lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) (01/09/88)
I was thinking about having hardware dongles, and I was thinking about
the Apple Lisa (remember THAT? :). The Lisa had the machine's serial number
stored in the ROMs of the machine somewhere, and the first time brand-new
software was run, it would impress that machine's serial number onto the disk,
so that the software could not be run on any other machine. This was kind of
unpopular...
What I'm proposing is about two steps farther than that. First of all, this
would have to be designed INTO the machine, so it's too late for the current
crop of Amigas...
First, every computer would be shipped with a "personal dongle" (Actually,
probably would be shipped with two, just to be safe...). This "dongle"
is a chip on a simple mount with a pass-through so you could plug another
dongle on to the end. The chip on the dongle would recieve power from the
computer, and whenever it was accessed it would a) tell the computer the
serial number of the computer (person?) it came from, and b) access any
dongle(s) after it, passing this information on through as well. This is
plugged into a special dongle port on the side of the computer (maybe a
depression on the side, with a door you can close if there's only one dongle
plugged in...)
Second, buried DEEP within the OS, every time a disk is inserted into any
drive, it's checked to see if it is a "secure" disk (PD disks, or storage disks,
or whatever; don't necessarily have to be secure). If it is, and has the serial
number imprinted on it, it accesses the dongle port, and checks to see if any
of the serial numbers kicked out by the dongle port match; if one does, then
everything's fine; if none do, then the machine refuses to access the disk
(System Requester comes up, saying "either YOU plug the dongle with serial
# xxxx in, or _I_ eject the disk; which is it?"). If it is, but doesn't have
a serial port yet, a System Requester comes up, saying "Put the dongle you
wished to be IMPRINTED ON THE DISK as the FIRST dongle on the dongle port."
and lets you cancel if you wish (ejecting the disk), and makes SURE that that's
the serial number you want imprinted. (Of course, all disks are checked
every time you power up, or reset.)
Of course, all disks would have a "developer number(s)" on them, so if you
sent it back to the company THEY would be able to use it. :)
The upshot? You get your new computer home, stick in the dongle, close the
door. Click through all the System Requesters it wants, as above. You buy
a neat new game, stick it in, imprint it with your serial #. Play a while,
decide you want to show this neat new game to your neighbor, who has also
bought one of these new computers. You take out your disk, and also take
out your dongle. Go over, and stick your dongle on to the end of his, and
you're set to go.
This gets rid of all the hassles of normal, software-specific dongles (if
you have numerous programs that all require dongles, you've got a clutter of
'em real quick, as well as not being able to run them simultaneously...); and
yet protects the developer _totally_.
What'cha think? Is this workable at all? Is this a useful enough idea for
someone to actually bother moving it to the correct newsgroup (if there is one)?
Whatever you think, please-- no flames (as if I would EVER want them?). Just
insidious, sarcastic commentary, dished out as necessary. Thanx....
(P.S. If everyone decides that this IS a great idea, I reserve all claims to
this idea!! So THERE. Heh heh heh...)
--
.. . . . . . . . . . . .
.. . . . . . . . . . . .
| _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU
L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3
larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET
^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v
Disclaimer: All original text above was pointless & random, & it makes me proud.
. . . . . . . . . . . ..
. . . . . . . . . . . ..
spencer@eris.BERKELEY.EDU (Randy Spencer) (01/10/88)
In article <8801090958.AA20842@ucscb.UCSC.EDU> lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU writes: > > I was thinking about having hardware dongles, and I was thinking about >the Apple Lisa (remember THAT? :). The Lisa had the machine's serial number >stored in the ROMs of the machine somewhere, and the first time brand-new >software was run, it would impress that machine's serial number onto the disk, >so that the software could not be run on any other machine. This was kind of >unpopular... > What I'm proposing is about two steps farther than that. First of all, this >would have to be designed INTO the machine, so it's too late for the current >crop of Amigas... I have yet to see the advantage of hardware protection, I think it is just really screwy to do stuff like that, I have got three Amigas on this desk here at home, if I buy a piece of software (course, that'll be the day, I just trade my companies software for whatever I need...), if I buy a piece of software, and it works on one machine, but not on the rest of the desk I would feel pretty screwed. What happens when I have moved the BBS over to machine 2 (Duey), and I want to run a piece of software on machine 3 (Louie), while the first machine finishes formatting a hard disk, but no! I originally ran that software on Duey, and it won't recognize Louie, but there is someone on the BBS, so I can't bring it down to run the software. That would suck worse than DAT copy protection, OK, OK, DAT copy protection is the worst thing that could happen to humanity, but hardware protection would be pretty bad! There just isn't a solution, so stop talking about protecting my software, and spend the effort on making the software something really impressive! >larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Randy Spencer P.O. Box 4542 Berkeley CA 94704 (415)222-7595 spencer@mica.berkeley.edu I N F I N I T Y BBS: (415)222-9416 ..ucbvax!mica!spencer s o f t w a r e AAA-WH1M -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
stever@videovax.Tek.COM (Steven E. Rice, P.E.) (01/10/88)
