Assessment of Dongle-based Software Copy Protection Combined with Additional Protection Methods

There are a lot of methods to fight against software illegal use, which can be divided into two major groups: software-based protection and hardware-based protection. One of the popular hardware-based software copy protection methods is based on special hardware called “dongle”. Dongle is a small USB, RS232 or LPT interface device usually, like USB flash pen, which protects applications from being illegally replicated from original copy. An application is not functional or looses major functionality without dongle plugged in host PC. Application is bound with particular dongle while dongle itself is almost impossible to clone or hack, hence illegally copied application is worthless. Many people and even some software developers and vendors think, that dongle based protection is very hard to break. But such method has its weak spot – communication between dongle and application logic. Communication security can be improved by using standard well known methods [1], [2] like AES, DES, 3DES, RC2, Rijndael, etc., however it only protects low level data transfer between dongle and application, and the attack can be performed at a higher level. Usually application protection is implemented by identifying dongle and checking some secret value, kept in dongle memory. But the problem is that modern software, independently from the programming languages and technologies, can be reverse engineered, disassembled or debugged. Attacker just needs to find code fragments, where applications asks dongle for some value, and place jump over those fragments, so hacked application completely ignores presence of dongle. We found some dongle vendors, which recommend having many calls to dongle, make them randomly and so on, but this adds just few additional minutes for attacker to spend without making protection really stronger. Recently more advanced dongles appeared, like Rockey (rockey.com.my), Keylok (keylok.com) and some other, which are able to hide some application part inside of them, and execute that part directly in the dongle. This is quite new and promising technology we believe is very hard to break, but it requires more research regarding security strength measurements. On the other hand there are a lot of conventional dongle vendors and users, so our investigation and experiments were intended to show, if it was possible to implement good copy protection using dongles without code execution in combination with other well known software protection techniques, like software packers, anti-debugging, code obfuscation and so on.