Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!uw-beaver!tektronix!tekcrl!tekfdi!videovax!stever From: stever@videovax.Tek.COM (Steven E. Rice, P.E.) Newsgroups: comp.sys.amiga Subject: Re: An Idea for Hardware Protection Summary: FileZap the serial number, and it's unprotected! Keywords: "personal" dongle Message-ID: <4779@videovax.Tek.COM> Date: 10 Jan 88 07:57:26 GMT References: <8801090958.AA20842@ucscb.UCSC.EDU> Reply-To: stever@videovax.Tek.COM (Steven E. Rice, P.E.) Organization: Tektronix Television Systems, Beaverton, Oregon Lines: 76 In article <8801090958.AA20842@ucscb.UCSC.EDU>, Larry Hastings (lupin3@ucscb@ucscc.BITNETlupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU) writes: > . . . > First, every computer would be shipped with a "personal dongle" . . . > Second, buried DEEP within the OS, every time a disk is inserted into > any drive, it's checked to see if it is a "secure" disk (PD disks, or > storage disks, or whatever; don't necessarily have to be secure). If it > is, and has the serial number imprinted on it, it accesses the dongle > port, and checks to see if any of the serial numbers kicked out by the > dongle port match; . . . > Of course, all disks would have a "developer number(s)" on them, so if you > sent it back to the company THEY would be able to use it. :) > . . . Two problems immediately spring to mind: 1. What if you lost your dongle(s)? Can you get a replacement and get up and running overnight, as you can if your hard disk dies? Or are you stuck because there is no way to get a replacement? 2. A fundamental rule of computer security (and one that has been ignored by most [all?] posters on this subject) is that before the programs that run on a computer can be secure, the computer must be physically secure. While the DOD can do this (armed guards and the works!), this is not possible with personal computers. If you lose the dongle, you are up an odoriferous estuary without a means of propulsion. If you buy a replacement dongle that has a different number, at the very least you will have to send all your software back to the manufacturers to have them wipe the dongle number out of it so you can put the new dongle number in it. But even more fatal to this idea is the existence of physically unsecure computers (yours, mine, and everyone else's except DOD, NSA, and a few others). No matter how "DEEP within the OS" you embed the checking, it is rather simple to disassemble the OS, FileZap the check so it always passes, and pirate merrily along. If the OS is in ROM, a quick ROM modification will do the job nicely. No one would buy a computer which was built like a bank vault and designed to self-destruct if anyone tampered with it. Yet that is what it would take. Even then, some would pry into it, just for the thrills. If you didn't want to modify your operating system, you could FileZap the disk to its "pristine" state. You might even do this on another kind of machine, which doesn't normally use the same kind of file system, but can be programmed to read and write foreign formats. And, once you had it "pristine" again, you might decide to make a backup copy or two or ten. . . General Instruments has had a great deal of trouble with people who pirate scrambled satellite broadcasts which have been encoded with VideoCypher II. They have surrounded the chip containing the authorization codes with all kinds of protection (e.g., one slip of the probe and you'll remove battery power for an instant -- and bye, bye numbers!). But the pirates have managed to peel off most of the protection. I'm afraid pirating will be with us for a very long time. While I know of no panaceas, the suggestion (by whom I don't recall) of a "neighborhood watch" style program is a good one. If you find a BBS which has pirated software on it, call the publisher of the software and give them the BBS name and phone number. Even if you do so anonymously, they will have enough information to check it out. And the publishers have an incentive to do something about it! Steve Rice ----------------------------------------------------------------------------- * Every knee shall bow, and every tongue confess that Jesus Christ is Lord. * new: stever@videovax.tv.Tek.com old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever