine that this is not frequently done. I'm guessing that in relation to other copy protection schemes "dongle" methods are quite "successful" from a producers viewpoint. Is this correct? {I hope not, I keep seeing dongle advertising for I*M PC systems and I have worries that dongle protection schemes could become a de facto standard.} > 2) the one problem to #2 is "how does the dongle know what > program is accessing it?" Imagine a program that feeds the encrypted > input of a program to a dongle, then saves the decrypted output. My guess is that a dongle with a CPU could in principle interrogate the pgm accessing it (or better AmigaOS) for the programs starting address etc such that it could calculate an identifying signature for authentication reasons. However, I can see how a program itself could send back another address for the "legal" encrypted program etc to fool this scheme. Could you trap the dongles calls to AmigaOS for the same subversion? {Yes I suppose one could.} > 3) It`s possible if you supply your own ram card, but now we're > getting too expensive for normal software. Yes that's true but I had a different idea in the back of my mind. Actually it is similar to your idea of a "feeder" program that sends encrypted codes and recieves the decrypted ones. {I.e. my original point from my question 2 at the start of this posting.} The idea is to never decode the whole encrypted program. Have an interface program interact with the user and send requests to the dongle to decrypt a small section (I think 1 instruction is too little) of the encrypted progrm at a time, receive that section and have it executed. {But talk about slow! :-)} With this approach you could only ever save partial execution flows of any program (unless the "user" traced (or tried to guess without docs) each one of the program flow execution paths). {Would this be possible?} You know what? This is the most ugly and silly idea I've had for a while... but you knew that. :-) <> { for those who may not have read the start of my part of this thread } I do not propose/advocate copy protection of any kind. Im simply interested in the theoretical aspects of such a scheme as it pertains to things Amiga. > Eric J. Schwertfeger, maniac@jimi.cs.unlv.edu yours truly, Lou Cavallo.