Path: utzoo!mnetor!uunet!tektronix!tekcrl!tekfdi!videovax!stever From: stever@videovax.Tek.COM (Steven E. Rice, P.E.) Newsgroups: comp.sys.amiga Subject: Re: An Idea for Hardware Protection (long) Message-ID: <4782@videovax.Tek.COM> Date: 12 Jan 88 19:15:09 GMT References: <8801090958.AA20842@ucscb.UCSC.EDU> <4779@videovax.Tek.COM> <8801110635.AA03499@ucscb.UCSC.EDU> Reply-To: stever@videovax.Tek.COM (Steven E. Rice, P.E.) Organization: Tektronix Television Systems, Beaverton, Oregon Lines: 218 Keywords: bongle dongle gongle hongle jongle kongle pongle songle wongle Summary: Not in this world, you can't!! In article <8801110635.AA03499@ucscb.UCSC.EDU>, Larry Hastings (lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU) responded to my article <4779@videovax.Tek.COM>, which was in reply to his previous article, <8801090958.AA20842@ucscb.UCSC.EDU>. Larry had suggested hardware support for copy protection which would be, in his words, "buried DEEP within the OS." I demurred, suggesting that: >> If you lose the dongle, you are up an odoriferous estuary without a means >> of propulsion. . . . Larry replied: > You deleted then next phrase... it ~= said "First, every computer would be > shipped with a 'personal dongle' (or probably two, just to be safe)". If > you lost one, you use your backup, and send off to the company for another > one (costing you $5 or something to get a new one made up). If you lose > BOTH of them, then you lose out for a little while, but you're probably the > kind of person who loses 3 car keys a week, and should order your dongles > in batches of 20. I deleted the "next phrase" to keep the length down. But I know the type of person you are talking about! (I am married to one. I had to dash downtown just before Christmas last year and pick up new locks for the house because my wife lost her keys in one of the local stores. And there is a constant "Does anyone know where my keys are?" game going on at our house.) We also have a 4-year-old who has been known to flush various and sundry things down the toilet. The point is that you are asking people to trust the usefulness of their computer to a bit of metal and plastic. If you lose a disk, you have lost the use of that program. If you lose the dongle, you have lost the use of *all* your programs! I also pointed out that: >> 2. A fundamental rule of computer security (and one that has been ignored >> by most [all?] posters on this subject) is that before the programs >> that run on a computer can be secure, the computer must be physically >> secure. While the DOD can do this (armed guards and the works!), this >> is not possible with personal computers. Larry responded: > I was thinking about this (because of mail I got on the subject) and > decided that the security checker should also be the entire I/O chip, with > either the ROM for security checking built on to the chip or attached to it > somewheres; and that the whole assembly should be surrounded in epoxy and > plugged in to the mother board. In any case, my original intention was to > have this security checking so integral to the system that this couldn't > be "rather simple" to do... sort of like the flying barnacles that attached > themselves to your spinal column on Star Trek. You couldn't just surgically > _remove_ them... I'm sorry, but that is hardly consistent with the world we live in! If I can get at the internals of the machine *at all*, I can determine what is going on and fudge a way around it! If nothing else, I can insert a bit of hardware in the path to the dongle port that causes an exception when an access attempt is made. I can then handle the exception and drop into a debugger, with a very good idea of what the program expects to do with the dongle data. Or, I can hook up a logic analyzer to the bus [Tektronix makes them, if you're in the market 8^) ] and analyze the instruction stream associated with various port accesses. Once I have built up a picture of what is going on, I can build substitute hardware and software that couldn't give a fig about whether I dongle or don't. . . Larry also didn't like my suggestion that: >> If you didn't want to modify your operating system, you could FileZap >> the disk to its "pristine" state. You might even do this on another >> kind of machine, which doesn't normally use the same kind of file >> system, but can be programmed to read and write foreign formats. And, >> once you had it "pristine" again, you might decide to make a backup >> copy or two or ten. . . > But, first of all, you shouldn't be able to putz around with the state > of the security on the disk ("FileZapping it to the pristene state" would > be hands off). Seeing as how all the file I/O goes through the I/O chip, > perhaps it would not let you READ the security section of the disk. > Anyways, all I can offer for the second suggestion is... if it's a secure > disk for this _future_ machine, then the manufacturer wouldn't want you > reading it on foreign machies, and could play hell with the format. If > you didn't _know_ the format of storage on a secure disk, you couldn't > read it... Be highly suspicious when your arguments contain words like "shouldn't"! This usually indicates that you are attempting to evade reality. . . Because a disk is a magnetic entity, and we have spent the last 40 or so years perfecting means of writing to them, I certainly can "putz around with the state of the security on the disk"! Further, the suggestion Larry ignored (that one "might even do this on another kind of machine, which doesn't normally use the same kind of file system, but can be programmed to read and write foreign formats") is an easy way around this problem. See what the future holds: The year: Sometime in the