Dongle 1

 This article is part of my collection of data extract is convenient to quote you out of the purpose of communication, some things may be outdated or not suited to the current application, I hope you read whichever is director of the complement has a short ...
This article will start with the basics, from understanding the working principle of the software dog software dog to the hand, to introduce the dog before the software and the existing protection measures, followed by how to improve on the existing basis of its protection even more perfect, and then from explain in detail the hardware and software to send and hardcore soft master is how to decrypt software dog, I will refer to the full text of a large number of examples, so that you can understand it better.
do because I am not a computer professional, the knowledge is very shallow can only ask while studying, and can only spare time perfecting this article, I will continue to modify its [I do not want every article has a separate post, so the appearance of the plate, to sum up the relevant stuff like a], strive to be comprehensive, detailed and complete.
software dog [Dongles]
1, understanding the software dog. [the first dog I have the software to make a simple introduction to various software in the following we will encrypt and dog decrypt a detailed explanations.]
dongle is plugged into the parallel port on a computer software protection devices, which include inspection procedures and the host key (also known as encryption box) in two parts. Host Checker is the encryption code in front of that part of the box is used to store encrypted passwords. In general, the software inserted in the parallel port on the dog, will not affect the normal operation of the printer. common encryption software dog box shape, such as two male and female of the D line 25 back then with the pin connector, male (DB25 / M) inserted in the parallel port, the female (DB25 / F) can be accessed by the printer, the equivalent of the original parallel port. the whole circuit board hardware, software dog about 5 in the cm square encryption box.
board male (DB25 / F)-one correspondence between the pin is, is linked directly, and to ensure that the role of the same parallel port. store passwords or as a signal transform the role of encryption devices and other auxiliary components to across the top in the 25 line, the application-specific way to communicate with them, check. In addition to the case of some poorly designed, the general does not affect the normal operation of the printer, the printer will not affect their work.
procedures in order to prevent illegal copying, the encryption protection measures do generally consists of two parts. The first is to have saved the password data carrier, that key; followed by the inclusion in the application host checker program, that encryption code. the key should be able to guarantee not be easily decrypted, copied; such as general to do with the disk encryption, the encrypted part of the general tools can not be copied. In addition, when the inspection program in a special way to read password , the password should be able to easily be read out without affecting the application's normal execution. When they find out the password or the key does not exist, let the host hangs, reboot or use the measures to be.
Software dog through the lock, internal body only stores, manufacturers can only lock for reading and writing. software encryption transform the role of dogs as a signal device, up to simply use some resistors, diodes, etc., inspection method is relatively simple and very easy to be decrypted. common has the former King of heaven and earth read, so to prevent the decryption of data by simply repeating the parallel port to decrypt, but the decrypted data were further analyze the law can be resolved, and this is often said that simple, is a kind of products are being phased out, but the material cost is very low, even at very low prices also have a good profit, encryption vendors are generally reluctant to give up the lock; and many companies had to because of cost reasons used, so the lock is still a certain market share;
second generation encryption algorithm does not open the lock. microcontroller added internal hardware, the so-called built-in CPU, the major manufacturers is the use of algorithms for encryption functions. cryptographic locks usually added some auxiliary functions, such as down counters, remote upgrade. dongle using a low-power TTL, COMS and other logic components, in the circuit to do the work of some encryption, also check the dog more than a first-generation software procedures, the difficulty of decryption naturally increased. common are deep Si Luoke the confidentiality agreement, data is encrypted, and decryption are difficult to analyze data content and the law, so the data analysis for this lock is not stuck in the ; layer, is the software to analyze the function call. In order to withstand the functional layer of the data analysis, this lock to a within the anti-tracking program, the shell encryption software work, etc., so it difficult to decrypt simulation in the functional layer, and no one relies on the operating system, computer system, the exact understanding. No one can run-off, the result is a continuously updated encrypted driver , expansion.
