Path: utzoo!utgpu!water!watmath!clyde!rutgers!sunybcs!bingvaxu!leah!itsgw!imagine!pawl14.pawl.rpi.edu!rjk107 From: rjk107@pawl14.pawl.rpi.edu (Robert J. Kudla) Newsgroups: comp.sys.amiga Subject: Re: Software Protection with dongles. Message-ID: <233@imagine.PAWL.RPI.EDU> Date: 21 Jan 88 20:03:02 GMT References: <2333@crash.cts.com> Sender: news@imagine.PAWL.RPI.EDU Reply-To: rjk107@pawl14.pawl.rpi.edu (Robert J. Kudla) Organization: RPI Public Access Workstation Lab - Troy, NY Lines: 70 In article <2333@crash.cts.com> haitex@pnet01.cts.com (Wade Bickel) writes: > > I was thinking of factory dongles. A slot on the front of > the machine into which dongles could be inserted, preferably > stacked upon one another, up to some limit (say 8). Then C= > (or whoever) would provide "factory dongles" to the software > publisher. Because of the volume the manufacturer could do > this at a lower price than anyone else. > > Rather than checking something, I was thinking it would use > the hardware. Perhaps the dongle would be required to decode > instructions, or return needed functional results, or ??? > A number of games could be played with the read/write status > of the pins, or sequencing of input/output, etc... Wonderful. All that could be simulated by software. I've cracked enough dongle schemes to know that.... Damn, lost whoever's signature this belongs to.... >>5) No matter how detailed and devious the protection, the benefit lasts >> only until a cracked, unprotected version starts doing the rounds. > > Yes, but if it is expensive or extremely time consuming to > crack a program, it is less likely to be done. With a dongle > the number of people who would attempt cracking the protection > would be limited to those with specialized equiptment. Since > there is not a lot of profit potential in this it would not > be so likely to happen. Wrong. Don't you realize that crackers don't do it for the money (well, at least good ones don't.)? They (we) see the protection as a direct dare on the part of the manufacturer. Further, dongles would (out of necessity, to keep software overhead low) be fairly simple to reproduce until you start getting into ROM chips (which can also be duplicated via software, of course). So the pirate writes a few patches and modifies a little code and whammo. I used to have (well, I still do, but I don't buy/get software for it anymore) a C64, so I know about protection schemes and how to get around them. > > Furthermore, if done correctly, a program could notice if it > were operating without it's dongle and subtly torpedo the pirate. > Perhaps waiting until a choice moment to strike, kind of like a > virus. In this way, a pirated dongle-protected program would be > a risk to use for anything serious. Confidence in the cracker > would be required, and since most people wouldn't know who did > the cracking... But you'd also have to trust the software company to not have any bugs in the routines. The first couple thousand legit users to get zapped would be pretty angry. So which does the company care more about- zapping pirates or protecting legit users? > > I have a friend at C= (they call him "Mr. Commodore") > who was talking of offering rewards for info leading to the > conviction of "Pirate BBS's". This also seems like a partial > solution. Have you heard anything about this? > Ha. Maybe a few stupid smalltimers might get busted, but to infiltrate the bigger cracking syndicates you'll need serious connections and you'll have to spend lots of cash on dirty deals. Bribing among pirates isn't too uncommon (or at least it wasn't when I finally tired of Commodore piracy) but it all depends on how badly Commodore wants to see them shut down. And the old entrapment defence still works well, too (to apply to an illegal-type BBS these days you have to sign a document that says you're not affiliated with any software company or law enforcement agency, blah blah blah, etc, etc....). But in any case, piracy will always exist, as long as people want to make money selling software and as long as other people want the software without paying for it. It's as simple as that, so any wonderful protection schemes that you might wish existed would be in the long run fruitless.