Making Dongle (not cracking)

[dyn!o]

Quote:

[...]now i like to bulid my own dongle..[...]

You did not even precise the most important point: the purpose (dongle function). A dongle cand stand for a lot of different kind of hardware stuff (usually related to user authentication). My personal note based on own experience: you will not find any valuable help in the Internet (forums/mails) regarding dongle development topics. If not here then nowhere.


Hero: I will try to comment your post but please DO NOT get me wrong. I agree with your information in most of the points but just have to clarify few things to make sure ExeTools users receive correct information. It looks like you have experience regarding programmable logic and microprocessors (thus probably their description languages too). It is nice but people here use to talk mostly about software so they may get a little confused with so fast post concerning so many "alien" branches (if some other PLD maniac is here then she/he knows what I mean).

Quote:

1-If you want to make a dongle,it is not really that hard,because it is normally only a ROM,with deterministic states.

Uhm... the definition of "dongle" is not finished yet. I mean so far it's not precisely defined and in the real scientific community you can assume (extend the functionality) a own definition basing on the basic ones. We cannot say "it's a ROM only" since I have on my desk a selfmade CPLD dongle and as you know it's far from ROM device. For my own purposes it states as external virtual machine for the software.

Quote:

2-If you mean smart card,the answer will be deferent.In this case,you need some knowledge for programming Microprocessor,FPGA,etc. And making it will be more dificult,But then the simualtion will me more harder too.For example,implementing AES on FPGA is one of the bests.

Hmm... let me present my humble point of view in these few points.

First: A smart-card can state as a dongle too.
Assume a computer with built-in smartcard reader (a common case in various government agencies) and a smartcard itself, following ISO-7816 to obtain handy clean management stuff like file structures on the chip. Next, assume we have a software which communicates with the card and operates on a single smartcard word opcode 0x00B0 only (that is read binary command if anyone is interested in smartcards). So, we have a microprocessor inside the card which communicate via computer interface and checks the presence of some data. The microprocessor (card) can be (dis)connected at any time, even hot swapped. Wouldn't you agree it is a dongle?

Second: He does not need FPGA programming knowledge to program a smartcard.
FPGA use HDL (or VHDL if you like) but smartcards use microprocessor's specific language thus may be programmed on various ways, depending mostly on the microprocessor one chooses. It may be enough to communicate with the card and read a single byte; of course there are a lot of other security features like blocking the microprocessor with identification code in order to prevent reverses from reading that byte. One may use the common PIC assembly or many other already standarized solutions (like the above ISO-7816 example) for specifc circuits but he does not need HDL knowledge.

Third: Implementing AES on FPGA - the sense.
Your idea is good but nowadays common dongles (HASP, MARX, WIBU) use it already so it would not be optimal to repeat their job (well, ok. they do it on ASIC but it does not matter if we examine only AES feature being realized by the hardware). You can also order already manufactured "clean" dongles with programmer and API reference regarding built-in cryptography schemes (like AES). They all are cracked because software cracking has very little common with cryptography (you can always allow the dongle to decrypt the code, make dump of each decoded code block and rebuild the executable or inject calls to own dll in the places of crypted code). The point is to develop something new, like some sophisticated virtual machine engine located in the external unit... just an example.

Heroman: I hope you do not get me wrong. If you would not post your information then I would have been probably too lazy to post at this thread

Regards.