In article <8801090958.AA20842@ucscb.UCSC.EDU>, Larry Hastings (lupin3@ucscb@ucscc.BITNETlupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU) writes: > . . . > First, every computer would be shipped with a "personal dongle" . . . > Second, buried DEEP within the OS, every time a disk is inserted into > any drive, it's checked to see if it is a "secure" disk (PD disks, or > storage disks, or whatever; don't necessarily have to be secure). If it > is, and has the serial number imprinted on it, it accesses the dongle > port, and checks to see if any of the serial numbers kicked out by the > dongle port match; . . . > Of course, all disks would have a "developer number(s)" on them, so if you > sent it back to the company THEY would be able to use it. :) > . . . Two problems immediately spring to mind: 1. What if you lost your dongle(s)? Can you get a replacement and get up and running overnight, as you can if your hard disk dies? Or are you stuck because there is no way to get a replacement? 2. A fundamental rule of computer security (and one that has been ignored by most [all?] posters on this subject) is that before the programs that run on a computer can be secure, the computer must be physically secure. While the DOD can do this (armed guards and the works!), this is not possible with personal computers. If you lose the dongle, you are up an odoriferous estuary without a means of propulsion. If you buy a replacement dongle that has a different number, at the very least you will have to send all your software back to the manufacturers to have them wipe the dongle number out of it so you can put the new dongle number in it. But even more fatal to this idea is the existence of physically unsecure computers (yours, mine, and everyone else's except DOD, NSA, and a few others). No matter how "DEEP within the OS" you embed the checking, it is rather simple to disassemble the OS, FileZap the check so it always passes, and pirate merrily along. If the OS is in ROM, a quick ROM modification will do the job nicely. No one would buy a computer which was built like a bank vault and designed to self-destruct if anyone tampered with it. Yet that is what it would take. Even then, some would pry into it, just for the thrills. If you didn't want to modify your operating system, you could FileZap the disk to its "pristine" state. You might even do this on another kind of machine, which doesn't normally use the same kind of file system, but can be programmed to read and write foreign formats. And, once you had it "pristine" again, you might decide to make a backup copy or two or ten. . . General Instruments has had a great deal of trouble with people who pirate scrambled satellite broadcasts which have been encoded with VideoCypher II. They have surrounded the chip containing the authorization codes with all kinds of protection (e.g., one slip of the probe and you'll remove battery power for an instant -- and bye, bye numbers!). But the pirates have managed to peel off most of the protection. I'm afraid pirating will be with us for a very long time. While I know of no panaceas, the suggestion (by whom I don't recall) of a "neighborhood watch" style program is a good one. If you find a BBS which has pirated software on it, call the publisher of the software and give them the BBS name and phone number. Even if you do so anonymously, they will have enough information to check it out. And the publishers have an incentive to do something about it! Steve Rice ----------------------------------------------------------------------------- * Every knee shall bow, and every tongue confess that Jesus Christ is Lord. * new: stever@videovax.tv.Tek.com old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever
farren@gethen.UUCP (Michael J. Farren) (01/10/88)
In article <8801090958.AA20842@ucscb.UCSC.EDU> lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU writes: > The upshot? You get your new computer home, stick in the dongle, close the >door. Click through all the System Requesters it wants, as above. You buy >a neat new game, stick it in, imprint it with your serial #. Play a while, >decide you want to show this neat new game to your neighbor, who has also >bought one of these new computers. You take out your disk, and also take >out your dongle. Go over, and stick your dongle on to the end of his, and >you're set to go. How about this upshot, instead: you take out your disk, and take out your dongle. In the process, one of the pins on the dongle gets damaged (as it will, invariably, if you do the old in-out-in-out enough). When you get over to your friends, you try and insert your dongle into his computer. It seems to go in o.k., but the pin you've previously damaged has shorted the five volt supply directly to an input pin on his computer's dongle port, burning it out. The next time he tries to use his own dongle, nothing happens. He then comes over to your house with a ten-pound sledge hammer, which he proceeds to apply to your computer, with enthusiasm. Dongles: just say "Jeez, what a STUPID idea!" -- Michael J. Farren | "INVESTIGATE your point of view, don't just {ucbvax, uunet, hoptoad}! | dogmatize it! Reflect on it and re-evaluate unisoft!gethen!farren | it. You may want to change your mind someday." gethen!farren@lll-winken.llnl.gov ----- Tom Reingold, from alt.flame
lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) (01/11/88)
+-In article <6512@jade.BERKELEY.EDU>, spencer@eris.BERKELEY.EDU (Randy Spencer) wrote:- +---------- | | What happens when I have moved the | BBS over to machine 2 (Duey), and I want to run a piece of software on | machine 3 (Louie), while the first machine finishes formatting a hard disk, | but no! I originally ran that software on Duey, and it won't recognize | Louie, but there is someone on the BBS, so I can't bring it down to | run the software. | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Randy Spencer P.O. Box 4542 Berkeley CA 94704 (415)222-7595 | spencer@mica.berkeley.edu I N F I N I T Y BBS: (415)222-9416 | ..ucbvax!mica!spencer s o f t w a r e AAA-WH1M | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | +---------- You said they were Amigas, so multi-task! :) Actually, a very good point, and also easily solvable. When you bought Duey and Louie, you sent in your registration card to C-A, and say "I want my new machine's dongles changed"... and they give you new dongles that work with your first machine's serial #. (I was thinking there could be a burnable area on the dongle, that you could burn your name into so it would print your serial # and your name (not that your name would be part of the protection), so in this case they could mark the dongles as B and C, or as Duey and Louie...) Anyways, while you were waiting for these in the mail, you just use the dongle you already have (and maybe your backup on a second machine) to go about your daily business. Better? dongles changed -- .. . . . . . . . . . . . .. . . . . . . . . . . . | _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3 larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET ^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v Disclaimer: All original text above was pointless & random, & it makes me proud. . . . . . . . . . . . .. . . . . . . . . . . . ..
