Thread: Build your own dongle
View Single Post
  #5  
Old 10-17-2005, 18:17
redbull redbull is offline
Friend
  
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
Look it will be easy to fool I dont doubt it.

The idea is to prevent people from simply revesing the standard ones like Sentinel and the others.

PIC controllers are cheap, they have built in code protection (Although I have come across code to crack / reverse this, it is very processor specific).

I like your idea of using the chip as a VM to create the required instructions.

I wrote a paper a long time ago on functional verification, which is using special constant (but caluclated) numbers as key numbers in functions within the application, or take it to the next level where a "key file" can contain not only key information but corresponding assembler code to inject into your own process and run (it will only run correctly if the key file is 100% correct).

TERMPAK's protection is similar to that in some regards.

Taos, Thanks for the info on the FT232 chip, very very handy!!! I normally go through Max232 to convert TTL to RS232, and then would have run it over a Prolic RS232-USB convertor (as a virtual COM port) to connect to USB. Its nice to know about other USB chips and options out there. (of course nothing stops the "cracker" from hooking the CreateFile API and modifying the returns for your calls to the USB device)

Here is an implementation on the PIC16F84A of a standard idea to just return a magic number from a valid "serial".

We will assume that we read the value from the PC into the W register and write our return value into W as well.
Code:
MAGIC1 EQU 013h
MAGIC2 EQU 01Fh
ScratchByte EQU 020h
ResultByte EQU 021h
proc MangleNumber
xorlw MAGIC1
andlw MAGIC2
movwf ScratchByte, f
movlw 1                      ; Bad condition
btfsc ScratchByte, 7     ; if the 8th bit is low then not good (skip the addlw) 
addlw 1
btfsc ScratchByte, 1     ; if the 1st bit is low then not good (skip the addlw) 
addlw 4
xorwf ScratchByte,W
return
endp MangleNumber
The code assumes we are working with 8bit registers (which is not really the case on PIC16f84A).

After MangleNumber is executes W will contain the following
Code:
Pseudocode for above ASM:
W = (W xor 0x13);
tmp = 1;
if (W&1==1) {
tmp++;
}
if (W&128==128) {
tmp+=4;
}
// If all was correct (eg bit 7 and bit 1 were set) 
// tmp will equal 6
// else tmp could be 1, 2 or 5
W = W xor tmp;
Of course the above is easy to reverse, so use something like CRC8 or more exotic non-reversable routines to get your magic number.
Reply With Quote