Categories

How if the hacker patch the Dongle DLL and get the arithmetic result or arithmetic?

You are here:
< All Topics

Symptom: How if the hacker patch the Dongle DLL and get the arithmetic result or arithmetic?

Questions: I have some question regarding the secure dongle user algorithm zone. If I write the arithmetic to the dongle, then my DLL have to verify the result return from the dongle, to verify the result I have to hardcode the result to compare or add in the arithmetic in the DLL to get the same result to verify. How if the hacker patch the DLL and get the arithmetic result or arithmetic? Do you have any practical example to implement the user algorithm zone?

Answer:

You can use COM or control library which give higher security compare to dynamic library. So if hacker change the library, your application also cannot be run. You can refer the sample inside the SDK.

For COM library, the library need to register before can use it. You can make the installer to register it.
For testing:
32 bit library :
copy 32 bit library to Windows\System32 folder (32 bit OS)
copy 32 bit library to Windows\SysWOW64 folder (64 bit OS)
copy 64 bit library to Windows\System32 folder (64 bit OS)
Open command prompt with administrator privillege, go to the path that you paste the library, and type “regsvr32 SecureDongleCom.dll”, this will register the library to the system.

For Control Library, the everytime you change your .NET framework, the library also need to change, so it will be more messy and you need to recompile if you will need to change .NET framework for future. This library no need register like COM library, you just need to add the reference directly to your project.

For User Algorithm Zone, the perfect way is you pass the algorithm into the dongle to perform the calculation, so the output will direct show into your program.
If only compare the result, it will not that secure. However, there are limitation for the UAZ, which are the result cannot be negative, and also result cannot more than 2 bytes(65535).

Here I give an example, let say your program want to calculate how many vehicle in the parking lot. 
Assume Motorcycle is A, car is B, bicycle is C.
So total of vehicle = A + B + C
You can write the algorithm D=A+B, D=D+C, and the result will no need compare by your program.
Let say hacker change your dongle, or bypass your dongle, if they don’t know the algorithm, then the result in your program will be incorrect, so even user can run your program, the result also incorrect.

Previous How does a protected app know that the dongle is the right dongle after sending SD_CALC1/SD_CALC2/SD_CALC3 to it?
Next How many of the calculation portions of the main software can be transferred to the key?
Table of Contents
Scroll to Top