How many kinds of algorithms includes optional, and the algorithm does not know the content. This limits the use of the algorithm vendor, or pre-recorded algorithm results in the software is running and then check (using the code table); or transform at least twice in the software then compare the results are the same. If those who intercepted the decrypted data, through statistical analysis alone can achieve the purpose of decryption;
third-generation encryption locks, the so-called Locke introduced the third generation, represented by encryption locks, Module programming use of about to count the popular serial read and write during the EEPROM (Serial Electrically Erasable PROM). these devices as the preparation of flexibility and made the password key is inserted in the program after the convenience checks, which greatly increased the difficulty of decryption . From the perspective of using the PAL, PEEL, GAL and other logic devices can only read data, you can not write data at any time, reset the password is too much trouble; and EEPROM chips can easily read and write, with considerable flexibility in the software on the dog large, for example, the software for each dog individually set a password in order to increase the difficulty of decryption; In addition, the electrical properties of the device from the EEPROM on the software is also very suitable for a dog; so the dog in the software design of the device to obtain a wide range of application, was the software of choice for the chip maker dog. It can be as general as RAM memory, read-write (read and write is serial only), even after power can save the data unchanged. commonly used model is the 93C46 EEPROM It is 64t16bit structure, ie, a 16-bit 93C46 with a 64 bit unit of capacity, are also each 16-bit data processing. Some 93C46, such as Microchip, ATMEL, CSi and other brands of 93C46 can switch 128t8bit or 64t16bit into two modes, which make it more flexible dongle, and its effects are better encryption. of course, was the use of larger capacity 93C56, 93C66 or capacity smaller 93C06, 93C26 EEPROM chip, etc. . because the dog is inserted in the computer software's parallel port, so check the program is through the parallel port I / O address to the read-write EEPROM. specific reading and writing with the hardware and the EEPROM timing circuit, and therefore, the general inspection procedures for a particular hardware line; but these procedures very much the same, in general, is about the same.
enough of the fourth generation of software in the third generation of software based on the dog, add a single chip, such as the PIC16C5X. this chip there is a specific algorithm in the program can be read out key data encryption transform, to counter the logic analyzer. can be said that software development to the fourth generation of the dog, has been very mature. In this technology, the software development company and add your own dog circuit design characteristics of the formation of their own products.
dogs are usually common Rainbow and Israel HASP, shells, anti-tracking and other SCM little skill who can be replicated.
dog now technology has developed rapidly, for different applications have different types, such as:
strong dog: free high-strength encryption algorithms defined in the program
Micro-dog: SCM environment for high-strength encryption scheme
USB Dog: USB interface, fully compatible products
micro dog software dog: the environment for low-cost stand-alone network encryption scheme
dog: for Network card encryption program
dog: the encryption scheme for the network environment to a variety of dog
software encryption technology, now more advanced encryption technology are the following:
AS Technology: API SHELL shell encryption function calls and combined, even if the shell is damaged, the encryption process is still not functioning.
anti-tracking:
a. random noise data exchange technology: effective against the logic analyzer and various debugging tools attack.
b. maze technology: entry and exit in the program contains a large number of judgments between the jump interference, dynamic changes in the Executive order to enhance the anti-tracking dog.
anti-sharing: fight from the parallel port hardware sharing, by the developer to choose whether to share the dog.
Password: setting 32-bit software developers can be password, the password error will not be able to read and write to the storage area.
Time Gate: Some dogs have time within the gates, all operation must be completed within the stipulated time. dogs with normal operation of a very short time, but with a longer time tracking, more than the prescribed time the dog will return incorrect results.
microcontroller: hardware built-in MCU, the MCU software to ensure that the external curing unreadable, in order to ensure the dog is not imitation.
memory: Provides 20 bytes of memory for the developers to store power-down to keep critical data, configuration parameters and other information.
common market, a brief description of several software
dog Rainbow World: The Chinese should be the boss, from the first generation to fourth generation of product has, but its main products or third-generation micro-Dog (TD-MH), there is interference in the generation of chips, ready to produce unwanted interference signals, more effective against the logic analyzer; despite a strong fourth generation dog (CS-QA), but seems to have many problems, so the introduction of the USB interface, compatible with the encryption locks or micro dog. rainbow world of encryption strength is not high, the simplest way is to just buy a pj dog, then copy into the dog to solutions.
deep Si Luoke: is a more well-known to early 2001, the main product is the fourth generation the reflection type �� dongle, features that users can define their own dogs in the algorithm, which greatly enhanced its ability to protect, but it is not strong enough CPU features, algorithms, there are loopholes, and provide an encryption only, so can also break, and also the hardware copy of the original dog. encryption products such dog Pkpm structure calculation software, analysts stock software, cad software, etc. Elements.
reflection of the n-order black box model �� method: < br> ponder �� of n-order black-box model approach is not a simple memory, but by pondering the unique fully programmable �� �� locks make thoughtful presents for the input and output characteristics of high order control model black box. each run using the calling code operations within the store as the lock variables and parameters, change the lock status of the follow-up calls. user-defined code without any description and characteristics, and even the same call will return two different useful results. This is a unique reflection �� Department.
above example does not require encryption are encrypted to find complex and difficult to predict the function to be transplanted.
If it is 0-order black-box model with input and output that has a direct correspondence between y = f (x1, x2 ), where x1, x2-oriented sub-input, y output-oriented times. Then if the function of those simple and can easily be decrypted decipher, such as the iterative method, interpolation and approximation of a list of other methods; forcing encryption complex function to seek to prevent those who decipher and decrypt the simulation. However, due to resource constraints within the lock makes the software almost impossible to transplant. Now use n-order black-box model, to make the correspondence between input and output complex: yn = f (yn -1, yn-2, yn-3 ,..., y1, xn1, xn2), which, y1, y2 ,..., yn-1 for the previous n-1 times the result of calling the output or hidden, xn1, xn2-based meetings (n times) is called the input parameters.
the face of such complex relationships, decryption are simply a call to cancel any middle of the back of the results can make an error, even a simple function This high-end black box can also be difficult to speculate the process of hiding it. This black box model method by means of high-end application software is easy to find a formula or function can be used as an encrypted object.
n-order process of using black-box model approach You can use the same code table method, for example, the first call in the example.
However, such a code table different encryption method associated with each point, the whole must be decrypted, which greatly improved the encryption strength. the use of traditional 0-order black-box model, different encryption unrelated points are only destroyed one by one can be decrypted, and its complexity can not be compared with the n-order black-box model. For more complex functions, although the locks do not have enough resources or n-order model method can be encrypted we can complex computing functions into a combination of simple functions, such as: y = (ab) * (a + b) + c can be calculated (ab) and (a + b) multiplied together and then c.
n-order model is strictly unsolvable (only the present theory, please ponder this in mind the company), because the first n times the output depends on the previous n-1 times the input and output, n-1 times the former may have some or all of the output is hidden, so the first n times the output can not speculate, guess at least n-1 times the input than the output produced by an input output complexity of a qualitative leap. < br> ponder �� a complete instruction can be programmed or arbitrary order n-order black-box model, each call related to each other and can never hide the intermediate results, if used properly, is unsolvable in theory (my theory is not unsolvable
Flying integrity: the rise of a new main product is ROCKEY-IV and USB compatible dogs, support better, more functional, and its shell is very good encryption program, is mainly used in the encryption on the 8 function (seed number) and 14,15,16 number function (both custom algorithm), its custom algorithm than pondering the product is good, use it encrypted, is extremely difficult to pj's. but most developers are lazy, like to only 8 function (seed code) to encrypt.
production and sale of software company a lot of dogs, you just pay attention to what the computer Magazine ads can be known. The company's software dog in addition to the above characteristics, in general, in order to attract users have some additional features, mainly a number of software tools, its core technology is similar.
dongle the general characteristics of
1, do not take up the parallel port, as it plugged into the parallel port though, but it provides a consistent with the original parallel port.
2, with anti-decryption software, against a variety of debugging tool tracking.
3, a dog or a line code, software and hardware are not interchangeable, like a lock as a key.
4, provides the programming language interface and a set of practical tools, user-developed program in their own embedded encryption module.
5, provides an executable file encryption tools for users to encrypt existing products.
the current lack of mainstream software encryption locks
of software encryption products, users are most concerned about the effectiveness of encryption, product compatibility and stability. At present, the dominant hardware, software encryption locks are contained within the microcontroller, the so-called built-in CPU, software vendors main function is the use of encryption algorithms. encryption locks are usually also added some auxiliary functions, such as down counters, remote upgrade. This type of encryption locks main products are the rainbow world of large defects
current mainstream hardware encryption locks provide reading, writing and arithmetic transform functions, and the algorithm is difficult to transform relations between pj and exhaustive. but such encryption algorithm locks the biggest drawback is the software vendor not to open the lock in The transformation algorithm has been fixed at the factory, the software can only set the encryption algorithm parameters. This limits the use of the manufacturers of the algorithm, or algorithms result of pre-recorded and then checked in the software is running (using the code table), or in software At least twice, and then compare the results of transformation are the same; if those intercepted decrypt the data, through statistical analysis alone can achieve the purpose of decryption.
weak point 2: encryption locks by the processing power constraints, the software can not provide strong Protection
market has successively introduced several an advance encryption technology. deep Si Luoke the general purpose 8 bit microcontroller or ASIC chip, the same grade as the core microprocessor. This low-end single chip processing computing power is very weak, and this to In: 1 complexity transform algorithm is not high enough, 2, instruction encoding space for smaller, 3, less space program area. These limitations do not allow users to use strength encryption scheme.
weak point 3: the hardware itself against malicious attacks, weak
with integrated circuit design, production technology, the core of the chip hardware security products itself increasing the possibility of attack . typical hardware attacks against electronic detection (such as SPA and DPA) and physical attacks (detection, such as the use SiShell technology), here we have a brief analysis of this area.
electronic detection (SPA and DPA) Attacks The principle is: single chip is an active electronic components, when it executes a different command, the corresponding electric power consumption changes accordingly. through the use of special electronic measuring instruments and mathematical and statistical techniques to detect and analyze these changes, derive critical information specific microcontroller.
physical methods of attack: by scanning electron microscope or other logic chip memory read directly analyzed; memory by reading the contents of the test probe; not get through the interface from the outside (such as factory test points) on the memory or processor for direct data access; and then activate the SCM test functions.
not targeting the general low-end MCU products to the production of safe, does not provide targeted against physical attacks Therefore, the electronic detection easier (SPA and DPA) attacks directly read out the data memory. Although most common SCM SCM have fuse protection functions within the code, but the wide applications of such chips, issue a large volume , with the inter-party processing firms and the frequent transfer of technology, making the download process by using these chip design flaw, the use of the chip test interface manufacturer, through a special program the timing and data read-out information has become relatively easy.
