Dongle Protection

[ayozzhero]

To combat software piracy, I've decided to try dongle protection. I've bought the trial kit and found out no source code given but the API.

Using API is ok, but what comes to my mind is... the API can be easily replaced by a fake API. For example, let's say the API is called dongle.dll. And there is a function in the dll called ScanDongle() which returns 0 for dongle not present and 1 for dongle present.

I think, it won't be difficult for a programmer to code a fake dll with the same function name and return and integer value of 1 when the function is called. Hence, the dongle will be no longer needed. (I haven't tried it yet, but I think it is implementable)

Will it be harder to crack if I have the source code myself and include it in the EXE file instead of a dll? or dongle protection is only a marketing gimmick?

If you have any idea or opinion, you're most welcome to contribute to combat piracy.

 

[kulrom]

Combat piracy? It sounds pretty optimistic if i may. Namely, since even the biggest companies don't have anything in place to do about piracy, i doubt that anyone would have the same. Also, you may consider the movie, music, and game industries. They invest $$$ in protection of their products but, as you know they are always beaten by hackers (crackers) ... it's only matter of time.

However, i think that most effective thing against software or any other kind of piracy is Low Prices as people copy software because they can't afford it.
If prices were lower, more people would go for the original. And even the best anti-piracy methods take less time to crack than they took to make - which should increase the price even more.

Regards

Note: for example let's consider MSSQL. Don't you think that MSSQL is above all overrated (overvalued) for its purpose. Is it normal for one company to spend $20.000 if the same is not Payable but only to say that they posses the best backend out?
Ask, techGnome how much he paid for it or how it was obtained?

 

[ayozzhero]

Well I do agree with you. But here you can have a pirated software for less that USD3.00. Of course, no company can afford to sell their software nearly as low as that...

Currently I am using serial number... well can't even say that it is a protection.

I am moving to dongle because it is cheap. At least, users have to buy 2 or more license if they want to use the app on more than 1 pc. However, in the long run, I think the dongle dll can be easily faked. I contacted the dealer asking the same question and they never replied...

[sigh...]

 

[kulrom]

Maybe this sounds stupid on first sight but i wish you with all my heart to live as long to see cracked CD/DVD or whatever else with your application inside. I hope you got me.
Actually, i think we are Unnecessary worried about our software sometimes. Namely, "crackers" hack with a purpose with other words they consider only apps that are wide spreaded and not stuffs like our ones.

Long live the king ... ooooo yeah
just kidding

Regards

 

[ayozzhero]

haha... I knew that well to. Worried? Yes... a bit. but the more important thing for me is to learn the ways. It is just like playing Solitaire where you don't actually have an opponent. You win when you've completed a kinda requirement... and here is the fun

I can't do much of reverse engineering since I do not understand assembly... too late to learn though. The dealer replied me today, keep stressing on the high security and encryption of their new products. Yet, my concern is... we can always bypass all that high security by replacing the dll file with a fake one... ain't I rite?

Anyway, thanks for your reply.... and please do not smoke too much. All of us here need you for as long as you can be

P/s: I never used MSSQL... it is too expensive. I've been using MySQL for 2 years, and everything seems ok. Customers are happy too.

 

[ayman metwally]

Not sure if this violates forum rules (to reply to an old thread)!
For Moderators: feel free to delete my reply if so.

I was searching for topics about dongles and found this one. I find ayozzhero's concern regarding the "fake API" is quite valid! and I was wondering what is your experience about this issue now?

Thanks

 

[shadow1992]

Well my opinion about security is that you will have to engage with reverse engineering so you will be able to understand the techniques that used for cracking a software or even detect a trojan .... you will have to be always a step in front of others so your applications remain uncracked (at least your new editions)!!!