future, when peace and harmony "should" reign, enforced by the ubiquitous dongle. The scene: A dimly-lighted room in an urban setting, filled with computers of all descriptions, piles of books, and a veritable mountain range of listings. The crime: "Hmmmm. . ." says the evil pirate to himself, leering wickedly at the {8" | 5-1/4" | 3-1/2" | whatever} disk in his hand. Determined to contravene the laws of men and of nature, he inserts the disk into his ancient {Altair | Amiga 1000 w/SideCar | Amiga 1000 | whatever}. Muttering incantations, he calls up an evil CLI spirit, which causes the disk to begin rotating. At first, the bit stream is mere gibberish, but then patterns begin to emerge. "Yup! 9 sectors per track, just as I thought!" the pirate chortles. A few more adjustments, and the pattern of flux reversals is reproduced on a second disk. "Now, for the acid test!" he cries, inserting the freshly-minted disk into a shiny new DongleFlitzer 2000000 Model 384450, running OS/347 (rev. level 94T). The machine stares glassily at the pirate with its cyclopsean eye for a long moment, before blinking and flashing the message, "Dongle code written to the disk. Don't even *think* of using this program on any other machine!" A sneer curls across the pirate's face as he makes contemptuous comments about Electromagnetic Aardvarks, the company whose copy protection he has so easily defeated. Over on the other desk, the ancient {Altair | Amiga 1000 w/SideCar | Amiga 1000 | whatever} purrs softly as it churns out {8" | 5-1/4" | 3-1/2" | whatever} disks. Another scene: The Security Council chambers of the Untied Notions building. Worried delegates peer at screens that blink and flicker. Some of the screens display, "Your DongleFlitzer is alive (Ha, Ha, Ha)!" Others flash irritatingly at the minions surrounding them, declaring that the dongle which was in use was a fake and has been zapped by application of full power supply output to the dongle port. Smoke curls from the dongle ports of these machines. Disaster and dissolution: At the Untied Notions, gloom reigns. The Security Council has been meeting for hours, trying to decide what to do about the latest rash of pirated software. Their deliberations are particularly difficult, because the data banks they rely upon have been hopelessly corrupted by virus-killer in a commercial product which claimed to be able to "leap tall viruses with a single bound." When the software was installed, the virus detector had noticed a suspicious pattern of data in one of the networked DongleFlitzers and decided to alter it subtly. Unfortunately, the "suspicious" data was its own virus detection software, which, in its altered state, declared that viruses were everywhere. By the time it had made the world safe for donglekind, nothing worked quite right. As the delegates pondered what to do about this latest blow, a military attache hurried into the room, rushing straight up to the United States delegate. Without a word, he handed a sealed envelope to the delegate, turned on his heel, and strode out. All eyes focused on the US delegate as he ripped open the envelope. The delegate's face blanched, and he leaned on the desk for support. After a moment, he motioned for silence. In a choked voice, he began, "It's hopeless! Civilization is collapsing around us, and we can't act because of a bent dongle pin." Overcome, he buried his face in his hands and began to cry. The other delegates crowded around him, some to offer comfort, some attempting to read the note he still clutched. The US delegate struggled to regain his composure. In a hoarse whisper, he continued, "This is the worst crisis I can imagine. At this very moment, mobs are gathering in the streets of a thousand cities around the world, looting and burning dongle factories, dongle warehouses and government dongle registration offices. And we can't call out our peace-keeping forces because their computers are rejecting all email!" A burly delegate from the Soviet Union asked the reason. His American counterpart replied, "Because the verification dongle for Security Council messages was inserted incorrectly and a pin broke." "What about the backup dongle?" a delegate shouted. "Where is the backup?" "It was mixed in with the dongles for the secretarial pool by mistake," interjected the Security Council president. "When a secretary attempted to run Locust, the DongleFlitzer blasted the dongle because the authorization code was wrong." The US delegate raised his hand for silence. "You haven't heard the worst! Do you know why the riots are occurring?" He glanced at the silent delegates. "I'll tell you why. This morning, the Coca Cola company announced that its secret formula had been destroyed because of a dongle failure. That's why!" There was stunned silence for a moment, as the delegates sagged into their seats. Some began to cry softly. One shouted in anger, shoving his DongleFlitzer off its stand. It crashed to the floor, the dongle popping out and spinning under a nearby chair. In the moment between the impact and the corruscation of sparks that followed, the dreaded "Invalid Dongle: Erasing Network Storage" message flashed on the screen. Hard disks all over the building began grinding. When the hard disks stopped, another sound intruded into the delegates' consciousness -- sirens! Outside the building, a mob had begun to form, while smoke boiled from a nearby dongle replacement center. The long descent into savagery had begun. . . Steve Rice ----------------------------------------------------------------------------- * Every knee shall bow, and every tongue confess that Jesus Christ is Lord! * new: stever@videovax.tv.Tek.com old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever