Brent Crosby wrote: > I need to make a circuit that has software protection dongle functionality. > I though of just putting the serial number in a EEPROM, but the trouble is > that the device is RS232, and it would be dead simple for a cracker to > mimic the RS232 conversation. Not if you use a challenge/response that uses the serial number as part of the encryption key. The key is that EVERY challenge is unique, with a unique response. > I figure that there also needs to be some kind of encryption thing going on. Of course. > Can this be done practically in a low-mid range (4K) PIC? Is there some Sure. A 12Cxxx part could do it. > example firmware available? Somewhere out there. > Is there a chip out there that I could just sit on my board that will do > the encryption and serial number storage? The other end of the You could program a PLD to do a simple brute force PRN encryption. With 128 bits it could take a while for them to figure out the internal connections. Since you issue different challenges each time, you have 2^128 -1 possible challenges with a corresponding (not necessarily unique) response. Essentially the challenge contains a key to load into the shift register, the taps to use, and the number of shifts to invoke. You assign the bits randomly to the PLD. >encryption > is the software that is being protected, so I think that excludes the > KeyLoq devices. Why? It does the above. Encrypt your executable and only decrypt at execute time using your required response. It's easy enough to set up the executable to detect tracing/debugging hooks (Ints hooked, timing that's wrong, CRCs on the code to detect breakpoints). If you make it hard enough (relative to payoff), they go elsewhere. If the 'hack' is valuable enough, it WILL happen. > The system needs to be as cheap as possible and still offer some fair level > of protection. Cheap/effective. You can have only ONE . Effective is a failed response causing irreversible erasure. All systems are compromisable. Just look at DSS satellite services. Every time Huges comes out with a new 'better' card, the hackers break it. Hell, even Modex (the 'unbreakable' money card) has been compromised. Talk about 'printing your own money'... What is the value of your product? What do you stand to loose if it's stolen? Then figure out how much you're willing to spend to -really- protect it. Lots of options... Robert -- http://www.piclist.com hint: The list server can filter out subtopics (like ads or off topics) for you. See http://www.piclist.com/#topics