加密狗软件保护 [英] Dongle Software Protection

问题描述

我是这个论坛的新手，想问一下是否有人可以帮我解释usb加密狗硬件是如何正常工作并保护软件的？我们可以信任多少硬件？

I'm new to this forum and want to ask if someone can help me explaining how the usb dongle hardware exactly works and protects a software? How much we can trust that hardware?

推荐答案

这里： http：/ /en.wikipedia.org/wiki/Software_protection_dongle [ ^ ]

一个常见的误解是USB加密狗只能通过文件系统读取，但事实并非如此。这些加密狗具有允许读取和（限制）写入访问的特定库，并且所有这些操作仅与某些键一起使用，因此库本身无济于事。



我最近在我们的应用程序中集成了加密狗保护，可以说虽然它可能需要比广告所示的时间更长，但并不是那么难。



加密狗我们使用了几个密钥：

- 一个编码我们的公司，这对于在一个加密狗上存储来自不同公司的应用程序的许可证很有用。

- 另外三个用于验证密钥，读访问和写访问。如果一个密钥被黑客攻击，整个加密狗仍然不会受到损害。

- 每个加密狗本身也有一个唯一的ID，允许我们轻松识别特定的许可证。

- 还有一个远程更新加密密钥和一个用户密码，但我们还没有使用它们（还）



还有更多，例如用于存储过期日期的独立单元格，以及确保存在过期日期的方法没有篡改系统日期时间。



拦截访问函数和解释密钥并不容易，因为所有命令都被加密并包含带有随机值的附加伪参数。此外，实际上只有一个函数 - 通过参数列表对各个操作进行编码。所以有人看电话时只会看到一个函数被随机参数调用，没有明显的模式。



肯定不是故障保险。没有这样的系统。但肯定要难以破解。对于希望在不同机器上使用相同软件许可证的用户来说，它更为舒适。



根据我检查过的不同公司的数据表判断功能上有很多不同，只是在难以集成和定价方面。

A common misconception is that USB dongles can simply be read via the file system, but that is not the case. These dongles come with specific libraries that allow reading and (restricted) writing access, and all these operations only work in conjunction with some key, so the library alone doesn't help.

I recently integrated dongle protection with our application and can say while it may take longer than the advertisements indicate, it isn't all that hard.

The dongle we use has several keys:
- one encodes our company, and that is useful to store licenses from applications of different companies on one dongle.
- three more are used for validation of the key, read access, and write access. If one key gets hacked, the dongle as a whole still won't be compromised.
- There is also a unique ID for each dongle itself, allowing us to easily identify a particular license.
- There's also a 'Remote Update Encrypt Key' and a User PIN, but we're not using them (yet)

There's even more, such as an independent cell for storing an expiration date, and a method to ensure there was no tampering with the system date-time.

Intercepting the access functions and interpreting the keys isn't easy since all commands get encrypted and contain additional dummy arguments with random values. Also, there really is only one function - the individual operations get encoded via the argument list. So someone watching calls will only ever see one function being called with random arguments and no apparent pattern.

It certainly isn't failsafe. There is no such system. But it sure is lot more difficult to hack. And it's more comfortable for a user who wishes to use the same software license on different machines.

Judging by the data sheets of different companies I've checked there isn't a lot of difference in functionality, only in diffculty to integrate, and pricing.

这篇关于加密狗软件保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！