Hi,

> Doh, replied to Dave not the PICList..

I never got this message. Strange. Oh well.

> > First off, you could just read the EPROM, but that requires

You would store the code in the eeprom in encrypted format. You could use
some fancy one way encryption thingy like winzip does on password protected
files. Nobody has managed to break this yet as far as I am aware. If you
used the serial they entered as the encryption key to decrypt the encoded
data in the eeprom of the dongle then an invalid serial would still generate
data to be sent back. This data is of course likely to cause adverse effects
when executed and would most likely result in a crash.

> > tool, far simpler to use software like "SoftICE" (If I
> > remember correctly) and just dump a memory image of the
> > running process once it has loaded the "secret code". Then it

I have used SoftICE on many occasions. There are many ways around SoftICE.
Also Sice does not handle self modifying code so well. Dumping the running
process would not work as the program would attempt to overwrite the code
with its code from the dongle on execution, messing everything up. Of course
this could be removed, with a lot of patching.

> > Basically, there is one simple rule to software copy
> > protection this - you can't do it unless you control and
> > monitor the hardware (as in a PIC etc where you can prevent
> > access to the code).

I agree, there will always be people with a lot of free time on their hands.
However, most crackers do not have much electronics knowledge. They think
they can read a few web sites on cracking winzip and mirc and be ready for
the world. Of course, there are the few exceptions who are willing to spent
unlimited amounts of time until they break it.. they probably deserve the
software though after all that effort. Still, nothing a new release of the
software and dongle code wouldn't fix :)

Also some dongle software update mechanism could be set up so the internal
code for the dongle could easilly be 'patched' when new software was
released. Of course, without ever letting the users know it is the dongle
being updated and not the software. Just to keep give the crackers an extra
challenge.

> > Sorry to put a damper on the idea, but its better finding
> > this out now then when your shipping the software :)

I wouldn't know the first step to take in actually making cash from a
product.

> > The most (I have or would do) is put a decent serial
> > number/key system in place. One that they can't simply

Depends on the product. A ?20 ($28) product definately does not need a
dongle costing nearly half as much to produce. However, a ?4000 ($5616)
product only sold to a small aount of clients definately justifies the extra
protection a dongle can provide.

Well, these are just my opinions. I may, and probably am a lot of the time,
be incorrect.

Regards,

David Stubbs

WEB: www.nti-uk.com
TEL UK: 07968 397782

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.