cmcmanis%pepper@Sun.COM (Chuck McManis) (01/11/88)
Dongles fail for a lot of reasons, but lets look at this more as a key rather than as an interface ok? So you build a 'standard' keyhole in the computer which is nothing more than an interface to read a key device. On suggestion I heard once was a credit card with a magnetic stripe on the back that contains the serial number. Run the program, zip the credit card through the slot on the front, and voila the program starts. A more interesting 'key' was the one proposed by some users group that had an EEPROM in it. Seems the software would read the key, and then change the eprom. (Recording the number of times it had been read or something) Then the software could authenticate the keyvalue with it's internal value and if you duplicated the key physically, you couldn't run it more than once with the bogus key. (Which would become the valid key because the original would now have an invalid number in it). This scheme eliminated the 'dangling dongle' syndrome because you only had to put it in when the program started. You could leave the key in if you only used that one program. Anyway, it made a reasonably workable solution out of the existing unworkable one. The only problem was that a computer manufacturer had to bite the bullet and put the 'keyhole' in to the machine as standard equipment. Well that raises prices, and that makes the box less competitive, etc and basically no one was willing to gamble on the increased revenue from all these grateful software vendors porting their software. --Chuck McManis uucp: {anywhere}!sun!cmcmanis BIX: cmcmanis ARPAnet: cmcmanis@sun.com These opinions are my own and no one elses, but you knew that didn't you.
lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) (01/11/88)
+-In article <4779@videovax.Tek.COM>, stever@videovax.Tek.COM (Steven E. Rice, P.E.) wrote:- +---------- | | In article <8801090958.AA20842@ucscb.UCSC.EDU>, Larry Hastings | (lupin3@ucscb@ucscc.BITNETlupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU) writes: | | > . . . | | > First, every computer would be shipped with a "personal dongle" . . . | | > Second, buried DEEP within the OS, every time a disk is inserted into | > any drive, it's checked to see if it is a "secure" disk (PD disks, or | > storage disks, or whatever; don't necessarily have to be secure). If it | > is, and has the serial number imprinted on it, it accesses the dongle | > port, and checks to see if any of the serial numbers kicked out by the | > dongle port match; . . . | | > Of course, all disks would have a "developer number(s)" on them, so if you | > sent it back to the company THEY would be able to use it. :) | | > . . . | | Two problems immediately spring to mind: | | 1. What if you lost your dongle(s)? Can you get a replacement and get up | and running overnight, as you can if your hard disk dies? Or are you | stuck because there is no way to get a replacement? | | If you lose the dongle, you are up an odoriferous estuary without a means | of propulsion. If you buy a replacement dongle that has a different | number, at the very least you will have to send all your software back | to the manufacturers to have them wipe the dongle number out of it so | you can put the new dongle number in it. | +---------- You deleted then next phrase... it ~= said "First, every computer would be shipped with a 'personal dongle' (or probably two, just to be safe)". If you lost one, you use your backup, and send off to the company for another one (costing you $5 or something to get a new one made up). If you lose BOTH of them, then you lose out for a little while, but you're probably the kind of person who loses 3 car keys a week, and should order your dongles in batches of 20. +---------- | | 2. A fundamental rule of computer security (and one that has been ignored | by most [all?] posters on this subject) is that before the programs | that run on a computer can be secure, the computer must be physically | secure. While the DOD can do this (armed guards and the works!), this | is not possible with personal computers. | | But even more fatal to this idea is the existence of physically unsecure | computers (yours, mine, and everyone else's except DOD, NSA, and a few | others). No matter how "DEEP within the OS" you embed the checking, it | is rather simple to disassemble the OS, FileZap the check so it always | passes, and pirate merrily along. If the OS is in ROM, a quick ROM | modification will do the job nicely. No one would buy a computer which | was built like a bank vault and designed to self-destruct if anyone | tampered with it. Yet that is what it would take. Even then, some | would pry into it, just for the thrills. | +---------- I was thinking about this (because of mail I got on the subject) and decided that the security checker should also be the entire I/O chip, with either the ROM for security checking built on to the chip or attached to it somewheres; and that the whole assembly should be surrounded in epoxy and plugged in to the mother board. In any case, my original intention was to have this security checking so integral to the system that this couldn't be "rather simple" to do... sort of like the flying barnacles that attached themselves to your spinal column on Star Trek. You couldn't just surgically _remove_ them... +---------- | | If you didn't want to modify your operating system, you could FileZap | the disk to its "pristine" state. You might even do this on another | kind of machine, which doesn't normally use the same kind of file | system, but can be programmed to read and write foreign formats. And, | once you had it "pristine" again, you might decide to make a backup | copy or two or ten. . . | +---------- But, first of all, you shouldn't be able to putz around with the state of the security on the disk ("FileZapping it to the pristene state" would be hands off). Seeing as how all the file I/O goes through the I/O chip, perhaps it would not let you READ the security section of the disk. Anyways, all I can offer for the second suggestion is... if it's a secure disk for this _future_ machine, then the manufacturer wouldn't want you reading it on foreign machies, and could play hell with the format. If you didn't _know_ the format of storage on a secure disk, you couldn't read it... +---------- | Steve Rice | new: stever@videovax.tv.Tek.com | old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever | +---------- -- .. . . . . . . . . . . . .. . . . . . . . . . . . | _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3 larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET ^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v Disclaimer: All original text above was pointless & random, & it makes me proud. . . . . . . . . . . . .. . . . . . . . . . . . ..
lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) (01/11/88)
+-In article <559@gethen.UUCP>, farren@gethen.UUCP (Michael J. Farren) wrote:- +---------- | | In article <8801090958.AA20842@ucscb.UCSC.EDU> lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU writes: | > The upshot? You get your new computer home, stick in the dongle, close the | >door. Click through all the System Requesters it wants, as above. You buy | >a neat new game, stick it in, imprint it with your serial #. Play a while, | >decide you want to show this neat new game to your neighbor, who has also | >bought one of these new computers. You take out your disk, and also take | >out your dongle. Go over, and stick your dongle on to the end of his, and | >you're set to go. | | How about this upshot, instead: you take out your disk, and take out | your dongle. In the process, one of the pins on the dongle gets damaged | (as it will, invariably, if you do the old in-out-in-out enough). | When you get over to your friends, you try and insert your dongle into | his computer. It seems to go in o.k., but the pin you've previously | damaged has shorted the five volt supply directly to an input pin on | his computer's dongle port, burning it out. The next time he tries | to use his own dongle, nothing happens. He then comes over to your | house with a ten-pound sledge hammer, which he proceeds to apply to | your computer, with enthusiasm. | | Dongles: just say "Jeez, what a STUPID idea!" | +---------- I was thinking the dongle would be on a 9 pin serial, the male end being in the computer... you know, like the mouse and joystick ports on the Amiga? I have never run into any pins getting damaged on those (in my years of using Atari 2600s, C-64s, Atari computers, Amigas....) Also, how often would you be taking out your dongle? Not all that often; besides, what I would do (if these hypothetical computers came with 2 dongles, like they should) would be leave one in the computer all the time, and take the second one over to my friend's... And I like the idea of dongles better than the idea of having software companies spending money to try to protect software, and it all being for naught... +---------- | | Michael J. Farren | "INVESTIGATE your point of view, don't just | {ucbvax, uunet, hoptoad}! | dogmatize it! Reflect on it and re-evaluate | unisoft!gethen!farren | it. You may want to change your mind someday." | gethen!farren@lll-winken.llnl.gov ----- Tom Reingold, from alt.flame | +---------- -- .. . . . . . . . . . . . .. . . . . . . . . . . . | _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3 larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET ^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v Disclaimer: All original text above was pointless & random, & it makes me proud. . . . . . . . . . . . .. . . . . . . . . . . . ..
cthulhu@athena.mit.edu (Jim Reich) (01/12/88)
In article <38413@sun.uucp> cmcmanis@sun.UUCP (Chuck McManis) writes: > The only problem was that a computer manufacturer had to >bite the bullet and put the 'keyhole' in to the machine as standard >equipment. Well that raises prices, and that makes the box less competitive, >etc and basically no one was willing to gamble on the increased revenue >from all these grateful software vendors porting their software. Might as well be a bit more honest here -- not only would grateful software vendors not immediately stand behind a machine just because of protection, but they would, as usual, take a "wait and see" attitude. They certainly wouldn't go so far as to lower prices... few vendors, new machine = high prices, and let's face the fact: people wouldn't buy a machine with built-in protection. We might as well face the facts: a very significant percentage of computer buyers, particularly early computer buyers, are pirates and wouldn't purchase such a machine. The software companies know it, the hardware manufacturers know it and the users know it. Only one company might have any chance of pulling off such a scheme, and that's IBM, and even they aren't stupid enough to try it. In any case, it would only be a matter of time until ANY protection scheme is broken in one way or another -- perhaps compaq would release a "noprot" compatible which bypasses the protection but runs the programs, or, quite likely, all the pirates would simply make replacement ROMs. The basic fact is that THERE IS NO WAY TO STOP PIRACY. Current protection schemes do nothing more than annoy legitimate users. The only thing that might have an effect on piracy is a lowering of prices -- many "small-scale" pirates still buy software, and merely pirate what they can't afford to buy. Most companies have already come to terms with these inevitable losses and take the more reasonable approach of only striking against blatant, "large scale" pirates who do such things as selling pirated software or operating bulletin boards. Any more drastic measures cause more trouble than good. -- Jim
gardner@prls.UUCP (Robert Gardner) (01/12/88)
