Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!aurora!labrea!glacier!jbn From: jbn@glacier.STANFORD.EDU (John B. Nagle) Newsgroups: comp.sys.amiga Subject: Re: Software Protection with dongles. Message-ID: <17282@glacier.STANFORD.EDU> Date: 23 Jan 88 06:28:03 GMT References: <2333@crash.cts.com> <233@imagine.PAWL.RPI.EDU> Reply-To: jbn@glacier.UUCP (John B. Nagle) Organization: Stanford University Lines: 55 Summary: It can be made to work, but is it worth it? There are ways to make a dongle that will resist serious attempts to crack it. One possibility, for example, would be to embed some useful functionality in the dongle itself. A good candidate for suitable hardware would be a MC6811 microcontroller, a cheap 8-bit CMOS machine with onboard RAM, EAROM, and customizable mask-programmed ROM. One unusual feature of this chip is that it can be configured to erase its on-chip EAROM if an attempt is made to download it with a new program or to exercise any of the chip's test modes. Off-loading some critical and obscure processing to a coprocessor in the dongle would be reasonably effective. The more powerful the dongle, the more difficult it becomes to emulate it externally. A plug-in board is an even more powerful approach to protection. Cubicomp, for example, protects their $10,000 PC animation software in this way. (Their software only supports their graphics board, which is nonstandard but not particularly interesting otherwise.) Incidentally, the "safe havens" for software piracy are slowly being closed off. Several major firms in the software industry have pulled out of Brazil because of nonexistent copyright protection for software in that country. (There are Macintosh clones in Brazil. Apple is not happy about this.) It now appears, according to the Wall Street Journal, that the Brazilian government is moving toward ratifying the standard international conventions on copyrights. So is Hong Kong. These changes haven't really started to take effect, but the trend is clear. This will shut down the major commercial piracy operations, although there will be minor ones for some time. Commercial piracy, copying and reselling software, is not really all that common. The problem is that to get any volume, pirates have to advertise, and this tends to make them rather visible. Most of the big names, such as Ashton-Tate and Lotus, devote some effort to finding and prosecuting commercial pirates. About two years ago, these vendors staged a raid of several major New York companies suspected of having more copies in use internally than they had purchased. This got the message across that software piracy may be hazardous to your career. So in the market segment that sells to commercial users at prices above $100, piracy is not a crippling problem, even without copy protection. Games are another matter. But the game market is not a major area of interest for the big players, and CD-ROMs are probably the future medium of game distribution anyway, which will tend to put a crimp in game piracy. What do you copy the 400MB to? A WORM drive? WORM drives cost much more than read-only drives, the blank media are expensive, and copying rates are slow. You probably can't make a copy of a CD-ROM for less than $20-40 with a WORM drive. It costs about $3 to manufacture a CD-ROM, box, pamphlet, and all. Now you're fighting a mass production process with a do-it-yourself approach, historically a losing battle. It's like trying to make money by Xeroxing books and selling the copies. Enough for now. John Nagle