Hi everyone,
I saw some software using USB dongle as copyright protection. How do this method compare to using software only? Is there any advantage?
Regards
I doubt it. Never understood dongles. Unless what the dongle has can’t be stored in a file (it processes something externally) then it’s still not secure.
1 Like
There’s a type of software security where you have to have the dongle attached to the computer while running the software. The software is not on the dongle itself necessarily, the dongle is a key that unlocks the software.
It’s similar to a computer game that installs the software on your hard drive, but then checks that the disk is inserted in the drive every time you load the game up.
These things have been around for a long time. They used to get plugged into a serial or parallel port, now they can be USB.
Many thanks
Yes, the dongle can processes some simple, but still not broken secure algorithms. Microprocessor’s clock can reach tens Mhz while costs under a dollar. Hacking is hard and requires special tools, e.g microscope.
But if key is sent to computer then user can catch USB packets, read and copy it. I am trying to find a way to implement secure dongle, and I am thinking about apply online game model where USB dongle works as a micro server. But I don’t understand well how online game implement DRM, how they avoid letting user catch and patch encrypted keys
Any ideas?
Considering most software is going the digital distribution route, having a dongle to protect your software is probably a bad idea.
Sure if it’s a boxed only product, that costs large amounts of money and is specialised, then go for it.
But if you’re thinking about it for your game, I’d go against it.
I actually think most if not all DRM for entertainment products is pointless .
With something like Adobe Flash or Photoshop, ok i’ll deal with some DRM .
A game and I’m like I can just pay for and play something else . Steam is the only good DRM , the rest of the crap is like I have to stay online , if my connection drops I get kicked out of a single player game .
bad idea, many highend products how some of autodesk use usb dongle and in few time this protection is break, for me the best way to protect a game or a application is with the autorization via internet (posibly with a encripted key based in the ID of the client cpu proccesator ) but remember that either protection is perfect.
waste of money/time.
they can be hacked, and if your game gets popular enough, it will.
If it doesnt get popular enough to be hacked, it wasnt worth it.
The situations where I have seen dongles of various types in the business world have been high end software packages costing thousands or tens of thousands of dollars per seat. They can also be used for security purposes, making sure that only someone with this hardware dongle can access your data for example.
For anything less, as a user I would consider requiring a dongle to be too much.
Security always needs to strive to find that balance point that allows protecting your software without punishing your legitimate customers.
There is no advantage. The moment you ship your software to the user along with the dongle (and key) the protection is already gone. There is currently no method of software protection that is not undefeatable. Even the most sophiscated server side protection (storing crucial game data/gameplay mechanics only on server) has been proven useless in the face of hacker.
The only method of software protection that may be undefeatable is video streaming - eg. OnLive or Gaikai. ALL the software has to be store on server side and only videos are stream to the user based on user input. But even that - may even be defeatable if the hacker start attacking the server in which it resides on, or even worse - talented team re-create the game using tools like Unity or UDK (like a mod team) using video stream as art reference.
The only REAL software protection you can have really is to make your game free. If your game is 99c or free - there is little incentive for people to pirate it. Even for people who pirate those 99c games - it is way to much trouble for the time and effort to jail break and stay up to date.
In short, if you keep your game constantly updating, or make it free but with IAP or IAP contents, it will offer you better “protection” than most of the costly, high-end software protection.
Using a dongle will simply make it one step harder to crack.
No protection at all = the user can simply copy the files to another computer to execute
Some protection e.g. online activation = the user may have to actually crack the software of find where you are storing the data that says the product is unlocked.
Physical protection e.g. dongle = extra costs to the product and to distribution; but is usually still crackable
Some dongles e.g. (if I remember correctly) the Sentinel Superpro work in the same way as chip cards (chip cards probably copied them).
The dongle itself has a key stored in it that can’t directly be read. A random string is sent into the dongle, which the dongle then encrypts using this private key. This result then gets compared to the same action happening on your server - if it matches, then they have the exact dongle on their system and can proceed.
Although very secure in an environment like a credit card machine, when a hacker has full access to the device, they can simply change the code in your verification system to return “true” all the time, thus totally bypassing all your hard work.
I would recommend lookat at how Rainbow’s Sentinel Superpro works for copy protection ideas.
Many thanks
I am not asking this for my game, but for finding a solution to sell my hardware.
IMO I believe microprocessor is impossible to hack directly if carefully encrypted. Normally hardware is hacked by listen to unencrypted parts, e.g communication in system bus between ICs, but when everything is put on a microprocessor, it is only possible to hack by non tradition methods, e.g take off IC case and use microscope and UV light to erase registers… so it is not as easy as some of you said, but correct me if I was wrong. Those methods need expert skill and equipment, and mixed with individual encrypted key, even those methods are worthless because they need to hack every dongle
Also, I think I found the solution, again thank all you guys for your help
1 Like