In article <8801110635.AA03499@ucscb.UCSC.EDU> lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU writes: >Seeing as how all the file I/O goes through the I/O chip, perhaps >it would not let you READ the security section of the disk. An interesting idea I heard in the early days of the Mac was to have a sector on the disk that could be READ by the hardware but could not be WRITTEN, except by very expensive drives. Turns out this is just a clever way of making a key-disk scheme, though, with all the problems associated with that. And it also standardizes the access code to the special area of the disk so it is very easy to check for references by the program to that sector. It's then just a matter of figuring out for each program what it expects to find there. Another interesting scheme is to have hardware that can partially write a bit such that when read it will random value. Then the program just reads it several times. If it always gets the same result it knows it is on a copied disk. Again defeatable by someone who knows where in your code you make the check and can trap the disk access, always returning a random value. I just don't see how any copy protection scheme can be completely foolproof because some clever programmer can figure out where you check for the copy protection and alter it. It then becomes a race to see who can keep ahead, the developer or the cracker. The best solution is to provide good support and a hard-to-copy but absolutely necessary manual. Of course, these days software that can be used without the manual sells better (and is more fun to develop).... Contrary to opinions expressed here earlier, I do think piracy hurts developers, especially small ones that would like to expand and produce more/better products but can't generate the revenue to do it. I believe I could provide hard evidence that piracy has hurt my development efforts and made it much harder for me to earn a living in software development. (I have yet to copy protect a commercial product, but that may change...) The worst part about piracy is that people do it without really realizing that it's wrong, illegal, and damaging to their own (long term) self interests. How many VCR movies or audio tapes/records have you illegally pirated? I'm very guilty there -- or was before I got into software and began to realize what I was doing. It just never occurred to me before that making a copy of someone else's record was illegal! Piracy, I believe, is an educational/social problem that probably cannot be solved through hardware/software tricks. There are ways to minimize your losses, but what is needed is more education -- and not just via bboards and user groups. Robert Gardner
wtm@neoucom.UUCP (Bill Mayhew) (01/12/88)
How about a graphics program with a nifty light pen, or an image digitizer program with a gizmo that sticks in the printer port, or a neat sound digitizer and audio editor with a little device that plugs in the game port, or a word processor with a novel simple to use OCR wand, or.... Idea: get some hackers and EEs together and cook up a neat program that useses a real keen widget that isn't exactly easy to reproduce in single copies. The widget (light pen, sampler, digitizer, OCR, etc) makes the program so useful everybody wants to run out and snap one up. Eventhough I could have pirated DigiView, it would have been fairly difficult for me to knock off the gizmo that does the digitizing, thus I just went out and bought the program; it wasn't that expensive anyhow. You've got to make a program that isn't useful without the dongle and vice versa. If it works sans dongle surely some enterprising person will just patch out the dongle checking part of the program. And-- it'll be on every pirate BBS in a day or two. --Bill
daveh@cbmvax.UUCP (Dave Haynie) (01/13/88)
in article <8801090958.AA20842@ucscb.UCSC.EDU>, lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) says: > Keywords: "personal" dongle > Summary: does this sound workable to you too, or am I just a numbskull? > This gets rid of all the hassles of normal, software-specific dongles (if > you have numerous programs that all require dongles, you've got a clutter of > 'em real quick, as well as not being able to run them simultaneously...); and > yet protects the developer _totally_. Nope. Only until Joe Cracker learns enough about the OS to disassembler the trackdisk.device, remove the dongle check, and re-assemble that device driver. Then, when he first boots up, he RamKicks his new driver, and disks are no longer checked until he powers down. Don't think it wouldn't happen. I do like this dongle-key idea better than what you normally see these days in terms of program-specific dongles, or locked-in CP codes like you find on some Workstations, in that it doesn't prevent me running several locked programs at once, or transporting locked programs between work and home as long as my dongle follows. The problem is that, being a standarized CP method, there's more insentive for a Cracker to crack it than if it were an individualized system. I have no evidence that there's anything out there that can't be cracked; look at how the Video Cypher II system has been cracked. They're now resorting to examining each unit out there very often to check for it running Cracked code. I don't expect to be launching AmigaSat-I any time in the near future to Big-Brother such a CP scheme, so I don't expect that any CP scheme will work given sufficient insentive to crack it. > (P.S. If everyone decides that this IS a great idea, I reserve all claims to > this idea!! So THERE. Heh heh heh...) > | _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU > L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3 > larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET > ^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v > Disclaimer: All original text above was pointless & random, & it makes me proud. -- Dave Haynie "The B2000 Guy" Commodore-Amiga "The Crew That Never Rests" {ihnp4|uunet|rutgers}!cbmvax!daveh PLINK: D-DAVE H BIX: hazy "I can't relax, 'cause I'm a Boinger!"
