Common Mistakes on using Software License Dongles
2007-08-17 Common Mistakes on using Software License Dongles
As a responsible provider for software license dongle, we have published a book name <Software Encryption Theories and Applications>. Below are some of the summarized Developers' common mistakes on using Software License Dongles. Such mistakes if unlucky, will lead to the protected software being cracked and loss the meaning of using Software License Dongles.
Simple Search Mode
Many developers are only making use of the most basis function which is to perform a straight forward and simple search mode. This mode is used to determine whether if there is any valid dongle connected to the computer, if the valid dongle exist then the program is executed forward, else prompt error message and program suspended.
Tips : Making full use of the features provided, if it you can take years or months to develop your software applications, why can't you spend few more days to develop a better protection.
Memory Reading Distinction
This happen to software developers who are using memory dongle by simply reading out the all the memory contents, for the usage of the programs. By doing this, the dongle intercommunication interface would be unprotected exposed. It will cause the encrypted data to be traced and located and once the secured data is found, it is possible for the data to be simulated and the software is cracked.
Tips : Separate the memory contents into Reading and Writing parts, i.e. One place is for writing data and another place is for reading data. For advanced Software License dongles like ROCKEY6, developers can compiled core computation formula codes into the dongle encrypted memory and run this codes completed inside the dongle protected environment. Hacker can't crack even the encryption method is identified as there are too many compiled source codes needed to be interpreted.
Rely too much on Envelope Encryption
Many software developers always take favor of the Envelope Encryption method of which it is easy and straight forward to get protection integration done. It look fast and convenient but it is might not always secure. Envelope Encryption is only directly encrypt the binary executable file with certain standard encryption algorithms. Since a dongle Envelope Encryption can be easily available to anyone, it is possible some existing Envelope Encryption methods might have already cracked. Once it is cracked, it can easily decrypt the protected program become an unprotected program.
Tips : Combine Envelope and API integration, i.e. first integrate with API functions and last add additional security layer with the Envelope Encryption.
Regulated Input/Output Computation
In some cases, software developers might overlook the regulated Input/Output to be simulated much easily then an unregulated one. If the number of dongle outputs occur exactly after the number of the dongle inputs and all are regulated occurred, it will be possible for the data to be simulated sooner or later. All the hacker need is to figure out the computation pattern, it won't take long to crack the software.
Tips : Make Input/Output computation become more unregulated, sometimes delay the response for output at different program points, sometimes include some dummy functions to confuse the hacker on the actual computation. Try to choose Software License dongles that built with internal computation ability of which can separate the computation process from the computer environment.
Choose the wrong Software License Dongle
The fundamental to have a strong software protection is very much depending on the Software License dongle technology itself. Imagine if you have done a perfect integration but due to the dongle limitation where other can simply duplicate the hardware device, your software is not crack but the dongle does.
Tips : As selecting the right Software License dongle can be very crucial decision, if possible evaluate few different products and compare. Unless you have cost constraint, otherwise you should consider dongle that offer you highest security options.
Other Articles
|
