LEEK@QUCDN.QueensU.CA (06/28/90)
In article <CHUCK.PHILLIPS.90Jun24223953@haydn.FtCollins.NCR.COM>, Chuck.Phillips@FtCollins.NCR.COM (Chuck.Phillips) says: >problem could be overcome if C= simply provided a _socket_ for an ID (P)ROM >and sold the (P)ROM separately. Then, if you bought a new machine, you >could simply move the old (P)ROM to the new machine. Maybe C= and the new >league of C= developers could coordinate something. If C= puts in a socket, someone can put in a gadget to sort of bypass the system. One can make a battery backed RAM replacement for the ID PROM. If a program ABC needs ID 12345678, one simply program the RAM chip to give ID# 12345678. To make an illegal distribution of the program, one can copy the disk and also read off the PROM ID. (remember the ID has to be readable by m applications) This is the biggest flaw in the scheme. There is no way to provide secured access to the contents of the ROM. 2nd way to crack the system is to install a Bus Error exception upon access of PROM ID space (by a few TTL chips). The exception handler program can then supply whatever ID it wants. >If you've got a non-trial-and-error algorithm to reverse DES, please post. >;-) Believe it or not, there are some fairly sophisticated ways to >obfuscate encryption, how keywords are accessed, and how they are >validated. Of course, you can always reverse engineer the whole program... If I am not mistaken, the only problem with DES is that you can only sell it in U.S.A. (Canada too ??) (If I had a good algorithm for DES, I would not post it. I can probably make mega bucks using the algorithm for illegal things - illegal fund transfers etc) > >Kim> The ONLY effective method of combatting piracy is to sell *support*, >Kim> which includes continually improving and upgrading the products. And >Kim> of course, you only provide support to registered owners. That's one very good way for protection. Make the program cheap as possible. If you need help, you have to pay for it. Sounds fair. > >I don't agree with "only", but this is certainly _my_ favorite form of copy >protection! My second favorite would have to be a (P)ROM based system. Sorry PROM do not work too well. A better solution is a encryption based system which can be implemented on a microcontroller with security features. Break up the encryption function into tiny subroutines in EPROM or MASK ROM. Put the main program that do a whole bunch of calls to EPROM and the key on EEPROM with security bit set. (This is to save space in EEPROM. By dividing up the code into tiny subroutines makes it a bit harder to figure out the actual code sequence that gets called and also make it possible to update new encryption function 5 years down the road.) Both the application program and the microcontroller has to be able to answer challenges posted by the other as a form of verification. In this case, it will be a bit harder to duplicate the microcontroller as the encryption algorithm and the key are harder to get at. What happens if one of the software developer leaks the secret ??? > >Chuck Phillips MS440 >NCR Microelectronics Chuck.Phillips%FtCollins.NCR.com >Ft. Collins, CO. 80525 uunet!ncrlnk!ncr-mpd!bach!chuckp K. C. Lee P.S. In the LIKELY event that I am wrong about data encryption system and microcontroller, please feel free to correct me.
sparks@corpane.UUCP (John Sparks) (06/30/90)
ESDYKE@MTUS5.BITNET (Erick Dyke) writes: |To sum it up, if this new protection scheme of yours means that I as an |honest user must, pay more to run on my 2 machines, haul my equipment across |town (disconnecting it every time), or purchase a copier that will |remove the protection (while helping someone get rich off of piracy), |I rould rather let piracy run wild. |The whole idea of the type in the word method, is that it does not treat the |average user as a crook, by being as convienent as possiable. Your method |treats me as a common crook. I have to agree with Erick. The serial number lookup will be cracked (You can bet on it), and the end result will be that the honest users will have to put up with all the heartache of the scheme, while the pirates will have eliminated the protection and will have all of the convenience of the software and none of the heartaches. You will end up punishing only the honest people. The pirates will be laughing their asses off. -- John Sparks | D.I.S.K. 24hrs 2400bps. Accessable via Starlink (Louisville KY) sparks@corpane.UUCP | | PH: (502) 968-DISK A door is what a dog is perpetually on the wrong side of. - Ogden Nash
sparks@corpane.UUCP (John Sparks) (07/02/90)
hrlaser@crash.cts.com (Harv Laser) writes: |Micropro did something real interesting a couple years ago. They took out |full page ads in PC World and that ilk and announced the "WordStar |Upgrade Amnesty Plan." |They'd just released a new MAJOR upgrade of WordStar (can't remember |which version it was) which listed for $495.00. They would sell this |upgrade (the FULL sales package - box, manuals, buncha disks, warranty, |etc.) to anyone who provided a serial number from ANY older version of |WordStar, for $79.95. YOu edidn't have to send in any old-version disks, |you didn't have to send in _anything_ except a remittance and a serial |number. |I have no idea how their amnesty upgrade turned out nor how many new |sales it generated (I'd like to know these things) but it was a novel |approach to the old problem . BTW, WordStar's serial number appears |onscreen each time any version of the program is run so one didn't even |have to have any original label disks to get the number... it was |obviously an appeal to get WordStar pirates to go legit and buy the |real thing. I've never seen this done before or since by any software |company. Sheesh! I bet people were just reading the serial numbers off of their friends and companies copies and turning them in just to get the special low price. I know I would have. That doesn't mean I am a pirate, just a smart shopper. So you can't legitimately use the numbers of people who 'turned themselves in' as a count of how many pirated versions of WordStar were out there. If someone offers to sell you a $495 program for $75, and all you have to do is send in the serial number of one of their packages, hell, thousands of people will just ask their friends "Hey Bob, what the serial number off of your Wordstar package?"... Or they will peek at the number on their package at work. -- John Sparks | | D.I.S.K. 24hrs 2400bps. sparks@corpane.UUCP | | PH: (502) 968-DISK A door is what a dog is perpetually on the wrong side of. - Ogden Nash
Chuck.Phillips@FtCollins.NCR.COM (Chuck.Phillips) (07/04/90)
>>>>> On 30 Jun 90 15:23:30 GMT, sparks@corpane.UUCP (John Sparks) said:
John> The serial number lookup will be cracked
John> (You can bet on it), ...
John> The pirates will be laughing their asses off.
Using an ID PROM with active circuitry as described in my 5/18 post has an
interesting side effect. If a pirate goes to the trouble of creating
a PROM spoofer, it's going to be pretty obvious whose PROM was spoofed. ;-)
Just a thought,
--
Chuck Phillips MS440
NCR Microelectronics Chuck.Phillips%FtCollins.NCR.com
Ft. Collins, CO. 80525 uunet!ncrlnk!ncr-mpd!bach!chuckp