stever@videovax.Tek.COM (Steven E. Rice, P.E.) (01/13/88)
In article <8801110635.AA03499@ucscb.UCSC.EDU>, Larry Hastings (lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU) responded to my article <4779@videovax.Tek.COM>, which was in reply to his previous article, <8801090958.AA20842@ucscb.UCSC.EDU>. Larry had suggested hardware support for copy protection which would be, in his words, "buried DEEP within the OS." I demurred, suggesting that: >> If you lose the dongle, you are up an odoriferous estuary without a means >> of propulsion. . . . Larry replied: > You deleted then next phrase... it ~= said "First, every computer would be > shipped with a 'personal dongle' (or probably two, just to be safe)". If > you lost one, you use your backup, and send off to the company for another > one (costing you $5 or something to get a new one made up). If you lose > BOTH of them, then you lose out for a little while, but you're probably the > kind of person who loses 3 car keys a week, and should order your dongles > in batches of 20. I deleted the "next phrase" to keep the length down. But I know the type of person you are talking about! (I am married to one. I had to dash downtown just before Christmas last year and pick up new locks for the house because my wife lost her keys in one of the local stores. And there is a constant "Does anyone know where my keys are?" game going on at our house.) We also have a 4-year-old who has been known to flush various and sundry things down the toilet. The point is that you are asking people to trust the usefulness of their computer to a bit of metal and plastic. If you lose a disk, you have lost the use of that program. If you lose the dongle, you have lost the use of *all* your programs! I also pointed out that: >> 2. A fundamental rule of computer security (and one that has been ignored >> by most [all?] posters on this subject) is that before the programs >> that run on a computer can be secure, the computer must be physically >> secure. While the DOD can do this (armed guards and the works!), this >> is not possible with personal computers. Larry responded: > I was thinking about this (because of mail I got on the subject) and > decided that the security checker should also be the entire I/O chip, with > either the ROM for security checking built on to the chip or attached to it > somewheres; and that the whole assembly should be surrounded in epoxy and > plugged in to the mother board. In any case, my original intention was to > have this security checking so integral to the system that this couldn't > be "rather simple" to do... sort of like the flying barnacles that attached > themselves to your spinal column on Star Trek. You couldn't just surgically > _remove_ them... I'm sorry, but that is hardly consistent with the world we live in! If I can get at the internals of the machine *at all*, I can determine what is going on and fudge a way around it! If nothing else, I can insert a bit of hardware in the path to the dongle port that causes an exception when an access attempt is made. I can then handle the exception and drop into a debugger, with a very good idea of what the program expects to do with the dongle data. Or, I can hook up a logic analyzer to the bus [Tektronix makes them, if you're in the market 8^) ] and analyze the instruction stream associated with various port accesses. Once I have built up a picture of what is going on, I can build substitute hardware and software that couldn't give a fig about whether I dongle or don't. . . Larry also didn't like my suggestion that: >> If you didn't want to modify your operating system, you could FileZap >> the disk to its "pristine" state. You might even do this on another >> kind of machine, which doesn't normally use the same kind of file >> system, but can be programmed to read and write foreign formats. And, >> once you had it "pristine" again, you might decide to make a backup >> copy or two or ten. . . > But, first of all, you shouldn't be able to putz around with the state > of the security on the disk ("FileZapping it to the pristene state" would > be hands off). Seeing as how all the file I/O goes through the I/O chip, > perhaps it would not let you READ the security section of the disk. > Anyways, all I can offer for the second suggestion is... if it's a secure > disk for this _future_ machine, then the manufacturer wouldn't want you > reading it on foreign machies, and could play hell with the format. If > you didn't _know_ the format of storage on a secure disk, you couldn't > read it... Be highly suspicious when your arguments contain words like "shouldn't"! This usually indicates that you are attempting to evade reality. . . Because a disk is a magnetic entity, and we have spent the last 40 or so years perfecting means of writing to them, I certainly can "putz around with the state of the security on the disk"! Further, the suggestion Larry ignored (that one "might even do this on another kind of machine, which doesn't normally use the same kind of file system, but can be programmed to read and write foreign formats") is an easy way around this problem. See what the future holds: The year: Sometime in the future, when peace and harmony "should" reign, enforced by the ubiquitous dongle. The scene: A dimly-lighted room in an urban setting, filled with computers of all descriptions, piles of books, and a veritable mountain range of listings. The crime: "Hmmmm. . ." says the evil pirate to himself, leering wickedly at the {8" | 5-1/4" | 3-1/2" | whatever} disk in his hand. Determined to contravene the laws of men and of nature, he inserts the disk into his ancient {Altair | Amiga 1000 w/SideCar | Amiga 1000 | whatever}. Muttering incantations, he calls up an evil CLI spirit, which causes the disk to begin rotating. At first, the bit stream is mere gibberish, but then patterns begin to emerge. "Yup! 9 sectors per track, just as I thought!" the pirate chortles. A few more adjustments, and the pattern of flux reversals is reproduced on a second disk. "Now, for the acid test!" he cries, inserting the freshly-minted disk into a shiny new DongleFlitzer 2000000 Model 384450, running OS/347 (rev. level 94T). The machine stares glassily at the pirate with its cyclopsean eye for a long moment, before blinking and flashing the message, "Dongle code written to the disk. Don't even *think* of using this program on any other machine!" A sneer curls across the pirate's face as he makes contemptuous comments about Electromagnetic Aardvarks, the company whose copy protection he has so easily