Set your software up as an internet service so that they never have the code on their machine to hack. James Caska caska@virtualbreadboard.com -----Original Message----- From: pic microcontroller discussion list [mailto:PICLIST@MITVMA.MIT.EDU]On Behalf Of Ashley Roll Sent: Thursday, May 09, 2002 11:25 PM To: PICLIST@MITVMA.MIT.EDU Subject: Re: [OT]: Software Protection Hi Amaury, I'm no expert, but I'm afraid I have to disagree. Once you lose physical control over the hardware key the user/attacker can bring any technology they like to bear against it with little chance of being discovered. I agree that some hardware dongles are not well implemented but the point is mute when talking about computer software as other posters have also pointed out - you just remove the checks from the program code and game over. The video protection systems also suffer because there is no way to stop a sufficiently determined attacker with even a modest budget attacking the dongle physically. They could just micro-probe the CPU in the dongle to extract the keys and again your protection is worth nothing. This has happened with numerous satellite broadcast systems already. You can find people on the Net that sell home-made smart cards using PICs that decode the broadcasts. There are also web sites describing how these attacks are done and also incidentally using the same techniques to extract code from copy protected microcontrollers including PICs. I can not condone this activity, but one must be realistic - at best your going to slow them down a little, but these people thrive on that challenge. It is something of a game to them; the more difficult or "interesting" you make it the more they will try to break it. Its depressing, but that is the way things are.. You can only do so much. The honest people will pay for your program, the dishonest would never have bought it anyway.. Cheers, Ash. --- Ashley Roll Digital Nemesis Pty Ltd www.digitalnemesis.com Mobile: +61 (0)417 705 718 > -----Original Message----- > From: pic microcontroller discussion list > [mailto:PICLIST@MITVMA.MIT.EDU]On Behalf Of Amaury Jacquot > Sent: Thursday, 9 May 2002 10:41 PM > To: PICLIST@MITVMA.MIT.EDU > Subject: Re: [OT]: Software Protection > > > > > > of course, this depends on how the dongle is implemented. > Most dongle-based systems are badly implemented. > The properly implemented dongle systems (for instance the leich > videoguard system is such a system, even if it does not protect > software, but video programmings) perform most of the protection > procedure through the decryption of data by the dongle itself > (keys are > stored inside). > properly done, this is virtually uncrackable. -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details. -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details.