ASIC chip is completely customized according to user needs and in particular, are small batch production. Because of its use of special logic functions, and will not easily open beta testing interface, so as long as the basis for its development of the system is not to keep important information or not used where a high level of safety under normal circumstances can still prevent a physical attack.
determine
encryption encryption locks locking performance is small, contains the technical content is very rich. Generally, we encrypt the lock from the three aspects of performance: The first is the principle
encryption, or encryption locks what functions, which are often developed for a number of decryption methods, the most in need of creativity right here. domestic products and foreign products, this has been sufficiently competitive .
second is the encryption locks reliability, stability, compatibility, transparency and so on. These are the basic requirements of the lock, but it is not easy to do a complete, especially the compatibility issues of transparency, encryption manufacturers In a wealth of experience in this area, but no one can 100% guarantee. Transparency is a rather special lock indicator, because the lock is working in parallel (printer port), parallel, there will be other devices such as printers, plotters , hard drives, optical drives and so on, lock the device if the impact of the original work is not good enough transparency, full transparency is difficult to do, manufacturers generally do not guarantee the encryption lock on the parallel port hard drives, optical drives and other equipment of transparency.
The last one is easy to learn lock, ease of use.
software encryption technology dog briefly (I will be added in the future and details)
related to encryption and decryption technology can be said to be all-inclusive, The basic assembly language, debugging tools, operating systems, also need some basic knowledge of cryptography, if the data structure, compiler theory and so have some understanding will be more helpful. Of course, this does not mean that without such a foundation to do good encryption, lock in the use of encryption, a lot of work has been completed by the encryption manufacturers, in fact, as long as the encryption are the random different, the emphasis here is the. This is what we often call a designed to solve the most pressing problem is the structural randomness.
is often so encryption: repeatedly checking the lock in the software within the data and the use of a very complex method of examination into the middle of some operations such as garbage or procedures, encrypted heavy workload, that without regard to how software is used. This failure is encrypted, but with some read, does not constitute a return to the randomness of the data. So, if you expand the storage capacity lock encrypt, or to do some writing on the line? apparently random or too bad. Because of this, the first generation of truly competent encryption encryption locks hard work. but also because of this, more prosperous past is difficult to further development of software encryption technology. It reminds us that the principle is unreasonable if the encryption, then encryption work great volume is also vain.
transform algorithm can enhance the use of randomness, but some people like encryption: a large number of calls in the software algorithm transformation, transform a large amount of data (ie, large code table algorithm) may still be easily deciphered. Why? is not algorithm is broken? not. This encryption and decryption are the last seems no different, as long as the data content of each change are recorded, if the software using the same call the algorithm of data, decryption, who will know what the data should return. failure reason is that the content code table is fixed, is decrypted by brute force, and does not constitute a random, indicating that things can not have exhaustive random . So how can we prevent them from being exhaustive it? who do not know the encryption algorithm equation, in fact, can not be done. However, we can give a lot of brute-force decryption by increasing difficulty. We know that as long as those who caught a decryption This data is no encryption function, and therefore can not be used once the software is running all the code table, can also do some random number transformation, which decrypts the test's ability to distinguish. It was a comparison of techniques the problem of high, not a small amount of work needed, but it does contribute to the encryption strength.
content if the encryption algorithms are known, and those who do not know the decryption, so you can use to access any data encryption algorithm lock function can not be decrypted by brute-force, the third generation of mathematical methods can be parsed by the internal functions of the lock to be Use enough. For the first and second encryption locks are not necessary to analyze the decryption process is how to use the lock to return the data (simulation of thought), and for the third generation of the lock, this method is often the only hope for those who become the decryption , hopes to return the data by tracking the process of using the lock and lock the internal functions deduced. this time, almost any means to reduce the program will increase the readability of the effect of encryption, such as procedures for garbage, repeatedly moving the data, embedded compilation, into the floating-point operations and so on. This is very attractive, even if you just understand that encryption and decryption experts give you around.
encryption decryption are often far less professional, with the development of the Internet, decryption technology is spread faster, which gives greater challenges brought encryption.