defeated. Over on the other desk, the ancient {Altair | Amiga 1000 w/SideCar | Amiga 1000 | whatever} purrs softly as it churns out {8" | 5-1/4" | 3-1/2" | whatever} disks. Another scene: The Security Council chambers of the Untied Notions building. Worried delegates peer at screens that blink and flicker. Some of the screens display, "Your DongleFlitzer is alive (Ha, Ha, Ha)!" Others flash irritatingly at the minions surrounding them, declaring that the dongle which was in use was a fake and has been zapped by application of full power supply output to the dongle port. Smoke curls from the dongle ports of these machines. Disaster and dissolution: At the Untied Notions, gloom reigns. The Security Council has been meeting for hours, trying to decide what to do about the latest rash of pirated software. Their deliberations are particularly difficult, because the data banks they rely upon have been hopelessly corrupted by virus-killer in a commercial product which claimed to be able to "leap tall viruses with a single bound." When the software was installed, the virus detector had noticed a suspicious pattern of data in one of the networked DongleFlitzers and decided to alter it subtly. Unfortunately, the "suspicious" data was its own virus detection software, which, in its altered state, declared that viruses were everywhere. By the time it had made the world safe for donglekind, nothing worked quite right. As the delegates pondered what to do about this latest blow, a military attache hurried into the room, rushing straight up to the United States delegate. Without a word, he handed a sealed envelope to the delegate, turned on his heel, and strode out. All eyes focused on the US delegate as he ripped open the envelope. The delegate's face blanched, and he leaned on the desk for support. After a moment, he motioned for silence. In a choked voice, he began, "It's hopeless! Civilization is collapsing around us, and we can't act because of a bent dongle pin." Overcome, he buried his face in his hands and began to cry. The other delegates crowded around him, some to offer comfort, some attempting to read the note he still clutched. The US delegate struggled to regain his composure. In a hoarse whisper, he continued, "This is the worst crisis I can imagine. At this very moment, mobs are gathering in the streets of a thousand cities around the world, looting and burning dongle factories, dongle warehouses and government dongle registration offices. And we can't call out our peace-keeping forces because their computers are rejecting all email!" A burly delegate from the Soviet Union asked the reason. His American counterpart replied, "Because the verification dongle for Security Council messages was inserted incorrectly and a pin broke." "What about the backup dongle?" a delegate shouted. "Where is the backup?" "It was mixed in with the dongles for the secretarial pool by mistake," interjected the Security Council president. "When a secretary attempted to run Locust, the DongleFlitzer blasted the dongle because the authorization code was wrong." The US delegate raised his hand for silence. "You haven't heard the worst! Do you know why the riots are occurring?" He glanced at the silent delegates. "I'll tell you why. This morning, the Coca Cola company announced that its secret formula had been destroyed because of a dongle failure. That's why!" There was stunned silence for a moment, as the delegates sagged into their seats. Some began to cry softly. One shouted in anger, shoving his DongleFlitzer off its stand. It crashed to the floor, the dongle popping out and spinning under a nearby chair. In the moment between the impact and the corruscation of sparks that followed, the dreaded "Invalid Dongle: Erasing Network Storage" message flashed on the screen. Hard disks all over the building began grinding. When the hard disks stopped, another sound intruded into the delegates' consciousness -- sirens! Outside the building, a mob had begun to form, while smoke boiled from a nearby dongle replacement center. The long descent into savagery had begun. . . Steve Rice ----------------------------------------------------------------------------- * Every knee shall bow, and every tongue confess that Jesus Christ is Lord! * new: stever@videovax.tv.Tek.com old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever
stever@videovax.Tek.COM (Steven E. Rice, P.E.) (01/13/88)
In article <38413@sun.uucp>, Chuck McManis (cmcmanis@sun.UUCP) writes: > [ "Credit card" dongle suggestion ] > . . . A more > interesting 'key' was the one proposed by some users group that had an > EEPROM in it. Seems the software would read the key, and then change the > eprom. (Recording the number of times it had been read or something) Then > the software could authenticate the keyvalue with it's internal value > and if you duplicated the key physically, you couldn't run it more than > once with the bogus key. (Which would become the valid key because the > original would now have an invalid number in it). > . . . But if you duplicated *both* the disk *and* the dongle, they would be in perfect sync! So, instead of just copying a disk, you copy the disk and the dongle. And the pirates win again. . . Steve Rice ----------------------------------------------------------------------------- * Every knee shall bow, and every tongue confess that Jesus Christ is Lord! * new: stever@videovax.tv.Tek.com old: {decvax | hplabs | ihnp4 | uw-beaver}!tektronix!videovax!stever
mph@rover.UUCP (Mark Huth) (01/14/88)
In article <4782@videovax.Tek.COM[ stever@videovax.Tek.COM (Steven E. Rice, P.E.) writes:
[
[Larry responded:
[
[> I was thinking about this (because of mail I got on the subject) and
[> decided that the security checker should also be the entire I/O chip, with
[
[I'm sorry, but that is hardly consistent with the world we live in! If I
[can get at the internals of the machine *at all*, I can determine what is
[going on and fudge a way around it! If nothing else, I can insert a bit
[of hardware in the path to the dongle port that causes an exception when
[an access attempt is made. I can then handle the exception and drop into
[a debugger, with a very good idea of what the program expects to do with
[the dongle data.
[
[Or, I can hook up a logic analyzer to the bus [Tektronix makes them, if
[you're in the market 8^) ] and analyze the instruction stream associated
[with various port accesses. Once I have built up a picture of what is
[going on, I can build substitute hardware and software that couldn't give
[a fig about whether I dongle or don't. . .
[
Well, then, how about if the hardware protection is on the uP chip -
say a DES encoder/decoder (modified, of course, so NSA can't read our
programs) which translates the bus accesses into encrypted giberish.
Go ahead, get out your analyzers. Everything on the bus is encrypted.
This works, but is very inconvenient. Let's say your uP chip gets
fried by the neighbors RADAR maser. Now you have to get the software
vendor to supply you with new copies of the encrypted software. Of
course the software vedor doesn't believe that your uP got fried, so
he accuses you being a pirate.
To get around the previous problem, the keys would have to be
administered by, say, the chip vendor, who would supply the software
vendor with the key given the uP serial number. New keys could only
be given out given evidence of the death of the old uP chip.
Of course, vary sophisticated pirates with acce4ss to microprobe
equipment would simply remove the case from the uP chip and probe its
internal buses to decipher the software, or perhaps simply steal the
key from the chip and decrypt the code externally. Of course, by now
the pirates have a couple of hundred thousand dollars invested in
equipment - probably easier to bribe the chip vendor.
Unfortunately, thieves exist. Locks only increase the required
sophistication of the thieves.
Mark Huth
farren@gethen.UUCP (Michael J. Farren) (01/14/88)
In article <8801110748.AA08867@ucscb.UCSC.EDU> lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU writes: > And I like the idea of dongles better than the idea of having software >companies spending money to try to protect software, and it all being for >naught... How about the idea of not spending money to protect software AND not having dongles either? Copy protection, whether hardware or software, is an idea doomed to failure - there is NO scheme so airtight that anyone sufficiently dedicated to defeating it cannot, short of distributing software only as monolithic IC's with the processor and the ROM on the same chip (and I don't doubt that some enterprising person could even defeat THAT if they chose). Let's agree to disagree, eh? This argument is taking up a LOT of space, to no particular avail. -- Michael J. Farren | "INVESTIGATE your point of view, don't just {ucbvax, uunet, hoptoad}! | dogmatize it! Reflect on it and re-evaluate unisoft!gethen!farren | it. You may want to change your mind someday." gethen!farren@lll-winken.llnl.gov ----- Tom Reingold, from alt.flame
charles@hpcvca.HP (Charles Brown) (01/15/88)
> First, every computer would be shipped with a "personal dongle" (Actually, > probably would be shipped with two, just to be safe...). This "dongle" > is a chip on a simple mount with a pass-through so you could plug another > dongle on to the end. The chip on the dongle would recieve power from the > computer, and whenever it was accessed it would a) tell the computer the > serial number of the computer (person?) it came from, and b) access any > dongle(s) after it, passing this information on through as well. This is > plugged into a special dongle port on the side of the computer (maybe a > depression on the side, with a door you can close if there's only one dongle > plugged in...) > larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET I am not a pirate, and I would not buy such a machine. This "feature" is of NO benefit to me as a user, and may reduce the reliability of the computer. Furthermore, if a problem does appear, it is much harder to isolate it. Currently, if I have a problem with a disk, I can visit a friend with another Amiga and try the problem disk on his computer. If the disk is faulty, he will have the same difficulty that I do. If my drives are faulty, (or some other component) then his system should show no problem. With your dongle protection, this method of debug becomes virtually unusable. Effectively, each computer becomes unique. No thanks. Charles Brown hplabs!hp-pcd!charles
lupin3@ucscb.UCSC.EDU.UUCP (01/16/88)
Look peoples, there have been a lot of complaints as to how this is taking up lots and lots of space on comp.sys.amiga. So, why not take it to private mail? Just mail me with your suggestions etc. (I put this in a message before, but _apparently_ no one wanted to wade through the other 170 lines just to read that part....) When we come to some sort of final decision, I'll repost the idea, in that current form. By the way, those who didn't read my message missed out on a _theory_ of mine. Basically, someone said that there would never be a copy protection that would be unbreakable, providing that the pirate has the proper resources. My theory is, all we need is a copy protection system that is beyond the resources of any one person (or small group of people) to break. Something like the encrypted bus the previous gentleman was speaking about, combined with a few other things... that we don't _need_ it to be unbreakable. All
cjp@antique.UUCP (Charles Poirier) (01/18/88)
In article <578@gethen.UUCP> farren@gethen.UUCP (Michael J. Farren) writes: >In article <8801110748.AA08867@ucscb.UCSC.EDU> lupin3%ucscb.UCSC.EDU@ucscc.UCSC.EDU writes: > >.... Copy protection, whether hardware or software, >is an idea doomed to failure - there is NO scheme so airtight that >anyone sufficiently dedicated to defeating it cannot, ... There is no front door lock, however strong, that can prevent any burglar sufficiently dedicated to breaking into your home from doing so. <sarcasm on> So we should all stop spending good money on locks. This saves us the bother of unlocking the door every time we want in. Personally, I'm insulted that my neighbors continue to lock their doors. They're treating me like a criminal. Me, I like people to come by my place, even when I'm not around. Come on over. If you see something of mine you like and leave with it, well that's all right. It's a compliment to my good taste. I'm sure you're so poor that I never could have sold it to you anyway. This semiannual CP counterflame has been brought to you by -- -- Charles Poirier (decvax,ihnp4,attmail)!vax135!cjp "Docking complete... Docking complete... Docking complete..."